金山毒霸2009官方下载金山清理专家官方下载金山网盾官方下载金山急救箱官方下载
12
返回列表 回复 发帖
kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
1
打印
tT
发表于 2008-11-8 09:18 | 只看该作者

[求助] 紧急! 新型针对QQ和userinit病毒!!

userinit
首先 我打开金山清理专家 发现一个恶意软件(我电脑英文的 里面的中文是问号) 是Troj?Q???8.0  描述那里提到了QQ和userinit  删除,重启 开机抢杀技术把QQ目录下的QQ.exe和cheak_hook.dll 然后打开清理专家 发现异常的userinit 修复(清除) 我重装了QQ在同样目录 重启    打开清理专家 又发现Troj?Q???8.0!!!   然后就是重复上面的事情

怎么办啊啊!!   360没扫出任何东西 WINDOWS清理助手也没有  
前提是我QQ是www.qq.com(官网)下载的 不可能有病毒吧  请各位高手赶紧汇报此事情!!
另外cheak_hook.dll以前在QQ目录下没有的
本主题由 vistalong 于 2008-11-9 10:36 设置高亮
收藏 分享 评分
回复 引用

订阅 TOP

vistalong

爱毒霸社区缉毒队

积分
5644 
威望
11958  
元宝
34  
铜钱
7413  

安全精英无私奉献安全之星勋章周刊评论员二等功勋章达人奖希望勋章
2
发表于 2008-11-8 09:22 | 只看该作者
提供一下杀软的日志
同时提供病毒详细信息:病毒路径+病毒文件名称
下载sreng:(点击下载sreng)

解压sreng2.zip-->打开SREngLdr.EXE-->勾选  智能扫描-->扫描-->保存报告
   
保存到桌面
将 SREngLOG.log 中内容完整的复制粘贴到论坛上来(快捷提示:ctrl+a全选,ctrl+c复制,ctrl+v粘贴),不要修改
如无法运行,请重命名文件夹名和文件名,如abc.exe/abc.com/abc.bat/abc.scr/abc.pif等
注意:扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。

1、描述症状、杀软对病毒处理结果,提供病毒文件名和路径。
2、提供清理专家报告或者sreng报告。
3、可疑程序用压缩包 形式上报病毒样本上报区
http://bbs.duba.net/forum-3252-1.html
回复 引用

TOP

byxxdrls

爱毒霸社区缉毒队

积分
1018 
威望
2179  
元宝
5  
铜钱
1430  
3
发表于 2008-11-8 09:24 | 只看该作者
网上查到的:
华夏黑客联盟论坛 -> →『原创软件区』 -> 爱Q大盗 8.0V2(VIP版) 正式发布


木马运行后...
将会在C盘建立个自动运行文件

autorun.inf
里面有
SpiderNt.exe
rundll32.exe

然后会把QQ给替换掉
QQ目录下会增加这三个文件
QQ.exe
cheak_hook.dll
QQ.exe 
[ 本帖最后由 byxxdrls 于 2008-11-8 09:26 编辑 ]
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
4
发表于 2008-11-8 09:30 | 只看该作者
可是我的C盘没有SpiderNt.exe
rundll32.exe 和 Autorun.inf啊   而且抢杀技术说他是Spyware
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
5
发表于 2008-11-8 09:32 | 只看该作者
byxxdrls说清除点好吗? 他有什么症状啊 会盗Q号吗
回复 引用

TOP

byxxdrls

爱毒霸社区缉毒队

积分
1018 
威望
2179  
元宝
5  
铜钱
1430  
6
发表于 2008-11-8 09:37 | 只看该作者
http://203.208.39.99/search?q=cache:ZEF_oYbWfEMJ:www.hxhack.com/bbs/simple/index.php%3Ft178752_4.html+cheak_hook.dll&hl=zh-CN&ct=clnk&cd=5&gl=cn&st_usg=ALhdy29iAN-C9ul1hAH7GNwoIsvEZ8XOuA我是搜索到这个网页的。这是8月份的时候的事了,你中的可能是新版本。应该是盗QQ密码的吧。你自己看看吧。

要清除此毒,你按照2楼的做吧,或者把QQ目录中的两个病毒文件传上来。
回复 引用

TOP

天月来了

特邀嘉宾

积分
1226 
威望
2662  
元宝
1  
铜钱
1666  
7
发表于 2008-11-8 09:45 | 只看该作者
楼主请上传个自己的系统的SRENG日志来看看
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
8
发表于 2008-11-8 09:48 | 只看该作者
C盘没有NT开头的exe程序 包括WINDOWS和system32(里面有 但是我知道是系统的)
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
9
发表于 2008-11-8 09:53 | 只看该作者
byxxdrls我怎么上传啊 一开机就被抢杀了...
回复 引用

TOP

ksdb7751409

新兵

积分
威望
3  
元宝
0  
铜钱
2  
10
发表于 2008-11-8 10:05 | 只看该作者
我今天也出现了相同的情况... 是突然出现的, 之前毒霸没有找到任何病毒, 实时防毒什么的都是开的, 进安全模式杀毒也是没有结果. C盘里没有autorun.inf文件, 一切和正常开机差不多...
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
11
发表于 2008-11-8 10:16 | 只看该作者
  1. 2008-11-08,13:00:28

  3. System Repair Engineer 2.7.0.1210
  4. Smallfrogs (http://www.KZTechs.com)

  6. Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

  8. Follow item(s) have been selected:
  9.     All Boot Items (Including Registry, Startup Folders, Services and so on)
  10.     Browser Add-ons
  11.     Running Processes (Including process model information)
  12.     File Associations
  13.     Winsock Provider
  14.     Autorun.Inf
  15.     HOSTS File
  16.     Process Privileges Scan
  17.     Scheduled Tasks
  18.     API HOOK
  19.     Hidden Process


  22. Boot Items
  23. Registry
  24. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  25.     <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  26. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  27.     <run><>  [N/A]
  28. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  29.     <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  31.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  32.     <Userinit><c:\windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  33.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  35.     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  37.     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
  38.     <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
  39.     <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
  40.     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  42.     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
  43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  44.     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
  45. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  46.     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
  47. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  48.     <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  49. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  50.     <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  51. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  52.     <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
  53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  54.     <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
  55. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  56.     <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  57. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  58.     <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
  59. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  60.     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
  61.     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
  62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  63.     <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  65.     <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  67.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
  68. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
  69.    
  70. <RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
  71. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  72.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
  73. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  74.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  75. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  76.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
  77. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  78.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
  79. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
  80.     <Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [File is missing]
  81. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  82.     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
  83. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  84.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  86.     <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
  87. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  88.     <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
  89. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  90.     <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
  91. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  92.     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
  93. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  94.     <360Safetray><; D:\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]

  96. ==================================
  97. Startup Folders
  98. [Unwired Launchpad]
  99.   <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Unwired Launchpad.lnk --> C:\PROGRA~1\Unwired\UwSCT.exe [Unwired Australia Pty Limited]><N>

  101. ==================================
  102. Services
  103. [.NET Runtime Optimization Service v2.0.50727_X86 / clr_optimization_v2.0.50727_32][Stopped/Auto Start]
  104.   <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe><(File is missing)>
  105. [Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
  106.   <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
  107. [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  108.   <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
  109. [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  110.   <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>

  112. ==================================
  113. Drivers
  114. [360AntiArp / 360AntiArp][Running/System Start]
  115.   <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
  116. [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  117.   <system32\drivers\ac97intc.sys><Intel Corporation>
  118. [eamon / eamon][Running/Auto Start]
  119.   <system32\DRIVERS\eamon.sys><ESET>
  120. [easdrv / easdrv][Running/System Start]
  121.   <system32\DRIVERS\easdrv.sys><ESET>
  122. [epfwtdir / epfwtdir][Running/System Start]
  123.   <system32\DRIVERS\epfwtdir.sys><N/A>
  124. [KAVBase / KAVBase][Stopped/Manual Start]
  125.   <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
  126. [KAVBootC / KAVBootC][Running/Boot Start]
  127.   <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
  128. [KAVSafe / KAVSafe][Running/Auto Start]
  129.   <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
  130. [kmsinput / kmsinput][Stopped/Manual Start]
  131.   <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
  132. [KNetWch / KNetWch][Running/System Start]
  133.   <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
  134. [KWatch3 / KWatch3][Running/Auto Start]
  135.   <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
  136. [npkcrypt / npkcrypt][Stopped/Auto Start]
  137.   <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
  138. [nv / nv][Running/Manual Start]
  139.   <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
  140. [DDK PACKET Protocol / Packet][Stopped/Manual Start]
  141.   <system32\DRIVERS\ProtoDrv.sys><360安全中心>
  142. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  143.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  144. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  145.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  146. [SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  147.   <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
  148. [Secdrv / Secdrv][Stopped/Manual Start]
  149.   <system32\DRIVERS\secdrv.sys><N/A>
  150. [TCP/IP Protocol Driver / Tcpip][Running/System Start]
  151.   <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
  152. [TesSafe / TesSafe][Stopped/Manual Start]
  153.   <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

  155. ==================================
  156. Browser Add-ons
  157. [QQCycloneHelper Class]
  158.   {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
  159. [SafeMon Class]
  160.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
  161. [kingsoft browser shield]
  162.   {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
  163. [IEBuddyExtControl Class]
  164.   {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
  165. [Windows Genuine Advantage Validation Tool]
  166.   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
  167. [MUWebControl Class]
  168.   {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
  169. [Java Plug-in 1.6.0_07]
  170.   {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
  171. []
  172.   {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
  173. [WebActivater Control]
  174.   {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
  175. [Java Plug-in 1.5.0_06]
  176.   {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
  177. [Java Plug-in 1.6.0_05]
  178.   {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
  179. [Java Plug-in 1.6.0_07]
  180.   {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
  181. [Java Plug-in 1.6.0_07]
  182.   {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
  183. [Shockwave Flash Object]
  184.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
  185. [PasswordEditCtrl Class]
  186.   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
  187. [QQCycloneHelper Class]
  188.   {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
  189. []
  190.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <, >
  191. []
  192.   {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
  193. [Adobe PDF Reader Link Helper]
  194.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
  195. [Web Browser Applet Control]
  196.   {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
  197. []
  198.   {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
  199. [IFlashGetNetscapeEx Class]
  200.   {116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, FlashGet>
  201. []
  202.   {220A105A-16EE-44C1-A4C8-AD76C709FC1D} <, >
  203. []
  204.   {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
  205. [JetCarNetscape Class]
  206.   {2974c985-8151-4de5-b23c-b875f0a8522f} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, FlashGet>
  207. []
  208.   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
  209. []
  210.   {3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF} <, >
  211. [IEBuddyExtControl Class]
  212.   {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
  213. [Kingsoft Trojan Webshield]
  214.   {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll, (Signed) Kingsoft Corporation>
  215. []
  216.   {53707962-6F74-2D53-2644-206D7942484F} <, >
  217. [Shell Name Space]
  218.   {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
  219. [Windows Media Player]
  220.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
  221. [SSVHelper Class]
  222.   {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, N/A>
  223. []
  224.   {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
  225. [360SafeLive]
  226.   {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, (Signed) 360.cn>
  227. [Microsoft Web Browser]
  228.   {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
  229. []
  230.   {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
  231. []
  232.   {9030D464-4C02-4ABF-8ECC-5164760863C6} <, >
  233. []
  234.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
  235. []
  236.   {94EDF7B4-4272-4AF3-8F8B-4E2F68E225B7} <, >
  237. []
  238.   {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
  239. []
  240.   {A303AF11-721F-4185-B87B-5027CE6EE538} <, >
  241. []
  242.   {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
  243. [FlashGetBHO]
  244.   {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, FlashGet>
  245. [SearchAssistantOC]
  246.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
  247. [SafeMon Class]
  248.   {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, (Signed) 360.CN>
  249. [RDS.DataSpace]
  250.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
  251. []
  252.   {C95FE080-8F5D-11D2-A20B-00AA003C157A} <, >
  253. [AUDIO__MP3 Moniker Class]
  254.   {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
  255. [AUDIO__X_MS_WMA Moniker Class]
  256.   {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
  257. [Shockwave Flash Object]
  258.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
  259. []
  260.   {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <, >
  261. [kingsoft browser shield]
  262.   {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
  263. [PasswordEditCtrl Class]
  264.   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
  265. []
  266.   {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, >
  267. []
  268.   {F19455F5-ADF4-4171-9111-3AF65819FE4B} <, >
  269. []
  270.   {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
  271. []
  272.   {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
  273. [&Google Search]
  274.   <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
  275. [E&xport to Microsoft Excel]
  276.   <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
  277. [使用快车(Flas&hGet)下载]
  278.   <D:\FlashGet Network\FlashGet\GetUrl.htm, N/A>
  279. [使用快车(Flash&Get)下载全部链接]
  280.   <D:\FlashGet Network\FlashGet\GetAllUrl.htm, N/A>
  281. [使用快车(FlashGet)下载该网页FLV]
  282.   <D:\FlashGet Network\FlashGet\FlvDetector.htm, N/A>
  283. [添加到QQ表情]
  284.   <D:\QQ\AddEmotion.htm, N/A>

  286. ==================================
  287. Running Processes
  288. [PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  289. [PID: 476 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  290. [PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  291.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  292. [PID: 544 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  293.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  294. [PID: 556 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  295.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  296. [PID: 708 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  297.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  298. [PID: 772 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  299.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  300. [PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  301.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  302. [PID: 936 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  303.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  304. [PID: 1020 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  305.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  306. [PID: 1132 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE]  [Kingsoft Corporation, 2008,10,21,649]
  307.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
  308.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
  309.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
  310.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
  311.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
  312.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  313. [PID: 1148 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE]  [Kingsoft Corporation, 2008,10,21,649]
  314.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
  315.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
  316.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
  317.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
  318.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  319.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
  320.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KARetr.DLL]  [Kingsoft Corporation, 1, 0, 0, 1]
  321.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEvent.DLL]  [Kingsoft Corporation, 2008,04,02,5]
  322.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVIPC2.DLL]  [Kingsoft Corporation, 2008,07,15,469]
  323.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVDevC.dll]  [Kingsoft Corporation, 2008,07,24,115]
  324. [PID: 1464 / su][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  325.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  326.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
  327.     [D:\WinRAR\rarext.dll]  [N/A, ]
  328.     [D:\Unlocker\UnlockerCOM.dll]  [N/A, ]
  329.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
  330.     [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  331.     [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  332.     [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  333.     [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  334.     [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  335.     [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  336. [PID: 1608 / SYSTEM][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE]  [Kingsoft Corporation, 2008,04,02,5]
  337.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
  338.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
  339.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
  340.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
  341.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
  342.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  343.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.DLL]  [Kingsoft Corporation, 2008,04,02,5]
  344.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kspeedup.dll]  [Kingsoft Corporation, 2008,04,22,364]
  345.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kavipc2.dll]  [Kingsoft Corporation, 2008,07,15,469]
  346.     [C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVRep.DLL]  [Kingsoft Corporation, 2008,04,30,183]
  347. [PID: 1700 / su][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  348.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  349. [PID: 1796 / su][C:\Program Files\Unwired\UwSCT.exe]  [Unwired Australia Pty Limited, 1.3.0]
  350.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  351. [PID: 460 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  352.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  353. [PID: 1704 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  354.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  355. [PID: 848 / su][D:\QQ\QQ.exe]  [TENCENT, 8,0,978,1833]
  356.     [D:\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,978,1833]
  357.     [D:\QQ\QQHelperDll.dll]  [TENCENT, 8,0,978,1833]
  358.     [D:\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,978,1833]
  359.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  360.     [D:\QQ\QQAPI.dll]  [TENCENT, 8,0,978,1833]
  361.     [D:\QQ\LoginCtrl.dll]  [TENCENT, 8,0,978,1833]
  362.     [D:\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,978,1833]
  363.     [D:\QQ\QQRes.dll]  [TENCENT, 8,0,978,1833]
  364.     [D:\QQ\WizardCtrl.dll]  [TENCENT, 8,0,978,1833]
  365.     [D:\QQ\QQMainFrame.dll]  [TENCENT, 8,0,978,1833]
  366.     [D:\QQ\QQPlugin.dll]  [TENCENT, 8,0,978,1833]
  367.     [D:\QQ\UnReadMsgMgr.dll]  [TENCENT, 8,0,978,1833]
  368.     [D:\QQ\QQAllInOne.dll]  [TENCENT, 8,0,978,1833]
  369.     [D:\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
  370.     [D:\QQ\CameraDll.dll]  [TENCENT, 8,0,978,1833]
  371.     [D:\QQ\CQQApplication.dll]  [TENCENT, 8,0,978,1833]
  372.     [D:\QQ\FlashAvatarDll.dll]  [, 1, 0, 0, 1]
  373.     [D:\QQ\NewSkin.dll]  [TENCENT, 8,0,978,1833]
  374.     [D:\QQ\MailSummary.dll]  [TENCENT, 8,0,978,1833]
  375.     [D:\QQ\QQSpace.dll]  [TENCENT, 8,0,978,1833]
  376.     [C:\WINDOWS\system32\devenum.dll]  [, ]
  377.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
  378.     [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
  379.     [D:\QQ\OEMApplication.dll]  [TENCENT, 8,0,978,1833]
  380.     [D:\QQ\QQAvatar.dll]  [TENCENT, 8,0,978,1833]
  381.     [D:\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,978,1833]
  382.     [D:\QQ\QQGroupMng.dll]  [TENCENT, 8,0,978,1833]
  383.     [D:\QQ\QQPet.dll]  [TENCENT, 8,0,978,1833]
  384.     [D:\QQ\QRingMng.dll]  [TENCENT, 8,0,978,1833]
  385.     [D:\QQ\QQSysMsgMng.dll]  [TENCENT, 8,0,978,1833]
  386.     [D:\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,978,1833]
  387.     [D:\QQ\LongConnection.dll]  [TENCENT, 8,0,978,1833]
  388.     [D:\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,978,1833]
  389.     [D:\QQ\QQCustomFace.dll]  [TENCENT, 8,0,978,1833]
  390.     [D:\QQ\QQFileTransfer.dll]  [TENCENT, 8,0,978,1833]
  391.     [D:\QQ\PhoneAPI.dll]  [TENCENT, 8,0,978,1833]
  392.     [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
  393.     [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
  394.     [D:\QQ\BQQApplication.dll]  [TENCENT, 8,0,978,1833]
  395.     [D:\QQ\QQSettingCtrl.dll]  [TENCENT, ]
  396.     [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
  397.     [D:\QQ\CommercesMng.dll]  [TENCENT, 8,0,978,1833]
  398.     [D:\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,978,1833]
  399.     [D:\QQ\QQSceneMng.dll]  [TENCENT, 8,0,978,1833]
  400.     [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  401.     [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
  402.     [D:\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 17]
  403.     [D:\QQ\ImageOle.dll]  [TENCENT, 8,0,978,1833]
  404.     [D:\QQ\QQMagicFace.dll]  [TENCENT, 8,0,978,1833]
  405.     [D:\QQ\QQLiveQMng.dll]  [TENCENT, 8,0,978,1833]
  406.     [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
  407.     [D:\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
  408.     [D:\QQ\GroupConnection.dll]  [TENCENT, 8,0,978,1833]
  409. [PID: 976 / su][D:\QQ\TXPlatform.exe]  [Tencent, 1, 5, 225, 0]
  410. [PID: 3448 / su][D:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
  411. [PID: 3456 / su][D:\sreng2\SRE679b2568.EXE]  [Smallfrogs Studio, 2.7.0.1210]
  412.     [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
  413.     [D:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

  415. ==================================
  416. File Associations
  417. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  418. .EXE  OK. ["%1" %*]
  419. .COM  OK. ["%1" %*]
  420. .PIF  OK. ["%1" %*]
  421. .REG  OK. [regedit.exe "%1"]
  422. .BAT  OK. ["%1" %*]
  423. .SCR  OK. ["%1" /S]
  424. .CHM  Error. ["hh.exe" %1]
  425. .HLP  Error. [winhlp32.exe %1]
  426. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  427. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  428. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  429. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  430. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  432. ==================================
  433. Winsock Provider
  434. N/A

  436. ==================================
  437. Autorun.Inf
  438. N/A

  440. ==================================
  441. HOSTS File
  442. 127.0.0.1       localhost

  444. ==================================
  445. Process Privileges Scan
  446. Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1796, C:\PROGRAM FILES\UNWIRED\UWSCT.EXE]
  447. Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3448, D:\SRENG2\SRENGLDR.EXE]

  449. ==================================
  450. Scheduled Tasks
  451. [Disabled] 【请注意文明用语】 NetDetect.job
  452.         C:\Program Files\【请注意文明用语】\LiveUpdate\NDETECT.EXE

  454. ==================================
  455. API HOOK
  456. N/A

  458. ==================================
  459. Hidden Process
  460. N/A

  462. ==================================
复制代码
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
12
发表于 2008-11-8 10:20 | 只看该作者
以上是sreng报告
回复 引用

TOP

byxxdrls

爱毒霸社区缉毒队

积分
1018 
威望
2179  
元宝
5  
铜钱
1430  
13
发表于 2008-11-8 10:30 | 只看该作者
英文版的,看得眼花。没看出什么名堂。
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
14
发表于 2008-11-8 10:46 | 只看该作者
vistalong去哪了..帮我看看啊
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
15
发表于 2008-11-8 17:28 | 只看该作者
就没有人来帮帮我啊   这东西就是清不掉
回复 引用

TOP

vistalong

爱毒霸社区缉毒队

积分
5644 
威望
11958  
元宝
34  
铜钱
7413  

安全精英无私奉献安全之星勋章周刊评论员二等功勋章达人奖希望勋章
16
发表于 2008-11-9 10:35 | 只看该作者
查看隐藏和系统文件
我的电脑---工具---文件夹选项--查看--
在“显示系统文件夹”“显示所有文件和文件夹”2个地方打上钩
这一项如果被病毒破坏 请用附件中的工具
打开我的电脑  然后 搜索 QQ.exe   、cheak_hook.dll 、SpiderNt.exe、
rundll32.exe这几个文件用压缩包上传

显示被隐藏的文件.rar (336 Bytes)


1、描述症状、杀软对病毒处理结果,提供病毒文件名和路径。
2、提供清理专家报告或者sreng报告。
3、可疑程序用压缩包 形式上报病毒样本上报区
http://bbs.duba.net/forum-3252-1.html
回复 引用

TOP

byxxdrls

爱毒霸社区缉毒队

积分
1018 
威望
2179  
元宝
5  
铜钱
1430  
17
发表于 2008-11-9 13:57 | 只看该作者
运行病毒后,写入文件的大致情况

5817        46:58.9        com.exe        1512        写入文件        C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\krnln.fnr               
5839        46:59.0        com.exe        1512        写入文件        C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\dp1.fne               
5843        46:59.0        com.exe        1512        写入文件        C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\eAPI.fne               
5857        46:59.1        com.exe        1512        写入文件        C:\Documents and Settings\Administrator\Local Settings\Temp\E_4\shell.fne               
6927        46:59.8        com.exe        1512        写入文件        C:\PZAQ.ini               
6942        46:59.8        com.exe        1512        写入文件        C:\Recycled\desktop.ini               
6991        46:59.9        com.exe        1512        写入文件        C:\Recycled\iext5.fne               
7010        46:59.9        com.exe        1512        写入文件        C:\Recycled\shellEx.fne               
7022        46:59.9        com.exe        1512        写入文件        C:\Recycled\xplib.fne               
7034        46:59.9        com.exe        1512        写入文件        C:\Recycled\internet.fne               
7060        46:59.9        com.exe        1512        写入文件        C:\Recycled\krnln.fne               
7240        47:00.0        com.exe        1512        写入文件        C:\Recycled\eAPI.fne               
7291        47:00.0        com.exe        1512        写入文件        C:\Recycled\dp1.fne               
7941        47:00.3        com.exe        1512        写入文件        C:\autorun.inf\desktop.ini               
8038        47:00.5        com.exe        1512        写入文件        C:\autorun.inf\文件免疫.\AQ               
8111        47:00.7        com.exe        1512        写入文件        D:\autorun.inf\desktop.ini               
8131        47:00.7        com.exe        1512        写入文件        D:               
8165        47:00.8        com.exe        1512        写入文件        D:\autorun.inf\文件免疫.\AQ               
8221        47:00.9        com.exe        1512        写入文件        D:\Backup\桌面\QQ.exe                
8245        47:01.0        com.exe        1512        写入文件        D:\autorun.inf\SpiderNt.exe                
8284        47:01.0        com.exe        1512        写入文件        C:\Recycled\Recycledbk.exe                
8325        47:01.0        com.exe        1512        写入文件        C:\Recycled\Recycled.exe                
8336        47:01.0        com.exe        1512        写入文件        D:\Backup\桌面\cheak_hook.dll               
10059        47:01.6        com.exe        1512        写入文件        C:\Documents and Settings\All Users\桌面\腾讯QQ.lnk               
12638        47:02.9        Recycled.exe         1536        写入文件        D:\autorun.inf\rundll32.exe               
13293        47:03.2        com.exe        1512        写入文件        C:\Documents and Settings\Administrator\Local Settings\Temp\d1e0.tmp               
16227        47:04.6        Recycled.exe         1536        写入文件        C:\Recycled\Recycled.exe 
回复 引用

TOP

byxxdrls

爱毒霸社区缉毒队

积分
1018 
威望
2179  
元宝
5  
铜钱
1430  
18
发表于 2008-11-9 14:09 | 只看该作者
autorun.inf\和Recycled\这两个文件夹内的文件被隐藏了(即使隐藏的系统文件能看到,这些文件也看不到),得用冰刃才能看到,在DOS下也可以用
回复 引用

TOP

kori84527486

四级士官

积分
1260 
威望
2670  
元宝
0  
铜钱
1221  

最佳新人奖
19
发表于 2008-11-10 17:35 | 只看该作者
C:\Documents and Settings\Administrator\Local Settings\Temp\  里面什么也没有
以下文件和文件夹地址找不到(地址栏打进去说找不到):
C:\autorun.inf
D:\Backup\
D:\autorun.inf
C:\Recycled\
C:\PZAQ.ini
D:\autorun.inf\rundll32.exe
回复 引用

TOP

tang9413

新兵

积分
威望
3  
元宝
0  
铜钱
2  
20
发表于 2008-11-14 20:45 | 只看该作者

回复 17楼 的帖子

你用什么软件查到病毒写入时间?
回复 引用

TOP

12
返回列表