急!!!超级无敌猛毒内有日志大家帮帮忙吧~~ 哭泣中.. - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛急!!!超级无敌猛毒内有日志大家帮帮忙吧~~ 哭泣中..

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

急!!!超级无敌猛毒内有日志大家帮帮忙吧~~ 哭泣中..

中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:	发表于： 2007-05-15 14:37 \| 只看楼主短消息资料字号：小中大 1楼急!!!超级无敌猛毒内有日志大家帮帮忙吧~~ 哭泣中.. 症状是: 自动关闭毒或金山等字样窗口收藏夹里的杀毒网站没有了搜索页出现马上关闭不能进入安全模式不能启动杀毒软件不能系统还原. [复制到剪贴板] CODE: 2007-05-15,14:06:17 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.] <Thunder><"D:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [] <High Definition Audio Property Page Shortcut><; HDAShCut.exe> [(Verified)Microsoft Windows Publisher] <RTHDCPL><RTHDCPL.EXE> [Realtek Semiconductor Corp.] <SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <AlcWzrd><; ALCWZRD.EXE> [RealTek Semicoductor Corp.] <Alcmtr><; ALCMTR.EXE> [Realtek Semiconductor Corp.] <StormCodec_Helper><; "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <SysHotKey_DFDD><C:\Program Files\Common Files\!SUNV\GraspWord\sgwKey.exe> [] <DeskNote_DFDD><D:\Program Files\!Sunv\EasyDict\DeskNote\DeskNote.exe> [] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <caprica><; "C:\Program Files\Caprica\spoolsx.exe"> [N/A] <thjjijd><C:\Program Files\MSN Gaming Zone\thjjijd.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{08B84010-4010-8B88-108B-010B80108B88}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\40108B88.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher] ================================== 启动文件夹 [TabUserW.exe] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\TabUserW.exe.lnk --> C:\WINDOWS\system32\WTablet\TabUserW.exe [Wacom Technology, Corp.]><H> ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart][Stopped/Auto Start] <C:\WINDOWS\system32\ati2sgag.exe><> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [IEAgent service / IEAgent][Stopped/Auto Start] <"C:\WINDOWS\system32\ieagent.exe"><> [ms win avp / MSWAVP][Running/Auto Start] <C:\WINDOWS\system32\mswavp.exe><N/A> [Rising Process Communication Center / RsCCenter][Stopped/Disabled] <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Disabled] <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [TabletService / TabletService][Running/Auto Start] <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.> [Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start] <C:\Program Files\Windows Media Connect 2\wmccds.exe><N/A> [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation> [Fax Client / ms_fax][Running/Auto Start] <C:\WINDOWS\system32\87ed.exe><N/A> ================================== 驱动程序 [acpidisk / acpidisk][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A> [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [avvjvd6 / avvjvd66][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\avvjvd66.sys><N/A> [BaseTDI / BaseTDI][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start] <system32\DRIVERS\e100b325.sys><Intel Corporation> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A> [ExpScaner / ExpScaner][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\ExpScan.sys><> [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start] <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider> [HookCont / HookCont][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising> [MEMSCAN / MEMSCAN][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司> [npkcrypt / npkcrypt][Running/Auto Start] <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [omzhav5 / omzhav52][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\omzhav52.sys><N/A> [Motorola USB Device / P2k][Stopped/Manual Start] <system32\DRIVERS\P2k.sys><Motorola Inc> [Pen Class / PenClass][Running/Boot Start] <\SystemRoot\system32\Drivers\PenClass.sys><Wacom Technology Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [qgaedz8 / qgaedz83][Running/Boot Start] <\SystemRoot\System32\DRIVERS\qgaedz83.sys><Microsoft Corporation> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Stopped/Disabled] <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [rzofilenh / rzofilenh][Running/System Start] <system32\drivers\rzofilenh.sys><Microsoft Corporation> [rzoregnh / rzoregnh][Running/System Start] <system32\drivers\rzoregnh.sys><Windows System Internal> [Secdrv / Secdrv][Running/Auto Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [wljuxj9 / wljuxj98][Running/Boot Start] <\SystemRoot\System32\DRIVERS\wljuxj98.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start] <system32\DRIVERS\WudfPf.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] <system32\DRIVERS\wudfrd.sys><Microsoft Corporation> [xouefz4 / xouefz44][Running/Boot Start] <\SystemRoot\System32\DRIVERS\xouefz44.sys><N/A> ================================== 浏览器加载项 [Abho Class] {1238F6B9-C123-4049-B07E-7A71AF320032} <C:\WINDOWS\system32\d87.dll, TODO: <公司名>> [Info cache] {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司> [CAid Class] {4CDA48CF-B17E-4E1E-8F84-98ACA7ED9F6D} <C:\WINDOWS\system32\astream.dll, TODO: <公司名>> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation> [163Uploader Control] {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司> [BitCometBar] {3F1ABCDB-A875-46C1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll, N/A> [CAid Class] {4CDA48CF-B17E-4E1E-8F84-98ACA7ED9F6D} <C:\WINDOWS\system32\astream.dll, TODO: <公司名>> ================================== 正在运行的进程 [PID: 592][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 640][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1976][C:\Documents and Settings\听\桌面\检测工具System Repair Engineer V2.4.12.80\SREng.exe.EXE] [Smallfrogs Studio, 2.4.12.806] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [D:\] [AutoRun] open=40108B88.exe shell\open=打开(&O) shell\open\Command=40108B88.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=40108B88.exe [E:\] [AutoRun] open=40108B88.exe shell\open=打开(&O) shell\open\Command=40108B88.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=40108B88.exe [F:\] [AutoRun] open=40108B88.exe shell\open=打开(&O) shell\open\Command=40108B88.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=40108B88.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK 入口点错误：FreeLibrary (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x5F00002D) ================================== 隐藏进程 N/A ================================== 2007-05-15 17:10:28
中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:	分享到：

熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:	发表于： 2007-05-15 14:42 \| 短消息资料字号：小中大 2楼这病毒好治,将SYSTEM32下的这个月创建的EXE文件压缩发给我,我给你分析!heike_8119@163.com
熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:

中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:	发表于： 2007-05-15 14:45 \| 只看楼主短消息资料字号：小中大 3楼 T T 我是电脑盲的么... 不是具体的一种病毒吗?
中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:

熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:	发表于： 2007-05-15 14:52 \| 短消息资料字号：小中大 4楼你先发过来,我才能治啊,我会给你邮件回复祥细操作啊! c:\windows\system32\..exe(2007年5月以后的)
熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:

饭后点心初生襁褓狮帖子:380 注册: 2006-11-14 来自:	发表于： 2007-05-15 14:53 \| 短消息资料字号：小中大 5楼运行SRENG 在注册表里删除: <{08B84010-4010-8B88-108B-010B80108B88}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\40108B88.dll> [] 在服务中删除: [IEAgent service / IEAgent][Stopped/Auto Start] <"C:\WINDOWS\system32\ieagent.exe"><> [ms win avp / MSWAVP][Running/Auto Start] <C:\WINDOWS\system32\mswavp.exe><N/A> [TabletService / TabletService][Running/Auto Start] <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.> [Fax Client / ms_fax][Running/Auto Start] <C:\WINDOWS\system32\87ed.exe><N/A> <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation> 在驱动中删除: [avvjvd6 / avvjvd66][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\avvjvd66.sys><N/A> [omzhav5 / omzhav52][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\omzhav52.sys><N/A> [wljuxj9 / wljuxj98][Running/Boot Start] <\SystemRoot\System32\DRIVERS\wljuxj98.sys><Microsoft Corporation>(这个不确定) <system32\DRIVERS\WudfPf.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] <system32\DRIVERS\wudfrd.sys><Microsoft Corporation> [xouefz4 / xouefz44][Running/Boot Start] <\SystemRoot\System32\DRIVERS\xouefz44.sys><N/A> 右键打开每个盘符,不能双击,删除里面的Autorun.inf 和40108B88.exe 在删除上面对应的文件有的文件可能是隐藏且手系统保护的,都显示出来再删.有的可能不能删,用IS或者UNLOCKER强制删除忘记说再清理下流氓软件什么的.
饭后点心初生襁褓狮帖子:380 注册: 2006-11-14 来自:

流星陨落初生襁褓狮帖子:1 注册: 2008-04-17 来自:	发表于： 2007-05-15 14:57 \| 短消息资料字号：小中大 6楼 C:\Program Files\Caprica\spoolsx.exe C:\WINDOWS\system32\mswavp.exe（我今早截获了这个样本，估计瑞星明天能杀） C:\WINDOWS\system32\87ed.exe 还有，把每个盘的Autorun.inf文件删除
流星陨落初生襁褓狮帖子:1 注册: 2008-04-17 来自:

中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:	发表于： 2007-05-15 15:08 \| 只看楼主短消息资料字号：小中大 7楼 T T 楼上几位人真好感动ing~ 我先杀去了一会有什么情况再和大家汇报 T T 超级感动的~~~
中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:

中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:	发表于： 2007-05-15 16:20 \| 只看楼主短消息资料字号：小中大 8楼在SERNG里面删那些都删不掉. 有些文件删除了会自动回来.
中毒中毒又中毒初生襁褓狮帖子:7 注册: 2007-05-15 来自:

熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:	发表于： 2007-05-15 16:38 \| 短消息资料字号：小中大 9楼说发先发过来,你不要随便就操作了!兄弟
熊猫烧香王初生襁褓狮帖子:136 注册: 2007-04-30 来自:

天月来了版主帖子:76904 注册: 2007-02-06 来自:	发表于： 2007-05-15 16:44 \| 短消息资料字号：小中大 10楼如果不强行搞掉插入进程中的东西，定然不行了。 http://forum.ikaka.com/topic.asp?board=28&artid=8310293 看看吧。类似的方法处理吧。
天月来了版主帖子:76904 注册: 2007-02-06 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT