瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 系统中毒重装后,无法安装杀毒软件,且CPU占用率居高不下。请各位帮忙看一下扫描日志!
airkanon - 2010-10-11 21:30:00
如题,系统总感觉有问题,但因无法使用杀毒软件,不知道是否还残留病毒。请各位看一下扫描日志,能否指点其中有何问题。谢谢!

用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; CIBA; 360SE)

附件: SREngLOG.log
伴月清风 - 2010-10-11 21:47:00
这里下载费尔木马强力清除助手,点选“抑制文件再生”删除下面文件。
附件: 费 尔.rar(内附说明)(右键选择“目标另存为”下载)本链接不支持迅雷等下载工具下载

删除:
[C:\WINDOWS\system32\dbr00006.ocx]  [N/A, ]
[C:\WINDOWS\system32\dbr01005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr02006.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr03004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr05005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr06004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr07005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr08006.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr09004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr10004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr11004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr12005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr13005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr14005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr15005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr16002.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr17002.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr18002.ocx]  [N/A, ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
    <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe]
    <IFEO[360rp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe]
    <IFEO[360sd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe]
    <IFEO[360se.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe]
    <IFEO[360SoftMgrSvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe]
    <IFEO[360speedld.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\afwServ.exe]
    <IFEO[afwServ.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
    <IFEO[ast.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastUI.exe]
    <IFEO[AvastUI.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avfwsvc.exe]
    <IFEO[avfwsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe]
    <IFEO[avmailc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avshadow.exe]
    <IFEO[avshadow.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe]
    <IFEO[avwebgrd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
    <IFEO[bdagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwengine.exe]
    <IFEO[dwengine.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
    <IFEO[ekrn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FilMsg.exe]
    <IFEO[FilMsg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
    <IFEO[kmailmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe]
    <IFEO[kpfw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe]
    <IFEO[kpfwsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpopserver.exe]
    <IFEO[kpopserver.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe]
    <IFEO[krnl360svc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmgui.exe]
    <IFEO[ksmgui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksmsvc.exe]
    <IFEO[ksmsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe]
    <IFEO[kswebshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
    <IFEO[KVMonXP.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe]
    <IFEO[kwatch.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe]
    <IFEO[kwstray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe]
    <IFEO[kxedefend.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxesapp.exe]
    <IFEO[kxesapp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe]
    <IFEO[kxescore.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe]
    <IFEO[kxeserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe]
    <IFEO[kxetray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
    <IFEO[livesrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe]
    <IFEO[Mcagent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe]
    <IFEO[mcmscsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
    <IFEO[McNASvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe]
    <IFEO[Mcods.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
    <IFEO[McProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe]
    <IFEO[McSACore.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
    <IFEO[Mcshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
    <IFEO[mcsysmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
    <IFEO[mcvsshld.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
    <IFEO[MpfSrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe]
    <IFEO[MPMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe]
    <IFEO[MPSVC.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe]
    <IFEO[MPSVC1.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe]
    <IFEO[MPSVC2.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe]
    <IFEO[msksrver.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe]
    <IFEO[qutmserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
    <IFEO[rsnetsvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe]
    <IFEO[RsTray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe]
    <IFEO[ScanFrm.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
    <IFEO[sched.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe]
    <IFEO[seccenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe]
    <IFEO[SfCtlCom.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spideragent.exe]
    <IFEO[spideragent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SpIDerMl.exe]
    <IFEO[SpIDerMl.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe]
    <IFEO[spidernt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe]
    <IFEO[spiderui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe]
    <IFEO[TMBMSRV.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe]
    <IFEO[TmProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.exe]
    <IFEO[Twister.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe]
    <IFEO[UfSeAgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
    <IFEO[vsserv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe]
    <IFEO[zhudongfangyu.exe]><ntsd -d>  [N/A]

删完后重启
天月来了 - 2010-10-11 21:53:00
下面这个启动项目不认识,它是什么呢??
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <DOT1xSUPP><C:\\Program Files\\DigitalChina\\DigitalChinaSupplicant\\DigitalChinaSupplicant.exe>  []

这个启动项目应该是病毒吧??
启动项目
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{59DABD72-6A3F-47C0-90E6-23022B72D463}><C:\Documents and Settings\NetworkService\Application Data\Dk.sys>  []

下面的IFEO劫持项得清空才好
启动项目
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
    <IFEO[360hotfix.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe]
    <IFEO[360rp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -d>  [N/A]
........................
...........
.....


下面的服务,估计有点问题吧??
==================================
服务
[Windows Help System / WinHelp64][Stopped/Auto Start]
  <C:\WINDOWS\system32\WinHelp64.exe><Beijing Rising Information Technology Co., Ltd.>

驱动也有问题
==================================
驱动程序
[BaseTDI / BaseTDI][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>

这个需要删除
==================================
浏览器加载项
[IEFXZ]
  {6A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[IEFXZTool]
  {61F0024B-8278-4999-B7E6-2718426D9FE6} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[IEFXZ]
  {6A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IEfxz\iefxz.dll, >

这些就更不认识是什么了
==================================
正在运行的进程
    [C:\WINDOWS\system32\dbr00006.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr01005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr02006.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr03004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr05005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr06004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr07005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr08006.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr09004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr10004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr11004.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr12005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr13005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr14005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr15005.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr16002.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr17002.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dbr18002.ocx]  [N/A, ]
    [C:\WINDOWS\system32\dmutilio.dll]  [N/A, ]
    [C:\Program Files\Common Files\Tenparty.dat]  [N/A, ]
    [C:\Documents and Settings\Administrator\Application Data\Dk.sys]  [N/A, ]
    [C:\Program Files\DigitalChina\DigitalChinaSupplicant\amt.dll]  [N/A, ]
[PID: 3468 / SYSTEM][C:\WINDOWS\TEMP\77ce64a1.exe]  [, ]

进程中还看到这些文件不认识:
    [C:\WINDOWS\system32\MSCTFIEM.IME]  [, 1, 0, 0, 1]
[PID: 548 / SYSTEM][C:\WINDOWS\system32\slmdmsr.exe]  [ , 4.20.01]


日志显示,好象系统重要文件MSIMG32.dll已被病毒感染替换了:
    [C:\WINDOWS\system32\MSIMG32.dll]  [N/A, ]

日志中这个文件实在看不懂是什么:
    [C:\Windows\system32\msvvsock.dll]  [N/A, ]

日志显示你的系统Winsock 提供者那需要恢复原始Winsock才好

既然系统中毒重装后还是异常,得考虑是否使用其他盘被感染的文件,或局域网内其他中毒电脑继续影响你
airkanon - 2010-10-11 22:27:00
下面这个启动项目不认识,它是什么呢??
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <DOT1xSUPP><C:\\Program Files\\DigitalChina\\DigitalChinaSupplicant\\DigitalChinaSupplicant.exe>  []
这个启动项是我们学校上网专用软件。

非常感谢版主大人的帮忙!
1
查看完整版本: 系统中毒重装后,无法安装杀毒软件,且CPU占用率居高不下。请各位帮忙看一下扫描日志!
© 2000 - 2025 Rising Corp. Ltd.