收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 请帮忙看一下这个病毒该怎么解决?
返回列表 发新帖
查看: 2533|回复: 7
收起左侧

[已解决] 请帮忙看一下这个病毒该怎么解决?

[复制链接]
玉龙雪山
发表于 2007-3-9 18:19:27 | 显示全部楼层 |阅读模式
最近每次开电脑卡吧都会弹出一个病毒框:
正在运行的进程 C:\Program Files\internet explorer\IEXPLORE.EXE: 探测到 风险软件 'Hidden object'. 的修改
在安全模式下用卡巴杀了但是没有杀到什么.用其他杀木马的也没杀到什么木马.不知道是什么情况,上网查了一下说是病毒,可没有简单直接的解决办法啊!各位帮忙下啊.多谢了!(有时在关机时或运行某个程序时就突然蓝屏了)
解决方法在下面我的回贴里!

[ 本帖最后由 玉龙雪山 于 2007-3-12 11:03 编辑 ]
回复

举报

wangjay1980
发表于 2007-3-10 11:31:12 | 显示全部楼层
扫个报告
回复

举报

风雪
发表于 2007-3-10 16:53:19 | 显示全部楼层
http://bbs.kafan.cn/viewthread.php?tid=60108&extra=page%3D1
System Repair Engineer 发日志上来。
回复

举报

玉龙雪山
 楼主| 发表于 2007-3-11 13:26:28 | 显示全部楼层
下面是我扫的HijackThis和SREng报告,麻烦再帮我看一下!谢了!
HijackThis报告:
Logfile of HijackThis v1.99.1
Scan saved at 13:24:20, on 2007-3-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\KasperskyKAV6.0\avp.exe
D:\KasperskyKAV6.0\avp.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
D:\腾讯QQ\QQ\QQ.exe
D:\遨游\Maxthon.exe
D:\日志分析\SREng.EXE
D:\日志分析\HijackThis.exe

O2 - BHO: ThunderBHO - {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60} - D:\迅雷\Thunder\ComDlls\XunLeiBHO_007.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BT\BitComet_0.77\tools\BitCometBHO.dll
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: &使用BitComet下载 - res://D:\BT\BitComet_0.77\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://D:\BT\BitComet_0.77\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://D:\BT\BitComet_0.77\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\迅雷\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\迅雷\Thunder\Program\getallurl.htm
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\KasperskyKAV6.0\scieplugin.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ\QQ.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wind ... e.cab?1122615652421
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - D:\木马专杀\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Kaspersky Lab - D:\KasperskyKAV6.0\avp.exe
O23 - Service: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe
回复

举报

玉龙雪山
 楼主| 发表于 2007-3-11 13:27:22 | 显示全部楼层
SREng报告:


  3. 2007-03-11,13:23:23

  5. System Repair Engineer 2.3.13.690
  6. Smallfrogs (http://www.KZTechs.com)

  8. Windows XP Home Edition Service Pack 2 (Build 2600)
  9. - 管理权限用户 - 完整功能

  11. 以下内容被选中:
  12.     所有的启动项目(包括注册表、启动文件夹、服务等)
  13.     浏览器加载项
  14.     正在运行的进程(包括进程模块信息)
  15.     文件关联
  16.     Winsock 提供者
  17.     Autorun.inf
  18.     HOSTS 文件


  21. 启动项目
  22. 注册表
  23. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  24.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
  25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  26.     <IgfxTray><; C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
  27.     <HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
  28.     <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
  29.     <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
  30.     <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
  31.     <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
  32.     <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
  33. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  34.     <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
  35.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
  36.     <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  38.     <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><>  [N/A]
  39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  40.     <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  42.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

  44. ==================================
  45. 启动文件夹
  46. [河南网通宽带用户客户端]
  47.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk --> C:\PROGRA~1\RACER-~1\racer.exe [Putian Runway]><H>

  49. ==================================
  50. 服务
  51. [Application Management / AppMgmt][Stopped/Manual Start]
  52.   <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
  53. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Manual Start]
  54.   <D:\木马专杀\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
  55. [卡巴斯基反病毒6.0 / AVP][Running/Manual Start]
  56.   <D:\KasperskyKAV6.0\avp.exe -r><Kaspersky Lab>
  57. [ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Stopped/Disabled]
  58.   <><N/A>
  59. [Human Interface Device Access / HidServ][Stopped/Disabled]
  60.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  61. [Network Management Center Task / W32Tasks][Stopped/Auto Start]
  62.   <C:\WINDOWS\system32\taskman32.exe><N/A>

  64. ==================================
  65. 驱动程序
  66. [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  67.   <system32\drivers\ALCXSENS.SYS><Sensaura>
  68. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  69.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
  70. [AntiyFirewall / AntiyFirewall][Running/Auto Start]
  71.   <system32\drivers\AntiyFW.sys><N/A>
  72. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  73.   <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  74. [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  75.   <System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
  76. [ialm / ialm][Running/Manual Start]
  77.   <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
  78. [kl1 / kl1][Running/Boot Start]
  79.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  80. [klif / klif][Running/System Start]
  81.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  82. [NetGroup Packet Filter Driver / NPF][Running/Auto Start]
  83.   <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
  84. [npkcrypt / npkcrypt][Running/Auto Start]
  85.   <\??\D:\腾讯QQ\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  86. [npkycryp / npkycryp][Stopped/Manual Start]
  87.   <\??\D:\腾讯QQ\QQ\npkycryp.sys><N/A>
  88. [OMCI / OMCI][Running/System Start]
  89.   <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
  90. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  91.   <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  92. [Secdrv / Secdrv][Stopped/Manual Start]
  93.   <System32\DRIVERS\secdrv.sys><N/A>
  94. [SKNFW / SKNFW][Running/System Start]
  95.   <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
  96. [SkyProcs / SkyProcs][Running/Manual Start]
  97.   <\??\D:\天网\FireWall\SkyProcs.sys><N/A>
  98. [SmartAVS / SmartAVS][Stopped/Manual Start]
  99.   <\??\C:\WINDOWS\system32\drivers\SmartAVS.sys><All-In-Smart [CWJ]>
  100. [Spy Emergency Driver / SpyEmrg][Stopped/System Start]
  101.   <System32\Drivers\spyemrg.sys><N/A>
  102. [TCP/IP Protocol Driver / Tcpip][Running/System Start]
  103.   <System32\DRIVERS\tcpip.sys><Microsoft Corporation>
  104. [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  105.   <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  106. [XScanPF / XScanPF][Stopped/Manual Start]
  107.   <\??\D:\绿色小工具\扫描电脑漏洞工具\X-Scan-v3.3\dat\xpf.sys><N/A>
  108. [Webeye USB PC Camera / ZSMC301b][Stopped/Manual Start]
  109.   <System32\Drivers\usbVM31b.sys><VM>
  110. [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  111.   <system32\drivers\ialmsbw.sys><Intel Corporation>
  112. [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  113.   <system32\drivers\ialmkchw.sys><Intel Corporation>

  115. ==================================
  116. 浏览器加载项
  117. [Thunder Browser Helper]
  118.   {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60} <D:\迅雷\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
  119. [BitComet Helper]
  120.   {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BT\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
  121. [Web反病毒保护]
  122.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\KasperskyKAV6.0\scieplugin.dll, Kaspersky Lab>
  123. [QQ]
  124.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\腾讯QQ\QQ\QQ.EXE, TENCENT>
  125. [WUWebControl Class]
  126.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
  127. [Shockwave Flash Object]
  128.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  129. [ActiveMovieControl Object]
  130.   {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  131. [Windows Genuine Advantage Validation Tool]
  132.   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
  133. [Windows Media Player]
  134.   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  135. [HTML Document]
  136.   {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
  137. [DHTML Edit Control Safe for Scripting for IE5]
  138.   {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
  139. [Thunder Browser Helper]
  140.   {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60} <D:\迅雷\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
  141. [BitComet Helper]
  142.   {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BT\BitComet_0.77\tools\BitCometBHO.dll, BitComet>
  143. [Shell Name Space]
  144.   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
  145. [WUWebControl Class]
  146.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
  147. [Windows Media Player]
  148.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  149. [Microsoft Web 浏览器]
  150.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
  151. [Thunder Browser Helper]
  152.   {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
  153. [WebVGPlayer Class]
  154.   {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\PROGRA~1\VIEWGOOD\WEBPLA~1\VGPlayer.dll, >
  155. [SearchAssistantOC]
  156.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
  157. [RDS.DataSpace]
  158.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  159. [AUDIO__MID Moniker Class]
  160.   {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  161. [AUDIO__MP3 Moniker Class]
  162.   {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  163. [RealPlayer G2 Control]
  164.   {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
  165. [Shockwave Flash Object]
  166.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  167. [IERPCtl Class]
  168.   {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <D:\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
  169. [&使用BitComet下载]
  170.   <res://D:\BT\BitComet_0.77\BitComet.exe/AddLink.htm, N/A>
  171. [&使用BitComet下载全部链接]
  172.   <res://D:\BT\BitComet_0.77\BitComet.exe/AddAllLink.htm, N/A>
  173. [&使用BitComet下载本页视频]
  174.   <res://D:\BT\BitComet_0.77\BitComet.exe/AddVideo.htm, N/A>
  175. [使用迅雷下载]
  176.   <D:\迅雷\Thunder\Program\geturl.htm, N/A>
  177. [使用迅雷下载全部链接]
  178.   <D:\迅雷\Thunder\Program\getallurl.htm, N/A>

  180. ==================================
  181. 正在运行的进程
  182. [PID: 568][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  183. [PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  184. [PID: 684][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  185.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  186. [PID: 736][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  187. [PID: 748][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  188. [PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  189. [PID: 976][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  190. [PID: 1068][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  191. [PID: 1112][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  192. [PID: 1248][C:\WINDOWS\System32\imapi.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  193. [PID: 1636][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  194.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
  195.     [D:\KasperskyKAV6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  196.     [D:\BT\BitComet_0.77\tools\BitCometBHO.dll]  [BitComet, 20061116]
  197.     [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
  198.     [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
  199.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
  200.     [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
  201.     [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
  202.     [D:\迅雷\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
  203.     [D:\木马专杀\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
  204.     [D:\KasperskyKAV6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  205.     [D:\KasperskyKAV6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  206. [PID: 1856][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  207. [PID: 224][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.29]
  208. [PID: 244][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  209. [PID: 892][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  210. [PID: 1740][C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]  [Microsoft Corporation, 11.0.5525]
  211. [PID: 1988][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
  212. [PID: 560][C:\Program Files\racer-henan-cnc\racer.exe]  [Putian Runway, 2, 0, 49, 90]
  213.     [C:\Program Files\racer-henan-cnc\rwxre.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  214.     [C:\Program Files\racer-henan-cnc\nspr4.dll]  [Netscape Communications Corporation, 4.5 Beta]
  215.     [C:\Program Files\racer-henan-cnc\xpcom.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  216.     [C:\Program Files\racer-henan-cnc\nss3.dll]  [Netscape Communications Corporation, 3.9.1]
  217.     [C:\Program Files\racer-henan-cnc\softokn3.dll]  [Netscape Communications Corporation, 3.9.1]
  218.     [C:\Program Files\racer-henan-cnc\gkgfx.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  219.     [C:\Program Files\racer-henan-cnc\js3250.dll]  [Netscape Communications Corporation, 4.0]
  220.     [C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll]  [Putian Runway, 2,0,47,87]
  221.     [C:\Program Files\racer-henan-cnc\xpcom_compat.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  222.     [C:\Program Files\racer-henan-cnc\racer_base.dll]  [Putian Runway, 2,0,47,87]
  223.     [C:\Program Files\racer-henan-cnc\components\pipnss.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  224.     [C:\Program Files\racer-henan-cnc\components\gklayout.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  225.     [C:\Program Files\racer-henan-cnc\components\jar50.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  226.     [C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll]  [Mozilla Foundation, 1.7.3: 2005040616]
  227.     [C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll]  [Putian Runway, 2,0,47,87]
  228.     [C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll]  [Putian Runway, 2,0,47,87]
  229.     [C:\Program Files\racer-henan-cnc\dhcpplus.dll]  [北京润汇科技有限公司, 0, 12, 20, 44]
  230.     [C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll]  [Putian Runway, 2,0,47,87]
  231.     [C:\Program Files\racer-henan-cnc\nss4.dll]  [北京普天润汇科技有限公司, 1, 0, 0, 3]
  232.     [C:\Program Files\racer-henan-cnc\wpcap.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 24]
  233.     [C:\Program Files\racer-henan-cnc\packet.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 24]
  234.     [C:\Program Files\racer-henan-cnc\WanPacket.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 24]
  235. [PID: 640][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  236. [PID: 1664][C:\Program Files\racer-henan-cnc\RacerKp.exe]  [北京润汇科技有限公司, 1, 0, 0, 1]
  237. [PID: 1012][D:\腾讯QQ\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
  238.     [D:\腾讯QQ\QQ\CoralAssist.DLL]  [Coral Team, 4.5.0 build 20060515]
  239.     [D:\腾讯QQ\QQ\CoralQQ.DLL]  [Coral Team, 4.5.4 Build 20061001]
  240.     [D:\腾讯QQ\QQ\ipsearcher.dll]  [, 1.0.0.3]
  241.     [D:\腾讯QQ\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
  242.     [D:\腾讯QQ\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
  243.     [D:\腾讯QQ\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
  244.     [D:\腾讯QQ\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
  245.     [D:\腾讯QQ\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
  246.     [D:\腾讯QQ\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
  247.     [D:\腾讯QQ\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
  248.     [D:\腾讯QQ\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
  249.     [D:\腾讯QQ\QQ\QQMainFrame.dll]  [N/A, N/A]
  250.     [D:\腾讯QQ\QQ\CQQApplication.dll]  [N/A, N/A]
  251.     [D:\腾讯QQ\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
  252.     [D:\腾讯QQ\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
  253.     [D:\腾讯QQ\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
  254.     [D:\腾讯QQ\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
  255.     [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
  256.     [D:\腾讯QQ\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
  257.     [D:\腾讯QQ\QQ\GroupLive.dll]  [N/A, N/A]
  258.     [D:\腾讯QQ\QQ\QQSysMsgMng.dll]  [N/A, N/A]
  259.     [D:\腾讯QQ\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
  260.     [D:\腾讯QQ\QQ\QQPlugin.dll]  [N/A, N/A]
  261.     [D:\腾讯QQ\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
  262.     [D:\腾讯QQ\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
  263.     [D:\腾讯QQ\QQ\QRingMng.dll]  [N/A, N/A]
  264.     [D:\腾讯QQ\QQ\QQAvatar.dll]  [N/A, N/A]
  265.     [D:\腾讯QQ\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
  266.     [D:\腾讯QQ\QQ\QQPet.dll]  [, 1, 0, 0, 1]
  267.     [D:\腾讯QQ\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
  268.     [D:\腾讯QQ\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
  269.     [D:\腾讯QQ\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
  270.     [D:\腾讯QQ\QQ\QQSceneMng.dll]  [N/A, N/A]
  271.     [D:\腾讯QQ\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 5, 50]
  272. [PID: 1576][D:\遨游\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 7, 82]
  273.     [D:\遨游\maxzlib.dll]  [ , 1, 0, 0, 2]
  274.     [D:\遨游\Plugin\FloatBar\FloatBar.dll]  [, 1, 8, 0, 0]
  275.     [D:\遨游\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
  276.     [D:\KasperskyKAV6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
  277.     [D:\KasperskyKAV6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
  278.     [D:\KasperskyKAV6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  279.     [D:\KasperskyKAV6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  280.     [D:\KasperskyKAV6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
  281.     [d:\kasperskykav6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
  282.     [d:\kasperskykav6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
  283.     [d:\kasperskykav6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
  284.     [d:\kasperskykav6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
  285.     [d:\kasperskykav6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
  286.     [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5091]
  287. [PID: 2056][D:\日志分析\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

  289. ==================================
  290. 文件关联
  291. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  292. .EXE  OK. ["%1" %*]
  293. .COM  OK. ["%1" %*]
  294. .PIF  OK. ["%1" %*]
  295. .REG  OK. [regedit.exe "%1"]
  296. .BAT  OK. ["%1" %*]
  297. .SCR  OK. ["%1" /S]
  298. .CHM  Error. ["hh.exe" %1]
  299. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  300. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  301. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  302. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  303. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  304. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  306. ==================================
  307. Winsock 提供者
  308. N/A

  310. ==================================
  311. Autorun.inf
  312. N/A

  314. ==================================
  315. HOSTS 文件
  316. N/A

  318. ==================================
  319. API HOOK
  320. 警告!System Repair Engineer 提醒
  321. 你下面的函数内容与预期值不符,他
  322. 们可能被一些恶意的软件所修改:
  323. RVA  错误: LoadLibraryA
  324. RVA  错误: LoadLibraryExA
  325. RVA  错误: LoadLibraryExW
  326. RVA  错误: LoadLibraryW

  328. ==================================


复制代码
回复

举报

wangjay1980
发表于 2007-3-11 13:59:22 | 显示全部楼层
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><>  [N/A]
这个启动项删除

[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Stopped/Disabled]
  <><N/A>
这个删除吧,有了AVG拉,估计是没卸载干净
[Network Management Center Task / W32Tasks][Stopped/Auto Start]
  <C:\WINDOWS\system32\taskman32.exe><N/A>
这个服务删除或设置为disabled的

[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\腾讯QQ\QQ\npkycryp.sys><N/A>

这些驱动删除或设置为disabled的

最后修复一下文件关联,用这个清理一下

arswp_1[1].6.0.rar

516.92 KB, 下载次数: 74
回复

举报

玉龙雪山
 楼主| 发表于 2007-3-12 11:03:00 | 显示全部楼层
谢谢wangjay1980 的热心解答,问题已经解决,我用版主提供的这个附件扫描了一下,检查出一个“未知木马”,然后同样用这个工具修复,昨天到现在我又重启了5遍机器,已经没有问题了!真的是太感谢了!

[ 本帖最后由 玉龙雪山 于 2007-3-12 11:05 编辑 ]
回复

举报

killer88
发表于 2007-3-18 23:44:33 | 显示全部楼层
值得学习!
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 21:34 , Processed in 0.130328 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表