风云小站 » 『 求助专区 』 » 电脑中木马.蓝屏,熊猫二代,怎么去啊,求助
本页主题: 电脑中木马.蓝屏,熊猫二代,怎么去啊,求助 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

帝释天
水只为博红颜笑
级别: 资深会员


精华: 0
发帖: 3587
威望: 1065 点
风云币: 3170 元
专家分: 0 分
论坛群: ☆黄鱼党☆
在线时间:212(小时)
注册时间:2007-03-09
最后登录:2008-04-23

 电脑中木马.蓝屏,熊猫二代,怎么去啊,求助

[CODE]

2004-05-05,23:00:16

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <t7xretkwqh><C:\DOCUME~1\Admin\LOCALS~1\Temp\1explore.exe>  []
    <rgd97b92kq993d><C:\DOCUME~1\Admin\LOCALS~1\Temp\c0nime.exe>  [N/A]
    <mg2y6l0hdd><C:\DOCUME~1\Admin\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
    <eijb><C:\DOCUME~1\Admin\LOCALS~1\Temp\crasos.exe>  [N/A]
    <2tsrvmqxyskr><C:\DOCUME~1\Admin\LOCALS~1\Temp\winlog0n.exe>  [N/A]
    <imkcfzhicvwqc><C:\DOCUME~1\Admin\LOCALS~1\Temp\cftmon.exe>  [N/A]
    <44jvfrcf6xth><C:\DOCUME~1\Admin\LOCALS~1\Temp\iexp10re.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TPSMain><TPSMain.exe>  [TOSHIBA Corporation]
    <nwizmhxy><C:\WINDOWS\system32\nwizmhxy.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <mppds><C:\WINDOWS\mppds.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><?粓?>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <?{754FB7D8-B8FE-4810-B363-A788CD060F1F}><>  [N/A]
    <?{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><>  [N/A]
    <?{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><>  [N/A]
    <?{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><>  [N/A]
    <?{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
    <WinlogonNotify: Sebring><c:\WINDOWS\System32\LgNotify.dll>  [Intel Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Stopped/Auto Start]
  <D:\安装程序\卡巴斯基\avp.exe -r><N/A>
[BitDefender Scan Server / BDSS][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[ConfigFree Service / CFSvcs][Running/Auto Start]
  <C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe><TOSHIBA CORPORATION>
[DVD-RAM_Service / DVD-RAM_Service][Stopped/Disabled]
  <C:\WINDOWS\System32\DVDRAMSV.exe><Matsushita Electric Industrial Co., Ltd.>
[Wireless Zero Con***uration / inetsvr][Stopped/Auto Start]
  <C:\WINDOWS\system32\5640.exe><Cutting Edge Custom Software>
[BitDefender Desktop Update Service / LIVESRV][Stopped/Disabled]
  <"C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service><SOFTWIN S.R.L.>
[McAfee McShield / McShield][Stopped/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe"><N/A>
[McAfee Task Manager / McTaskManager][Stopped/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe"><N/A>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[Virus Chaser Spider NT / spidernt][Stopped/Disabled]
  <D:\安装程序\安装软件\系统维护2007杀毒软件集\Virus Chaser\Spidernt.exe><N/A>
[BitDefender Communicator / XCOMM][Stopped/Disabled]
  <"C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service><Softwin>

==================================
驱动程序
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[bdfdll / bdfdll][Stopped/Manual Start]
  <\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[Virus Chaser Spider boot hook driver / drwebnet][Stopped/System Start]
  <\SystemRoot\system32\drivers\drwebnet.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/Disabled]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X][Running/Auto Start]
  <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[meiudf / meiudf][Running/System Start]
  <System32\Drivers\meiudf.sys><Matsushita Electric Industrial Co.,Ltd.>
[McAfee Inc. / mfeapfk][Stopped/Manual Start]
  <system32\drivers\mfeapfk.sys><N/A>
[McAfee Inc. / mfeavfk][Stopped/Manual Start]
  <system32\drivers\mfeavfk.sys><N/A>
[McAfee Inc. / mfebopk][Stopped/Manual Start]
  <system32\drivers\mfebopk.sys><N/A>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32\drivers\mfehidk.sys><N/A>
[VSCore mferkdk / mferkdk][Running/System Start]
  <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><N/A>
[McAfee Inc. / mfetdik][Running/System Start]
  <system32\drivers\mfetdik.sys><N/A>
[TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start]
  <System32\DRIVERS\netdevio.sys><TOSHIBA Corporation.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\安装程序\QQ2006\QQ传美版\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\安装程序\QQ2006\QQ传美版\npkcusb.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[WLAN Transport / s24trans][Running/Auto Start]
  <System32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Virus Chaser System Monitor / SPIDERCTL][Stopped/Auto Start]
  <\??\D:\安装程序\安装软件\系统维护2007杀毒软件集\Virus Chaser\spider.sys><N/A>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\stac97.sys><SigmaTel, Inc.>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start]
  <System32\DRIVERS\LTSM.sys><LT>
[TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver / TVALZ][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\TVALZ.SYS><TOSHIBA Corporation>
[Intel(R) PRO/Wireless 2100 Adapter 驱动程序 / w70n51][Stopped/Manual Start]
  <System32\DRIVERS\w70n51.sys><Intel? Corporation>
[xFileMgr / xFileMgr][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><MS User>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Stopped/Manual Start]
  <system32\drivers\wA301a.sys><Intel Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装程序\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.4.2_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\安装程序\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装程序\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\安装程序\QQ2006\QQ传美版\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\安装程序\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\安装程序\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\安装程序\QQ2006\QQ传美版\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\安装程序\QQ2006\QQ传美版\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\安装程序\QQ2006\QQ传美版\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.20]
    [c:\WINDOWS\System32\LgNotify.dll]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\安装程序\卡巴斯基\adialhk.dll]  [N/A, ]
[PID: 1472][C:\WINDOWS\system32\ZCfgSvc.exe]  [Intel Corporation, 4, 2, 0, 4]
    [C:\WINDOWS\system32\PfMgrApi.dll]  [Intel Corporation, 4, 2, 0, 1]
    [C:\WINDOWS\system32\PsRegApi.dll]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\system32\WConfig.DLL]  [Intel Corporation, 4, 2, 0, 3]
    [C:\WINDOWS\system32\WiFiAdap.DLL]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\system32\C1XStngs.dll]  [, 4, 2, 0, 2]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\ZcSvcCHS.dll]  [Intel Corporation, 4, 2, 0, 4]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 4, 2, 0, 1]
    [C:\WINDOWS\system32\S24MUDLL.dll]  [Intel Corporation, 4, 1, 0, 0]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\C1XStCHS.dll]  [, 4, 2, 0, 2]
[PID: 1600][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\安装程序\卡巴斯基\scrchpg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\Admin\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\TPwrCfg.DLL]  [TOSHIBA Corporation, 1, 0, 6, 2]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll]  [N/A, ]
    [D:\安装程序\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 1648][C:\WINDOWS\System32\1XConfig.exe]  [Intel, 4, 2, 0, 0]
    [C:\WINDOWS\System32\IntelAE5.dll]  [Meetinghouse Data Communications, 1, 42, 19, 1]
    [C:\WINDOWS\System32\SSLEAY32.dll]  [N/A, ]
    [C:\WINDOWS\System32\LIBEAY32.dll]  [N/A, ]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 4, 1, 0, 0]
[PID: 1736][C:\WINDOWS\system32\TPSMain.exe]  [TOSHIBA Corporation, 1, 0, 13, 0]
    [C:\WINDOWS\system32\TPSMainCtl.dll]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\WINDOWS\system32\CpuPerf.dll]  [TOSHIBA Corporation, 1, 0, 1, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPeculiarity.dll]  [TOSHIBA Corporation, 1, 0, 1, 0]
[PID: 1860][C:\WINDOWS\system32\TPSBattM.exe]  [TOSHIBA Corporation, 1, 0, 2, 0]
    [C:\WINDOWS\system32\TPwrCfg.DLL]  [TOSHIBA Corporation, 1, 0, 6, 2]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
[PID: 4028][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\Admin\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
[PID: 1560][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2068][D:\安装程序\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 1, 9008]
    [D:\安装程序\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 50]
    [D:\安装程序\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
    [D:\安装程序\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 2868]
    [D:\安装程序\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 186]
    [D:\安装程序\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [D:\安装程序\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\安装程序\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 45]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\DOCUME~1\Admin\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1408][D:\安装程序\安装软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\Admin\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEDFEAF0)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEDFECD0)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEDFEE30)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEDFEBE0)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xEEDFEDE0)

==================================
隐藏进程
N/A

==================================


[/CODE]
走别人的路,让别人无路可走.
顶端 Posted: 2007-05-05 23:34 | [楼 主]
郑宇鸣
I'm a vegetable bird
原创先锋奖
级别: F.Y.C成员


精华: 0
发帖: 3986
威望: 451 点
风云币: 1103 元
专家分: 226 分
论坛群: 管理团队
在线时间:1053(小时)
注册时间:2007-01-07
最后登录:2008-04-28

 

建议在进行修复操作前关闭其他所有的无关程序,断开网络连接,并建议将以下内容***粘贴到记事本保存后以便操作。
请运行刚才用来做智能扫描的工具SREng

启动项目->注册表里,找到下列项后,选择删除
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <t7xretkwqh><C:\DOCUME~1\Admin\LOCALS~1\Temp\1explore.exe>  []
    <rgd97b92kq993d><C:\DOCUME~1\Admin\LOCALS~1\Temp\c0nime.exe>  [N/A]
    <mg2y6l0hdd><C:\DOCUME~1\Admin\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
    <eijb><C:\DOCUME~1\Admin\LOCALS~1\Temp\crasos.exe>  [N/A]
    <2tsrvmqxyskr><C:\DOCUME~1\Admin\LOCALS~1\Temp\winlog0n.exe>  [N/A]
    <44jvfrcf6xth><C:\DOCUME~1\Admin\LOCALS~1\Temp\iexp10re.exe>  [N/A][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <?{754FB7D8-B8FE-4810-B363-A788CD060F1F}><>  [N/A]
    <?{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><>  [N/A]
    <?{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><>  [N/A]
    <?{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><>  [N/A]
    <?{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><>  [N/A]<mppds><C:\WINDOWS\mppds.exe>  []

重启电脑后,删除上述提到的所有文件 如果无法删除请用IceSword 1.20处理,并删除以下文件
C:\WINDOWS\system32\mppds.dll
C:\DOCUME~1\Admin\LOCALS~1\Temp\fyzo0.dll


尽管装了卡巴 咖啡 大蜘蛛 但至少木马中了两个...清理完病毒之前尽量不要登录某些游戏

c0nime.exe和1explore.exe病毒的查杀看这里:
http://forum.ikaka.com/topic.asp?board=28&artid=8279815&page=1
winlog0n.exe病毒看这里
http://hi.baidu.com/peaset/blog/item/b92b44daf546cfdbb7fd4819.html
mppds.dll病毒看这里
http://www.iuyoo.com/html/diannao_ruanjian/20070407/458.html
另外fyzo0.dll是木马 crasos.exe也是强毒!!!!
[ 此贴被郑宇鸣在2007-05-06 00:02重新编辑 ]
When you give of yourself, you receive more than you give.
顶端 Posted: 2007-05-05 23:51 | 1 楼
老虎
级别: 初级会员


精华: 0
发帖: 70
威望: 167 点
风云币: 2006 元
专家分: 0 分
在线时间:37(小时)
注册时间:2007-01-16
最后登录:2008-03-06

 

这个是游戏木马,游戏帐号的话,快点修改
安全模式下用avg四四看
顶端 Posted: 2007-05-06 10:43 | 2 楼
帝释天
水只为博红颜笑
级别: 资深会员


精华: 0
发帖: 3587
威望: 1065 点
风云币: 3170 元
专家分: 0 分
论坛群: ☆黄鱼党☆
在线时间:212(小时)
注册时间:2007-03-09
最后登录:2008-04-23

 

[CODE]

2007-05-06,13:05:45

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TPSMain><TPSMain.exe>  [TOSHIBA Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
    <WinlogonNotify: Sebring><c:\WINDOWS\System32\LgNotify.dll>  [Intel Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Stopped/Auto Start]
  <><N/A>
[BitDefender Scan Server / BDSS][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[ConfigFree Service / CFSvcs][Running/Auto Start]
  <C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe><TOSHIBA CORPORATION>
[DVD-RAM_Service / DVD-RAM_Service][Stopped/Disabled]
  <C:\WINDOWS\System32\DVDRAMSV.exe><Matsushita Electric Industrial Co., Ltd.>
[Wireless Zero Con***uration / inetsvr][Stopped/Auto Start]
  <C:\WINDOWS\system32\5640.exe><Cutting Edge Custom Software>
[kavsvc / kavsvc][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[BitDefender Desktop Update Service / LIVESRV][Stopped/Disabled]
  <"C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service><SOFTWIN S.R.L.>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[Virus Chaser Spider NT / spidernt][Stopped/Disabled]
  <><N/A>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
  <C:\WINDOWS\TEMP\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
  <C:\WINDOWS\TEMP\RAVWM.EXE><N/A>
[BitDefender Communicator / XCOMM][Stopped/Disabled]
  <"C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service><Softwin>

==================================
驱动程序
[Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[bdfdll / bdfdll][Stopped/Manual Start]
  <\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X][Running/Auto Start]
  <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[meiudf / meiudf][Running/System Start]
  <System32\Drivers\meiudf.sys><Matsushita Electric Industrial Co.,Ltd.>
[TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start]
  <System32\DRIVERS\netdevio.sys><TOSHIBA Corporation.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\安装程序\QQ2006\QQ传美版\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\安装程序\QQ2006\QQ传美版\npkcusb.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans][Running/Auto Start]
  <System32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\stac97.sys><SigmaTel, Inc.>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start]
  <System32\DRIVERS\LTSM.sys><LT>
[TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver / TVALZ][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\TVALZ.SYS><TOSHIBA Corporation>
[Intel(R) PRO/Wireless 2100 Adapter 驱动程序 / w70n51][Stopped/Manual Start]
  <System32\DRIVERS\w70n51.sys><Intel? Corporation>
[xFileMgr / xFileMgr][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><MS User>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Stopped/Manual Start]
  <system32\drivers\wA301a.sys><Intel Corporation>

==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\安装程序\360安全卫士\safemon\safemon.dll, >
[Java Plug-in 1.4.2_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\安装程序\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\安装程序\360安全卫士\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\安装程序\QQ2006\QQ传美版\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\安装程序\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\安装程序\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\安装程序\QQ2006\QQ传美版\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\安装程序\QQ2006\QQ传美版\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\安装程序\QQ2006\QQ传美版\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476][C:\WINDOWS\system32\ZCfgSvc.exe]  [Intel Corporation, 4, 2, 0, 4]
    [C:\WINDOWS\system32\PfMgrApi.dll]  [Intel Corporation, 4, 2, 0, 1]
    [C:\WINDOWS\system32\PsRegApi.dll]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\system32\WConfig.DLL]  [Intel Corporation, 4, 2, 0, 3]
    [C:\WINDOWS\system32\WiFiAdap.DLL]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\system32\C1XStngs.dll]  [, 4, 2, 0, 2]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\ZcSvcCHS.dll]  [Intel Corporation, 4, 2, 0, 4]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 4, 2, 0, 1]
    [C:\WINDOWS\system32\S24MUDLL.dll]  [Intel Corporation, 4, 1, 0, 0]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\C1XStCHS.dll]  [, 4, 2, 0, 2]
[PID: 1576][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wins.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\TPwrCfg.DLL]  [TOSHIBA Corporation, 1, 0, 6, 2]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2331]
[PID: 1636][C:\WINDOWS\System32\1XConfig.exe]  [Intel, 4, 2, 0, 0]
    [C:\WINDOWS\System32\IntelAE5.dll]  [Meetinghouse Data Communications, 1, 42, 19, 1]
    [C:\WINDOWS\System32\SSLEAY32.dll]  [N/A, ]
    [C:\WINDOWS\System32\LIBEAY32.dll]  [N/A, ]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 4, 1, 0, 0]
[PID: 1736][C:\WINDOWS\system32\TPSMain.exe]  [TOSHIBA Corporation, 1, 0, 13, 0]
    [C:\WINDOWS\system32\TPSMainCtl.dll]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\WINDOWS\system32\CpuPerf.dll]  [TOSHIBA Corporation, 1, 0, 1, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPeculiarity.dll]  [TOSHIBA Corporation, 1, 0, 1, 0]
[PID: 1808][C:\WINDOWS\system32\TPSBattM.exe]  [TOSHIBA Corporation, 1, 0, 2, 0]
    [C:\WINDOWS\system32\TPwrCfg.DLL]  [TOSHIBA Corporation, 1, 0, 6, 2]
    [C:\WINDOWS\system32\TPwrReg.dll]  [TOSHIBA Corporation, 1, 0, 4, 0]
    [C:\WINDOWS\system32\TPSTrace.DLL]  [TOSHIBA Corporation, 1, 0, 3, 0]
[PID: 1688][D:\安装程序\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 1, 9008]
    [D:\安装程序\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 50]
    [D:\安装程序\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
    [D:\安装程序\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 2868]
    [D:\安装程序\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 186]
    [D:\安装程序\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [D:\安装程序\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\安装程序\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 45]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wins.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl]  [Kaspersky Lab, 5.0.388.0]
    [C:\WINDOWS\System32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5091]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL]  [Microsoft Corporation, 5.00.2916.0]
[PID: 1212][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][D:\安装程序\安装软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\wins.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEE126E0)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEE12820)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEE128E0)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xEEE12780)

==================================
隐藏进程
    [225] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    [1761] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

==================================


[/CODE]
再帮我看看日志吧~好像很多都还杀不掉
走别人的路,让别人无路可走.
顶端 Posted: 2007-05-06 13:49 | 3 楼
jamesgu
级别: 新手上路


精华: 0
发帖: 97
威望: 111 点
风云币: 3836 元
专家分: 0 分
在线时间:15(小时)
注册时间:2007-05-01
最后登录:2008-04-18

 

试试卡巴斯基,这个挺厉害的,实在不行的话,就把系统分区格了,重新安装,如果你的系统以前有GHOST备份那是最好的,最后建议你在系统好的时候,安装赢政天下的一键GHOST备份一下,这样系统有问题一恢复就可以了,而且不需要软驱和光驱,很方便的!
顶端 Posted: 2007-05-06 15:05 | 4 楼
帖子浏览记录 版块浏览记录
风云小站 » 『 求助专区 』
感谢,曾经的版主
Total 0.027954(s) query 6, Time now is:12-28 13:59, Gzip enabled 渝ICP备20004412号-1

Powered by PHPWind v6.3.2 Certificate Code © 2003-07 PHPWind.com Corporation
Skin by Chen Bo