瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 杀掉“帕虫”后为什么卡巴装不上了?

12   2  /  2  页   跳转

杀掉“帕虫”后为什么卡巴装不上了?

收藏
香烟醉了
头像
健康舞勺狮
  • 帖子:205
  • 注册: 2006-08-17
  • 来自:
发表于: 2007-08-23 22:55 | 只看楼主 短消息 资料
字号: 11楼

[PID: 1684 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Alwil Software\Avast4\English\Lang.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\English\langmai.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 1029, 0]
[PID: 1288 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 1029, 0]
[PID: 3484 / mml][C:\Program Files\Tencent\QQ\QZone\Qzone.exe]  [腾讯公司, 1, 8, 102, 15]
    [C:\Program Files\Tencent\QQ\QZone\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\Program Files\NetMeeting\ravmymon.dat]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
gototop
 
香烟醉了
头像
健康舞勺狮
  • 帖子:205
  • 注册: 2006-08-17
  • 来自:
发表于: 2007-08-23 22:56 | 只看楼主 短消息 资料
字号: 12楼

[PID: 3576 / mml][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\Program Files\NetMeeting\ravmymon.dat]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\xk1s1.dll]  [N/A, ]
[PID: 2920 / mml][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\Program Files\NetMeeting\ravmymon.dat]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xk1s1.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 3744 / mml][D:\标标\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\wsepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\NetMeeting\ravzxmon.dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\Program Files\NetMeeting\ravmymon.dat]  [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 1029, 0]
    [C:\WINDOWS\System32\mxaman.dll]  [N/A, ]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzhpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinFormA5.dll]  [N/A, ]
    [C:\WINDOWS\System32\ztmpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\xk1s1.dll]  [N/A, ]
    [D:\标标\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
香烟醉了
头像
健康舞勺狮
  • 帖子:205
  • 注册: 2006-08-17
  • 来自:
发表于: 2007-08-23 22:57 | 只看楼主 短消息 资料
字号: 13楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1728, C:\WINDOWS\IG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1844, C:\WINDOWS\SYSTEM32\INTERNAT.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\System32\TIMHost.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\System32\TIMHost.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
不堪回首
头像
自信弱冠狮
  • 帖子:274
  • 注册: 2003-12-03
  • 来自:
发表于: 2007-08-23 23:04 | 短消息 资料
字号: 14楼

看得头晕,先看看版主的置顶帖吧
gototop
 
香烟醉了
头像
健康舞勺狮
  • 帖子:205
  • 注册: 2006-08-17
  • 来自:
发表于: 2007-08-23 23:11 | 只看楼主 短消息 资料
字号: 15楼

我是先看过顶置贴后弄了没弄彻底才听网友的说发了日志上来的啊。
gototop
 
骄傲的蓝
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-08-23
  • 来自:
发表于: 2007-08-23 23:58 | 短消息 资料
字号: 16楼

如果没有重要的东西,是一下金山的雨过天晴系统
gototop
 
wbxhs
头像
特邀体验者
  • 帖子:736
  • 注册: 2007-02-13
  • 来自:加勒比海
发表于: 2007-08-24 09:21 | 短消息 资料
字号: 17楼

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<asgfdjs2><C:\WINDOWS\System32\vbsdaas2.exe> []
<iefyfoi><; C:\Program Files\Common Files\System\whqlijh.exe> [N/A]
<pytqewo><; C:\Program Files\Common Files\Microsoft Shared\cclaynh.exe> [N/A]
<RAVDHMON><C:\Program Files\Internet Explorer\RAVDHMON.exe> []
<RAVWLMON><C:\Program Files\Internet Explorer\RAVWLMON.exe> []
<RAVMYMON><C:\Program Files\NetMeeting\ravmymon.exe> []
<WinSys><C:\WINDOWS\IG.exe> []
<KVP><C:\WINDOWS\System32\drivers\svchost.exe> []
<RAVWDMON><C:\Program Files\Internet Explorer\RAVWDMON.exe> []
<RAVZXMON><C:\Program Files\NetMeeting\ravzxmon.exe> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><ztmpri.dll> []---------后面改成空值
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A12BC423-3713-224D-3F55-32B35C62B11A}><C:\WINDOWS\System32\WinFormA5.dll> []
<{1231A43A-1642-641A-64FD-146ADAB223B1}><C:\WINDOWS\System32\mxaman.dll> []
<{859AFD5B-159F-ACD8-954C-ACD545FA6588}><C:\WINDOWS\System32\jzhpri.dll> []
<{5FFAB213-ABCF-F421-FBA1-3FA352343215}><C:\WINDOWS\System32\wsepri.dll> []
<{D1351752-5628-1547-FFAB-BADC13512AFD}><C:\WINDOWS\System32\ztmpri.dll> []
<{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}><C:\WINDOWS\System32\xk1s0.dll> []
服务
[cn / cn][Stopped/Auto Start]
<C:\WINDOWS\windiwsexe><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
驱动
[acpidisk / acpidisk][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\npkycryp.sys><N/A>
[w75kp0g / w75kp0g6][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\w75kp0g6.sys><N/A>
[xy2ow24 / xy2ow24][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\xy2ow24.sys><N/A>
相关文件
[C:\WINDOWS\System32\ztmpri.dll] [N/A, ]
[C:\WINDOWS\System32\WinFormA5.dll] [N/A, ]
[C:\WINDOWS\System32\mxaman.dll] [N/A, ]
[C:\WINDOWS\System32\jzhpri.dll] [N/A, ]
[C:\WINDOWS\System32\wsepri.dll] [N/A, ]
[C:\WINDOWS\System32\xk1s0.dll] [N/A, ]
[C:\WINDOWS\system32\k0dwb46k3z.dll] [N/A, ]
[C:\Program Files\NetMeeting\ravmymon.dat] [N/A, ]
[C:\Program Files\Internet Explorer\RAVWLMON.DAT] [N/A, ]
[C:\WINDOWS\System32\xk1s1.dll] [N/A, ]
[C:\Program Files\Internet Explorer\RAVWDMON.DAT] [N/A, ]
[C:\Program Files\NetMeeting\ravzxmon.dat] [N/A, ]
[C:\WINDOWS\System32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\wsepri.dll] [N/A, ]
[PID: 1728 / mml][C:\WINDOWS\IG.exe] [N/A, ]
[C:\WINDOWS\System32\mxaman.dll] [N/A, ]
[C:\WINDOWS\System32\WinFormA5.dll] [N/A, ]

修复文件关联!
gototop
 
ripl
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2007-03-21
  • 来自:
发表于: 2007-08-24 11:14 | 短消息 资料
字号: 18楼

怎就一“马棚”了得?

帕虫,不光自身是病毒,还是一木马下载器,光杀了马夫,留下的马儿可也得清干净啊……
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT