求助。可能出新病毒了 bbs.ikaka.com

林达asd - 2007-5-29 5:53:00

电脑安全模式无法进入。。所有杀软都屏蔽。
SRE无法使用。。改名也无法使用。
删处后下载都不允许下载。。自动关闭下载
电脑病毒现在症状为
打开我的电脑。无论点什么。会在出现一个我的电脑。
电脑只要切换到大写。。就无法在回到小写状态。
病毒进程epiaumj.exe
pgijphp.exe结束进程会自动创建。
进入注册表删处也是。。删了还有。

林达asd - 2007-5-29 6:07:00

终于能扫到日志了。
麻烦高手们赶紧解决一下。。。
开始自动关闭所有杀软的网站了。。。
ikaka已经开始自动关闭了。
日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<ipsaofj><C:\WINDOWS\system32\epiaumj.exe> []
<apqkqli><C:\WINDOWS\system32\pgijhph.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<WSVBRS><C:\WINDOWS\WSVBRS.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC5008D8-67D4-4CBE-86C3-A9BA4B4343D6}><C:\WINDOWS\system32\55.dll> []

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒6.0个人版 / AVP][Stopped/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[C-DillaSrv / C-DillaSrv][Stopped/Disabled]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Stopped/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[AEAudio Service / AEAudioService][Stopped/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\CDANT.SYS><Macrovision>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[PCIMC-3D / NCADPT][Running/Manual Start]
<System32\Drivers\WHNC3D.SYS><Shanghai Weihong Technology Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SenFilt Service / SenFiltService][Stopped/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[KLIF / KLIF][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================

林达asd - 2007-5-29 6:07:00

浏览器加载项
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, N/A>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
<D:\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 656][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 784][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2008][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 1764][C:\WINDOWS\system32\epiaumj.exe] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 1708][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 2016][C:\WINDOWS\system32\pgijhph.exe] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 384][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\SREng.scr] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]

==================================

林达asd - 2007-5-29 6:08:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe
[E:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe
[F:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB9D47AF0)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB9D47CD0)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB9D47E30)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xB9D47BE0)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xB9D47DE0)

==================================
隐藏进程
N/A

==================================

林达asd - 2007-5-29 6:09:00

[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 1764][C:\WINDOWS\system32\epiaumj.exe] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 1708][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 2016][C:\WINDOWS\system32\pgijhph.exe] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[PID: 384][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\SREng.scr] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\55.dll] [N/A, ]
这些是不是全都是病毒？？
要如何清理。。麻烦高手们了。
急急。。在线等

林达asd - 2007-5-29 6:17:00

高手们。。快帮帮忙啊。。。。
现在一打开ikaka就出现一个对话英语的
然后要连续打开几次才能打开。。

木的伤心 - 2007-5-29 6:24:00

LZ能告诉我SREng的授权码么我才来机器出问题了但是下到了SREng装不了也扫不到日志帮帮忙

林达asd - 2007-5-29 6:25:00

已经开始疯狂下载病毒了。。。。。。。。。
老大们。。。。跪求解决啊。。。。。

林达asd - 2007-5-29 6:31:00

开始几秒中关闭ikaka了。。
帮忙啊！！！！！！！！
直接改名
改为123.exe abc.exe SREng.scr
都应该可以。。
我这改名字不好使。。
帮我啊`

林达asd - 2007-5-29 6:48:00

使用在线查杀。。
查出病毒
文件路径:C:\WINDOWS\system32\WSVBRS.dll
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:49
====================================================================================================
文件路径:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~V2C.tmp
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:50
====================================================================================================
文件路径:C:\WINDOWS\system32\upxdnd.dll
ゅン隔畖:Trojan/PSW.GamePass.klh
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:50
====================================================================================================
文件路径:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~V2D.tmp
ゅン隔畖:Trojan/PSW.GamePass.klh
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:52
====================================================================================================
文件路径:C:\WINDOWS\system32\WSVBRS.dll
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:52
====================================================================================================
文件路径:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~V2E.tmp
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:53
====================================================================================================
文件路径:C:\WINDOWS\system32\upxdnd.dll
ゅン隔畖:Trojan/PSW.GamePass.klh
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:53
====================================================================================================
文件路径:C:\WINDOWS\system32\upxdnd.dll
ゅン隔畖:Trojan/PSW.GamePass.klh
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:54
====================================================================================================
ゅン隔畖:C:\WINDOWS\system32\upxdnd.dll
稰琕痜瑀:Trojan/PSW.GamePass.klh
苯磞丁:2007-5-29 6:6:54
苯磞丁:2007-5-29 6:6:54
====================================================================================================
文件路径:C:\WINDOWS\system32\epiaumj.exe
ゅン隔畖:Trojan/PSW.GamePass.kxv
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:54
====================================================================================================
文件路径:C:\WINDOWS\system32\epiaumj.exe
ゅン隔畖:Trojan/PSW.GamePass.kxv
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:54
====================================================================================================
ゅン隔畖:C:\WINDOWS\system32\epiaumj.exe
稰琕痜瑀:Trojan/PSW.GamePass.kxv
苯磞丁:2007-5-29 6:6:54
苯磞丁:2007-5-29 6:6:54
====================================================================================================
文件路径:C:\WINDOWS\system32\pgijhph.exe
ゅン隔畖:Trojan/PSW.GamePass.kxv
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:54
====================================================================================================
文件路径:C:\WINDOWS\system32\pgijhph.exe
ゅン隔畖:Trojan/PSW.GamePass.kxv
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:55
====================================================================================================
ゅン隔畖:C:\WINDOWS\system32\pgijhph.exe
稰琕痜瑀:Trojan/PSW.GamePass.kxv
苯磞丁:2007-5-29 6:6:55
苯磞丁:2007-5-29 6:6:55
====================================================================================================
ゅン隔畖:C:\WINDOWS\system32\pgijhph.exe
稰琕痜瑀:
苯磞丁:2007-5-29 6:6:57
苯磞丁:2007-5-29 6:6:57
====================================================================================================
ゅン隔畖:C:\WINDOWS\system32\epiaumj.exe
稰琕痜瑀:
苯磞丁:2007-5-29 6:6:57
苯磞丁:2007-5-29 6:6:57
====================================================================================================
文件路径:C:\WINDOWS\upxdnd.exe
ゅン隔畖:Trojan/PSW.GamePass.kdy
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:57
====================================================================================================
ゅン隔畖:C:\WINDOWS\upxdnd.exe
稰琕痜瑀:Trojan/PSW.GamePass.kdy
苯磞丁:2007-5-29 6:6:57
苯磞丁:2007-5-29 6:6:57
====================================================================================================
文件路径:C:\WINDOWS\WSVBRS.exe
ゅン隔畖:Trojan/PSW.GamePass.jqz
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:28:57
====================================================================================================
ゅン隔畖:C:\WINDOWS\WSVBRS.exe
稰琕痜瑀:Trojan/PSW.GamePass.jqz
苯磞丁:2007-5-29 6:6:57
苯磞丁:2007-5-29 6:6:57
====================================================================================================
文件路径:C:\WINDOWS\system32\meex.com
ゅン隔畖:Trojan/PSW.GamePass.kxv
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:29:58
====================================================================================================
文件路径:C:\WINDOWS\system32\WSVBRS.dll
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:16
====================================================================================================
文件路径:C:\WINDOWS\system32\moyu102.dll
ゅン隔畖:Trojan/PSW.OnLineGames.bqf
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:16
====================================================================================================
文件路径:C:\WINDOWS\system32\mydata.exe
ゅン隔畖:TrojanDownloader.Adload.lp
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:16
====================================================================================================
文件路径:C:\WINDOWS\system32\nwizqjsj.exe
ゅン隔畖:Trojan/PSW.GamePass.jvb
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:16
====================================================================================================
文件路径:C:\WINDOWS\system32\nwizAsktao.exe
ゅン隔畖:Trojan/PSW.GamePass.kwr
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:16
====================================================================================================
文件路径:C:\WINDOWS\system32\mosou.exe
ゅン隔畖:Trojan/PSW.GamePass.jva
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:17
====================================================================================================
文件路径:C:\WINDOWS\system32\nwizAsktao.dll
ゅン隔畖:Trojan/PSW.GamePass.kuq
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:17
====================================================================================================
文件路径:C:\WINDOWS\system32\qozvem.dll
ゅン隔畖:Trojan/PSW.GamePass.klc
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:17
====================================================================================================
文件路径:C:\WINDOWS\system32\nwizwmsjs.dll
ゅン隔畖:Trojan/PSW.GamePass.kyn
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:30:17
====================================================================================================
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\upxdnd.dll
ゅン隔畖:Trojan/PSW.OnLineGames.azp
睲埃篈:祇瞷痜瑀
苯磞丁:2007-5-29 6:33:12
====================================================================================================

林达asd - 2007-5-29 6:49:00

并为查完。。自动关闭所有网站...
老大们。。。。
我哭的心都有了

林达asd - 2007-5-29 7:01:00

老大们啊！！！！！！！！！！！！！！！！！！！！！！
快快帮帮我吧。。
真要受不了了

林达asd - 2007-5-29 8:27:00

真的就没人帮助一下吗？？？

天月来了 - 2007-5-29 9:15:00

见17楼的。

这个不用了。

林达asd - 2007-5-29 9:16:00

终于有好心人了。。
天月老大。。
安全模式进不去。。。。
进安全模式就蓝屏死机

林达asd - 2007-5-29 9:17:00

并且无法显示隐藏文件。。
在system32里。并为找到病毒文件。。
估计是隐藏了。。

天月来了 - 2007-5-29 9:19:00

用WinRAR这个解压缩工具，可以看到所有隐藏文件。

至于安全模式进不了，就用SRENG修复安全模式。

或直接在现在系统中操作试试。

天月来了 - 2007-5-29 9:30:00

下载冰刃（1.2版本）改名运行，禁止进程创建，强行卸除下面进程

正在运行的进程
[PID: 1764][C:\WINDOWS\system32\epiaumj.exe] [N/A, ]
[PID: 2016][C:\WINDOWS\system32\pgijhph.exe] [N/A, ]

再强行卸除插入以下进程的模块。

进程：
[PID: 2008][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1708][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[PID: 384][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Documents and Settings\Administrator\桌面\SREng.scr] [Smallfrogs Studio, 2.4.12.806]

模块：
[C:\WINDOWS\system32\55.dll] [N/A, ]
[C:\WINDOWS\system32\WSVBRS.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]

用冰刃强行删除下面文件：

C:\WINDOWS\system32\epiaumj.exe
C:\WINDOWS\system32\pgijhph.exe
C:\WINDOWS\system32\55.dll
C:\WINDOWS\system32\WSVBRS.dll
C:\WINDOWS\system32\upxdnd.dll

用冰刃强行删除各磁盘根目录下的文件：
Autorun.inf
ipsaofj.exe
————————————————————————————————
取消冰刃的禁止进程创建，用扫日志的SRENG工具删除下面注册表项。

启动项目
注册表

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ipsaofj><C:\WINDOWS\system32\epiaumj.exe> []
<apqkqli><C:\WINDOWS\system32\pgijhph.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<WSVBRS><C:\WINDOWS\WSVBRS.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC5008D8-67D4-4CBE-86C3-A9BA4B4343D6}><C:\WINDOWS\system32\55.dll> []
————————————————————————————————
用WinRAR打开对应文件夹，删除下面文件，

C:\WINDOWS\system32\epiaumj.exe
C:\WINDOWS\system32\pgijhph.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WSVBRS.exe

——————————————————————————————————
重启电脑，再扫日志。

等下一步修复。

林达asd - 2007-5-29 9:31:00

用WinRAR打开了
只找到了C:\WINDOWS\system32\55.dll

sre无法修复安全模式
辛苦天月了

天月来了 - 2007-5-29 9:32:00

我又换了工具了，刚才只是应你的急。

呵呵！！！1

现在的才行呢。

做吧。

林达asd - 2007-5-29 9:33:00

哈。。辛苦月月啦。。
能问下冰刃哪下吗？
本来机器上都有。
一开始全无法运行。。
改名字也不好使。。
以为删了从新下会好。。谁知下都不让下了

天月来了 - 2007-5-29 9:36:00

你电信的吗？

开得了QQ吗？

我传你。

林达asd - 2007-5-29 9:43:00

网通的。。哈
不大吧？
可以开
qq:46227500

林达asd - 2007-5-29 9:48:00

月月。。可以了吗？
急急急

湘楚笨鸟 - 2007-5-29 9:58:00

我和楼主中一个类型的病毒，以下相同，但后面的.exe不同；
进不了安全模式，冰刃，SRENG，瑞星等统统用不了，昨晚时间太紧；没有偿试将冰刃的护展名改为.scr
用熊猫烧香专杀.com，杀时发现有病毒，自动退出

[D:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe
[E:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe
[F:\]
[AutoRun]
open=ipsaofj.exe
shell\open=打开(&O)
shell\open\Command=ipsaofj.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=ipsaofj.exe

湘m浪子 - 2007-5-29 9:58:00

好像中了威金,按照高手"天月来了"的方法搞定后,再下载威金专杀,全盘杀毒,用江民的威金专杀吧,好像要好点

zzh0830 - 2007-5-29 10:15:00

<upxdnd><C:\WINDOWS\upxdnd.exe这个是UPXDND木马进程吧。

林达asd - 2007-5-29 10:18:00

[CODE]

2007-05-29,10:04:30

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<AVP><"E:\卡巴\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒6.0个人版 / AVP][Stopped/Auto Start]
<E:\卡巴\avp.exe -r><Kaspersky Lab>
[C-DillaSrv / C-DillaSrv][Stopped/Disabled]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Stopped/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[AEAudio Service / AEAudioService][Stopped/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\CDANT.SYS><Macrovision>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[PCIMC-3D / NCADPT][Running/Manual Start]
<System32\Drivers\WHNC3D.SYS><Shanghai Weihong Technology Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SenFilt Service / SenFiltService][Stopped/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================

林达asd - 2007-5-29 10:18:00

浏览器加载项
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\PROGRA~1\360safe\safemon\safemon.dll, >
[江民在线杀毒]
{06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\卡巴\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\PROGRA~1\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
<D:\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 668][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 808][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1472][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNMLM75.DLL] [CANON INC., 1.90.2.20]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL] [CANON INC., 1.90.2.20]
[PID: 1656][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 0, 1003]
[C:\PROGRA~1\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.6551]
[PID: 1728][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[PID: 1740][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432][C:\WINDOWS\日志\日志.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849AF0)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849CD0)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849E30)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849BE0)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF5849DE0)

==================================
隐藏进程
N/A

==================================

[/CODE]

林达asd - 2007-5-29 10:19:00

浏览器加载项
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\PROGRA~1\360safe\safemon\safemon.dll, >
[江民在线杀毒]
{06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[Web反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\卡巴\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\PROGRA~1\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
<D:\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 668][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 808][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1472][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNMLM75.DLL] [CANON INC., 1.90.2.20]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL] [CANON INC., 1.90.2.20]
[PID: 1656][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\卡巴\scrchpg.dll] [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0102]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 0, 1003]
[C:\PROGRA~1\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.6551]
[PID: 1728][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[PID: 1740][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432][C:\WINDOWS\日志\日志.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849AF0)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849CD0)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849E30)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF5849BE0)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF5849DE0)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛