IE自动关闭找不出症状，什么软件也查不出来毒。。

显示全部楼层 · 发表于 2008-1-1 00:39:49

晕死。。之前中了一堆毒，都已经全部清完了。

可是现在却出问题，症状非常似是木马，却用什么软件也查不出。用AVG、卡巴、360、金山、QQ医生，全都试过，也在安全模式试过，都查不到有毒或木马。

症状如下：

1.IE老自动关闭，浏览的时候，常常无缘无故自动关闭，看在线电影、电视时特别严重，看一小时的电视，最少也要自动关闭个五次以上，如果单单浏览还比较好，久久才自动关闭一次。

2.QQ超严重，我有两个QQ，密码都是一样的，但有一个密码无缘无故说不对，还好申请了密码保护，用手机改好了密码，结果还是提示密码不对，但却能够到腾迅的网站登录。而另一个，可以登录，却每次登录的时候，都提示我“异常登录”，要我填验证码。是每一次哦。

综合以上两点，是不是都是中招的症状，但奇怪的是无论我用什么软件都查不出问题。。。

谁能够回答我，究竟是什么回事。。。。自动

[ 本帖最后由柠柠儿于 2008-1-7 16:52 编辑 ]

显示全部楼层 · 发表于 2008-1-1 01:46:41

1.先修复ie，如果不行，到正常的机子复制iexplorer.exe到你的电脑覆盖。
再不行的话，重装ie。
2.QQ这个不是很清楚，尝试换版本试试。
为了安全，楼主可以使用sreng扫份报告附件上传

显示全部楼层 · 发表于 2008-1-1 01:50:15

你可以尝试修复IE，或者把IE升个级。

QQ的话，可能是某些插件导致的。具体QQ软件问题还是打客服询问。

显示全部楼层 · 发表于 2008-1-2 08:38:36

我要晕死了！！！
IE 修复过，现在也已经升级到7.0了。但还是一样。
也用优化软件清理过电脑，连注册表也一起清理了。

还是没用，而且现在还越来越严重，自动关闭IE的频率越来越频繁。

像现在我单单是打开卡巴的网页，来写这一段话，IE就已经自动关闭了三次，还真担心没写完它又要关了。。。

请问还有没有什么软件可以帮到我？？？？
不会又只能重装WINDOWS吧。。。装得我烦死了。。老出问题。。。

显示全部楼层 · 发表于 2008-1-2 10:08:05

根据LZ对IE和QQ情况的描述,LZ的系统中仍有病毒存在,同时也存在流氓程序和恶意插件,并且肯定有QQ盗号木马,有人用LZ的QQ在其他地方登陆过.
建议:
1.把卡巴升级到最新的病毒库进行全面查杀病毒.杀毒用卡巴就够了,
2.推荐几款清理流氓的软件,最好多款软件交替使用:
恶意软件清理助手(首推)
360安全卫士
  瑞星卡卡上网安全助手
  金山系统清理专家
  也可用这几款软件修复IE.
3.用最新的QQKav查杀QQ病毒

以上几步请进入安全模式进行操作,耍完后,如果中毒太多,系统多半已是千疮百孔,建议运行SFC命令恢复系统原始文件.另外,不要单一用IE,可选用其他第三方浏览器.

[ 本帖最后由 hzw_1013 于 2008-1-2 10:15 编辑 ]

显示全部楼层 · 发表于 2008-1-2 11:16:47

用小红伞吧小红伞对病毒很敏感

显示全部楼层 · 发表于 2008-1-2 11:55:32

或者楼主使用sreng扫份报告上传

显示全部楼层 · 发表于 2008-1-3 18:49:46

我要发疯了！！！我在网上搜索到一切有关这个情况的种种方法，全都做过了，都没用。
只好将C盘及D盘全都格式化再重装系统滴。。。
但还是没用。。才装好，所有杀毒软件也装好了，就上线，一打开IE，它就立即给我关闭了。。。情况还是没改善。。。
我扫了份报告出来，其他有显示几个错误，用sreng也显示修复不了。。。为什么会有错误呀。。我才重装系统耶。。。
报告的我也不会看。。。请大家帮我看一下有什么问题。。。

晕。。报告太长。。不能发。。我分两楼贴出来，请大家帮忙一下。。谢谢。。

[CODE]
2008-01-03,06:10:58
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
<AVP><"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe">  [(Verified)Kaspersky Lab]
<360Safetray><D:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
<Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
<!AVG Anti-Spyware><"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized>  [GRISOFT s.r.o.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[卡巴斯基互联网安全套装 7.0 / AVP][Running/Auto Start]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ShopAssistant2 database / ShopAssistant2 database][Running/Auto Start]
  <"d:\Program Files\ShopEx\ShopAssistant2\server\mysql\bin\mysqld" "--defaults-file=d:\Program Files\ShopEx\ShopAssistant2\server\mysql\my.ini" "ShopAssistant2 database"><N/A>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Web 反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[SnagIt Toolbar Loader]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer3.0.41.65.352.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360safe.com>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Thunder DapCtrl]
  {EF1EA76E-5428-4e40-85A1-D4DD2893183A} <D:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapCtrl1.2.13.16.352.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[使用WEB迅雷下载]
  <D:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
  <D:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到反广告条]
  <D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A>
==================================
正在运行的进程
[PID: 680 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 844 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1200 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1248 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1332 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1572 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1004 / SYSTEM][d:\Program Files\ShopEx\ShopAssistant2\server\mysql\bin\mysqld.exe]  [N/A, ]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]

显示全部楼层 · 发表于 2008-1-3 18:50:18

[PID: 2408 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / AEAC][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 52]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll]  [TechSmith 公司, 8.2.3.14]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 2232 / AEAC][D:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 6, 4, 3003]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
[D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
[D:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1021]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 2168 / AEAC][D:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 11, 2, 200]
[D:\Program Files\Thunder Network\WebThunder\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Thunder Network\WebThunder\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 0, 52]
[D:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 20, 2, 201]
[D:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
[D:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 20, 2, 201]
[D:\Program Files\Thunder Network\WebThunder\streammedialib.dll]  [, 1, 3, 2, 103]
[D:\Program Files\Thunder Network\WebThunder\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 11]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
[D:\Program Files\Thunder Network\WebThunder\CacheServer.dll]  [, 1, 0, 0, 1]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Thunder Network\WebThunder\XLSafe\SafeInfo.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 1, 0]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Thunder Network\WebThunder\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 3, 2, 16]
[D:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll]  [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 3, 21]
[D:\Program Files\Thunder Network\WebThunder\XLStatistic\XLStatisticAddin.dll]  [深圳市迅雷网络技术有限公司, 1, 3, 0, 4]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
[PID: 3748 / AEAC][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe]  [GRISOFT s.r.o., 7, 5, 1, 43]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 3796 / AEAC][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 3124 / AEAC][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 11, 18, 1]
[C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2005, 9, 1, 1]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\SETUPP~1.DLL]  [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 8, 18, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 8, 11, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 8, 16, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2005, 12, 22, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2005, 10, 9, 14]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 1, 9, 10]
[C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
[C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 4, 19, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2005, 12, 20, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2005, 9, 13, 9]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
[PID: 3548 / AEAC][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 2596 / AEAC][C:\DOCUME~1\AEAC\LOCALS~1\Temp\Rar$EX00.671\RogueCleaner.exe]  [Tommsoft.com, 2.7.7.15]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[C:\DOCUME~1\AEAC\LOCALS~1\Temp\Rar$EX00.671\RsClean.dll]  [tommsoft.com, 1.5.0.5]
[C:\DOCUME~1\AEAC\LOCALS~1\Temp\Rar$EX00.671\rsdubsearch.dll]  [tommsoft.com, 1.1.5.8]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
[d:\program files\kaspersky lab\kaspersky internet security 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 2916 / AEAC][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1648 / AEAC][C:\DOCUME~1\AEAC\LOCALS~1\Temp\Rar$EX00.797\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[C:\DOCUME~1\AEAC\LOCALS~1\Temp\Rar$EX00.797\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [Kaspersky Lab, 7.0.0.125]
[D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1004, D:\PROGRAM FILES\SHOPEX\SHOPASSISTANT2\SERVER\MYSQL\BIN\MYSQLD.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2232, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2232, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3748, D:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\CRAVGAS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3124, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3548, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2596, C:\DOCUME~1\AEAC\LOCALS~1\TEMP\RAR$EX00.671\ROGUECLEANER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2596, C:\DOCUME~1\AEAC\LOCALS~1\TEMP\RAR$EX00.671\ROGUECLEANER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2916, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================

[/CODE]

显示全部楼层 · 发表于 2008-1-3 19:41:27

1.建议使用XDelBox删除以下文件：(XDelBox1.3下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\rundll32.exe c:\windows\system32\mscories.dll,install
c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msmsgs.inf,blc.quietinstall.peruser
rundll32.exe advpack.dll,launchinfsection c:\windows\inf\wmp.inf,peruserstub
rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msnetmtg.inf,netmtg.install.peruser.nt
c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
"c:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
c:\progra~1\common~1\micros~1\ime12\imesc\imscmig.exe /install
c:\docume~1\aeac\locals~1\temp\rar$ex00.671\roguecleaner.exe

2.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[N/A] <C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>
[PHIME2002A] <C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[Windows Messenger 4.7] <rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>
[Microsoft Windows Media Player] <rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>
[NetMeeting 3.01] <rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>
[PHIME2002ASync] <C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[IMJPMIG8.1] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[Microsoft Pinyin IME Migration] <C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>

**************以上分析报告由SREngLog分析助手提供******************
分析：etly
时间：2008-1-3
SREngLog分析助手 1.3 (20070808 更新 BY 草莽书生)

[已解决] IE自动关闭找不出症状，什么软件也查不出来毒。。

回复 1楼柠柠儿的帖子

评分

回楼主

[已解决] IE自动关闭找不出症状，什么软件也查不出来毒。。

回复 1楼 柠柠儿 的帖子

评分

回楼主

回复 1楼柠柠儿的帖子