瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 不怕进毒巢的来,SRE日志,每次卡巴都能扫到5个以上的木马

1   1  /  1  页   跳转

不怕进毒巢的来,SRE日志,每次卡巴都能扫到5个以上的木马

收藏
fairyfox
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2005-10-26
  • 来自:
发表于: 2007-03-16 06:35 | 显示全部 短消息 资料
字号: 1楼

不怕进毒巢的来,SRE日志,每次卡巴都能扫到5个以上的木马

[CODE]

2007-03-16,06:19:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BPS Spyware Remover><d:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe>  [BulletProofSoft.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <kis><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <ezShieldProtector for Px><C:\WINDOWS\system32\ezSP_Px.exe>  [Easy Systems Japan Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RegMon32]
    <WinlogonNotify: RegMon32><cryptchr.dll>  [Microsoft Corporation]

==================================
启动文件夹
[快捷方式 到 dhcp]
  <C:\Documents and Settings\极地苍狼\「开始」菜单\程序\启动\快捷方式 到 dhcp.lnk --> C:\dhcp.bat [N/A]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Diskeeper / Diskeeper][Stopped/Disabled]
  <"D:\Program Files\Executive Software\Diskeeper\DkService.exe"><Executive Software International, Inc.>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[TabletService / TabletService][Running/Auto Start]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[000055d5 / 000055d5][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\000055d5.SYS><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Alps Pointing-device Filter Driver / ApfiltrService][Stopped/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[gwiopm / gwiopm][Stopped/Manual Start]
  <\??\D:\wom\gwiopm.sys><N/A>
[hidproc / hidproc][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hidproc.sys><N/A>
[hpdg / hpdgq][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpdgq.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pciSd / pciSd][Stopped/Manual Start]
  <System32\DRIVERS\tossdpci.sys><TOSHIBA>
[Pen Class / PenClass][Running/Boot Start]
  <\SystemRoot\system32\Drivers\Penclass.sys><Wacom Technology Corporation>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <System32\DRIVERS\smcirda.sys><SMC>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start]
  <System32\DRIVERS\LTSM.sys><LT>
[TOSHIBA SD Card Host Controller Driver / tsdhd][Running/Manual Start]
  <System32\DRIVERS\tsdhd.sys><TOSHIBA Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Toshiba ACPI-Based Value Added Logical Device Driver / TVALD][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\TVALD.SYS><Toshiba Corporation>
[Toshiba Value Added Logical and General Purpose Device Driver / TVALG][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\TVALG.SYS><TOSHIBA Corporation>
[VCD VNC Virtual Network Adapter / vcddev][Stopped/Manual Start]
  <system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[YAMAHA AC-XG Audio Device / WDM_YAMAHAAC97][Running/Manual Start]
  <system32\drivers\yacxgc.sys><YAMAHA CORPORATION>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[PC Camera CAMCAN / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[Profos / Profos][Stopped/Manual Start]
  <\??\C:\PROGRA~1\Softwin\BITDEF~1\profos.sys><N/A>
最后编辑2007-03-16 06:27:09
分享到:
gototop
 
fairyfox
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2005-10-26
  • 来自:
发表于: 2007-03-16 06:35 | 显示全部 短消息 资料
字号: 2楼


==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, >
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CMBSafeHelper Class]
  {26BCA338-BB94-4E8F-A082-3E5735875B79} <C:\WINDOWS\system32\CMBGUARD.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, >

==================================
正在运行的进程
[PID: 612][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cryptchr.dll]  [Microsoft Corporation, 0.0.0.4]
    [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1780][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\okbcav78.dll]  [N/A, ]
    [C:\WINDOWS\system32\iaacs.dll]  [N/A, ]
    [C:\WINDOWS\system32\vakrsf20.dll]  [Microsoft Corporation, 1, 1, 1, 1031]
    [C:\WINDOWS\system32\ezvx_i.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
    [C:\WINDOWS\system32\qsxiii59.dll]  [, 1, 1, 1, 1003]
    [C:\WINDOWS\system32\zxfpga21.dll]  [, 1, 1, 1, 1002]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 2028][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
[PID: 164][C:\WINDOWS\system32\ezSP_Px.exe]  [Easy Systems Japan Ltd., 1, 0, 0, 0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
[PID: 224][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
[PID: 296][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
[PID: 3632][C:\Documents and Settings\极地苍狼\桌面\sre\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\zxfpga21.dll]  [, 1, 1, 1, 1002]
    [C:\WINDOWS\system32\qsxiii59.dll]  [, 1, 1, 1, 1003]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.75-9]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF807FB25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF807FD67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF807FF0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF807FC49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF807FE8F)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
fairyfox
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2005-10-26
  • 来自:
发表于: 2007-03-16 06:36 | 显示全部 短消息 资料
字号: 3楼

我的本本现在已经接近崩溃边缘,谁能来救救无辜的本本。
杀读软件均能查出很多木马,但是删完还有,全盘扫描也无济于事。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT