广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 5088 个阅读者
 
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
tinisme
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[问题讨论] 求助 TROJAN.MAGANIA.OH 病毒
我的电脑中毒了

有个病毒名字:TROJAN.MAGANIA.OH

我用的是EWIDO下载下来的防毒软体

怎么杀也杀不掉= =

PO上我的SRELOG

如下

顺带一提.电脑有可能格式化后仍有病毒吗?

还有 像FOXY.BT.CB.这类的传输软体为何容易使电脑中毒?

烦请告知 感谢

复制程式

2007-10-19,23:47:15

System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional  (Build 2600) - 管理许可权用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、开机档案夹、服务等)
    流览器载入项
    正在运行的进程(包括进程模组资讯)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动专案
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
    <ezHelper><C:\Program Files\ezHelper\ezHelper.exe 300>  [N/A]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU">  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <AdobeUpdater><C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe>  [N/A]
    <DAEMON Tools><"C:\Documents and Settings\All Users\Favorites\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45">  [(Verified)Microsoft Windows XP Publisher]
    <NVRTCLK><C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe>  []
    <PathNvidiaTV><C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe>  [N/A]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <ClubBox><>  [N/A]
    <DiskMan32><C:\WINDOWS\dbpgoq.exe>  [N/A]
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <WinSysM><C:\WINDOWS\IGM.exe>  []
    <MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
    <GenProtect><C:\WINDOWS\GenProtect.exe>  []
    <NVDispDrv><C:\WINDOWS\NVDispDrv.exe>  []
    <MFMJ><C:\WINDOWS\System32\MFMJEXE.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><winforms.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C4B7477C-5A95-4415-B882-9AB33EE116E5}><C:\WINDOWS\hELp\529141B59150.DLL>  []
    <{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install>  [Microsoft Corporation]

==================================
开机档案夹
N/A

==================================
服务
[2E5F809D / 2E5F809D][Stopped/Auto Start]
  <C:\WINDOWS\System32\26D35C54.EXE -k><Microsoft Corporation>
[AA6AFD52 / AA6AFD52][Stopped/Auto Start]
  <C:\WINDOWS\System32\BCC1F729.EXE -k><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOTEPAD / NOTEPAD][Stopped/Auto Start]
  <C:\WINDOWS\NOTEPAD.com><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[winlogrt / winlogrt][Stopped/Auto Start]
  <C:\WINDOWS\winlogrt.bat><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance Adaptei / WmiApSiv][Stopped/Auto Start]
  <C:\WINDOWS\winlogon.exe><N/A>

==================================
驱动程式
[cdgfyhgbnhgfvfredcvfgtrtyhjuim / cdgfyhgbnhgfvfredcvfgtrtyhjuim][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[cvcbhyjhgbvgfredfrtgfvbgtyhgbhg / cvcbhyjhgbvgfredfrtgfvbgtyhgbhg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgtvbnhjuiokjhgtrfdcxswert / dfgtvbnhjuiokjhgtrfdcxswert][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgvbnhjuiklopoiuythgfvcdewsazxsdf / dfgvbnhjuiklopoiuythgfvcdewsazxsdf][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gjladtnbfhyipeqadgvxnmjkioygvg / gjladtnbfhyipeqadgvxnmjkioygvg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[jyhgtrfdewqazxscvbnmjhgtuy / jyhgtrfdewqazxscvbnmjhgtuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\D:\Line\npkcrypt.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <System32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[werch / werch][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[werdfcvbghnmjkloiuyuioplkjhgbnvfh / werdfcvbghnmjkloiuyuioplkjhgbnvfh][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[zxsdertygbvbnmjklopiuy / zxsdertygbvbnmjklopiuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>

==================================
流览器载入项
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Java Plug-in 1.6.0_01]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[参考资料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[收音机(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, N/A>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[DataStorage Class]
  {3AC7F64E-6154-47B0-82B5-764ED4077F77} <C:\WINDOWS\Downloaded Program Files\DataStore.dll, Unihub Limited>
[Java Plug-in 1.6.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[NeffyLauncherCtl Class]
  {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} <C:\WINDOWS\Downloaded Program Files\NeffyLauncher.dll, CDNetworks>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[DownloadManager讽秶啋璃]
  {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} <C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX, Akamai Technologies, Inc.>
[Foxy 下载]
  <res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜寻]
  <res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>
[汇出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 672 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1196 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1208 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1484 / tin][C:\WINDOWS\Installer\services.exe]  [N/A, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\DOCUME~1\tin\LOCALS~1\Temp\psxmo.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\EBPMON24.DLL]  [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1772 / tin][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. ([url]www.cmedia.com.tw[/url]), 1.44]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.8]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1892 / tin][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1944 / tin][C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 272 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 320 / tin][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 412 / tin][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE]  [SEIKO EPSON CORPORATION, 3.00]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1328 / tin][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1244 / tin][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3196 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3348 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3464 / tin][C:\Program Files\Foxy\Foxy.exe]  [Foxy, Inc., 1.9.3.0]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1296 / tin][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL]  [MEGAUPLOAD                                   , 5.0.0.226]
    [C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 852 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3932 / tin][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3972 / tin][C:\Documents and Settings\tin\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\tin\桌面\sreng2\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\Documents and Settings\tin\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)

==================================
Autorun.inf
[C:\]
[autorun]
shell\open=Open
shell\open\Command=C:\WINDOWS\help\529141B59150.EXE -s
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 744, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1484, C:\WINDOWS\INSTALLER\SERVICES.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 272, C:\WINDOWS\IGM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3196, C:\WINDOWS\IGM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3348, C:\WINDOWS\IGM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3464, C:\PROGRAM FILES\FOXY\FOXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 852, C:\WINDOWS\IGM.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================





献花 x0 回到顶端 [楼 主] From:台湾 | Posted:2007-10-20 01:49 |
upside 手机 葫芦墩家族
个人头像
个人文章 个人相簿 个人日记 个人地图
特殊贡献奖 社区建设奖 优秀管理员勋章
头衔:反病毒 反诈骗 反虐犬   反病毒 反诈骗 反虐犬  
版主
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

建议先安装 正式的防毒软来扫毒 如: 卡巴或NOD32
楼主所中之毒 相当多又复杂 一一手动删除 会花很多时间
还是以扫毒软体快又有效

FOXY.BT.CB.这类的传输软体为何容易使电脑中毒?
A:这是一直以来 网路上最大谣言之一
并不是这些软体容易中毒 而是你去下载来的东西 如:软体.影片
这些才是有可能会让使用者中毒
我仍然要说 我下载的量 相当大 甚么都有
还没遇过几只毒 这只是可能的来源之一
不过我看到你的毒 都是外来的流氓插件与U盘病毒
并非直接从网路下载所中之毒 别把所有问题 都推给 这些下载软体
他们只是一种软体传输介面软体 他们本身没有毒
会中毒 是你自己要去下载那些奇怪的档案


爸爸 你一路好走
献花 x0 回到顶端 [1 楼] From:台湾和信超媒体宽带网 | Posted:2007-10-20 02:38 |
tinisme
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

原来如此

如果这种情形

是否直接重灌会比较妥当?

毕竟我的C槽都没什么重要的资料

但是我怕会不断复发= =

因为这台电脑是我们全家人在用

像我这次出门1个礼拜回来

居然扫到1000多只毒<--都集中在C槽的系统档案

我个人是不太使用传输软体的

因为我开电脑除了上网就是玩魔兽跟星海= =

但我又无法禁止家人使用(毕竟用这些传输软体既免费又方便)

而卡巴我以前有用过

但是这台电脑有点年纪了

记忆体又只有512MB

开机实在相当慢...

而这个病毒扫到的位置又在记忆体上...

我也不太清楚重灌是否有效

我目前除了EWIDO的免费防毒软体之外

还有用趋势科技的 SYSTEM CLEANER

想顺便请问 SYSTEM CLEANER 这种简单的扫毒软体

是否在安全模式下才能发挥作用?

因为他LOG出来 都会显示一些病毒无法删除

或是大大可以推荐我ㄧ个比较不占系统资源的防毒软体吗?

非常感谢 表情


献花 x0 回到顶端 [2 楼] From:台湾中华HiNet | Posted:2007-10-20 04:01 |
彗星风采 手机
个人头像
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x24
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用tinisme于2007-10-20 04:01发表的 :
原来如此

如果这种情形

是否直接重灌会比较妥当?
.......
中这种U盘病毒重灌是没有用的..而且一般针对楼主您这种情形的专杀工具也解决不了您的问题..个人是建议楼主您可先参考置顶文章线上扫毒总汇以多家扫毒交叉扫描笔对看看..如果有病毒重生或杀不掉的问题..请将中毒路径及扫描报告贴上来..再配合SREng的Log应该就可以解决您的问题了..


献花 x0 回到顶端 [3 楼] From:台湾中华电信HINET | Posted:2007-10-20 05:08 |
tinisme
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

我把整台电脑格式化了

我也去网路抓了一些专杀U盘病毒的程式来用

目前应该没有问题了@@

感谢你们的回覆


献花 x0 回到顶端 [4 楼] From:台湾中华HiNet | Posted:2007-10-25 04:49 |

首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.058598 second(s),query:16 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言