最近更新的BLOG列表
最新更新的文章列表
wdfngr木马乎?病毒乎?
2007-12-19 23:54:27.0
昨天电脑中标
晚上查杀了400个病毒,显示只是一种,阿拉QQ大盗,感染了所有可执行文件
下了专杀后,提示已解决
但是机子仍然很慢,任务管理器察看进程,发现了wdfngr占用CPU99%
结束进程,进入c:\windows\system删除相关文件
重启后再次发现了进程
打开冰刃,结束进程,上网来求教!
PS:局域网内另有一台机子好像也中标,开了卡巴后,可执行文件无一幸免,全被删除!!!
[ 本帖最后由 dhwjzh 于 2007-6-6 16:19 编辑 ]
下载执行System Repair Engineer (SREng)
按「智能扫描」,再按「扫描」
最后,按「保存报告」,保存到桌面
将 SREngLOG.log 中内容完整的复制粘贴上来,不要做任何修改。
如出现无法运行,请重命名或修改扩展名,如xic.exe/xic.com/xic.bat/xic.scr等
晚上查杀了400个病毒,显示只是一种,阿拉QQ大盗,感染了所有可执行文件
下了专杀后,提示已解决
但是机子仍然很慢,任务管理器察看进程,发现了wdfngr占用CPU99%
结束进程,进入c:\windows\system删除相关文件
重启后再次发现了进程
打开冰刃,结束进程,上网来求教!
PS:局域网内另有一台机子好像也中标,开了卡巴后,可执行文件无一幸免,全被删除!!!
[ 本帖最后由 dhwjzh 于 2007-6-6 16:19 编辑 ]
下载执行System Repair Engineer (SREng)
按「智能扫描」,再按「扫描」
最后,按「保存报告」,保存到桌面
将 SREngLOG.log 中内容完整的复制粘贴上来,不要做任何修改。
如出现无法运行,请重命名或修改扩展名,如xic.exe/xic.com/xic.bat/xic.scr等
复制内容到剪贴板
关闭系统还原:在「我的电脑」上按右键,选择「属性」
进入「系统还原」,勾选「在所有驱动器上关闭系统还原」,按下「应用」,出现提示对话框时按「是」(病毒清理后请自己决定是否打开系统还原)
清理临时文件夹:点此下载ATF Cleaner
执行后,勾选「全选」,按下「立刻清理」
根据SREng扫描日志请按照如下步骤,尝试删除和修复
1.建议使用XDelBox删除以下文件:(XDelBox下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3忽略即可)
c:\windows\system32\drivers\pnpwmkdrv.sys
2.删除重启后使用SREng修复下面各项:
启动项目 -- 服务-- 驱动程序之如下项删除:
[PnpWmkDrv / PnpWmkDrv] <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys>
系统恢复--文件关联--修复
最后下载windows清理助手清理恶意软件以及自身杀软升级至最新,进行全盘杀毒
http://www.arswp.com/download/arswp/arswp.rar
[ 本帖最后由 风源使者 于 2007-6-6 15:40 编辑 ]
谢谢风源!
问题已解决了
清理了6个木马和一个未知风险
只是那个文件不存在
[ 本帖最后由 dhwjzh 于 2007-6-6 16:39 编辑 ]
标签:
证券/理财 股票 收盘 点评 空方 多方 下跌 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
相关文章:
代码:
2007-06-06,15:15:13
System Repair Engineer 2.4.12.806
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QT4StBtn><C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE> [Dritek System Inc.]
<KVMON><"C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp"> [Jiangmin Co.Ltd]
<BluetoothAuthenticationAgent><; rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent> [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)]
<UIHost><logonui.exe> [(Verified)]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Stopped/Disabled]
<C:\Program Files\JiangMin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Stopped/Disabled]
<"C:\Program Files\JiangMin\AntiVirus\KVWSC.exe"><Jiangmin Co.,Ltd>
==================================
驱动程序
[a347bus / a347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
<\SystemRoot\System32\Drivers\a347scsi.sys><>
[ALi Audio Accelerator WDM driver / aliadwdm][Running/Manual Start]
<system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[KAnalyser / KAnalyser][Stopped/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KANALY~1.SYS><Jiangmin Co.,Ltd.>
[Dritek HotKey Keyboard Filter Driver / KBFiltr][Running/Manual Start]
<System32\Drivers\KBFiltr.sys><Dritek System Inc.>
[KPGuard / KPGuard][Running/System Start]
<\??\C:\Program Files\JiangMin\AntiVirus\KPGuard.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall / KSysCall][Running/System Start]
<\??\C:\Program Files\JiangMin\Common\KSysCall.sys><Jiangmin Co., Ltd.>
[KSysFilter / KSysFilter][Running/Boot Start]
<\SystemRoot\System32\Drivers\KSysFilt.sys><Jiangmin Co. Ltd.>
[KSysMon / KSysMon][Running/System Start]
<\??\C:\PROGRA~1\JiangMin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Stopped/Manual Start]
<\??\C:\Program Files\JiangMin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KVRedir / KVRedir][Running/System Start]
<\??\C:\Program Files\JiangMin\AntiVirus\KVREDIR.SYS><Jiangmin Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[PnpWmkDrv / PnpWmkDrv][Stopped/System Start]
<\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Stopped/Disabled]
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Disabled]
<\??\C:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
==================================
浏览器加载项
[Thunder Browser Helper]
{54EBD539-9BC1-480B-966A-843A333CA162} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <, N/A>
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Thunder Browser Helper]
{54EBD539-9BC1-480B-966A-843A333CA162} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <, N/A>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 480][C:\PROGRA~1\SwiftBtn\SwiftBtn.EXE] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\SzUPFUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\OSDUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\RgnMaker.dll] [Dritek System Inc., 12.07.1999 ( VC60 )]
[C:\PROGRA~1\SwiftBtn\CDRomUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\MixerUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\ComFnUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\LgKCUtl.dll] [Dritek System Inc., 1.00]
[C:\PROGRA~1\SwiftBtn\TkBarUtl.dll] [Dritek System Inc., 1.00]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\JiangMin\AntiVirus\KVMonXP.kxp] [Jiangmin Co.Ltd, 1, 0, 7, 516]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\JiangMin\AntiVirus\lang\kvmonxp0804.lng] [N/A, ]
[C:\Program Files\JiangMin\Kernel\EngFace.dll] [Jiangmin Co., Ltd., 2, 0, 7, 412]
[C:\Program Files\JiangMin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 6, 1201]
[C:\Program Files\JiangMin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[C:\Program Files\JiangMin\AntiVirus\KvInterpreter.dll] [Jiangmin Co., Ltd., 10, 0, 7, 417]
[C:\Program Files\JiangMin\AntiVirus\VirusUpload.dll] [, 2, 1, 7, 521]
[C:\Program Files\JiangMin\antivirus\TrojDie.dll] [Jiangmin Co.Ltd, 10, 0, 6, 1222]
[C:\Program Files\JiangMin\AntiVirus\KVFileMon.dll] [Jiangmin Co.Ltd, 1, 0, 7, 411]
[C:\Program Files\JiangMin\AntiVirus\KVNotifyUI.dll] [Jiangmin Co.Ltd, 1.0.6.802]
[C:\Program Files\JiangMin\AntiVirus\lang\KVNotifyUI0804.lng] [N/A, ]
[C:\Program Files\JiangMin\AntiVirus\KVMon.dll] [Jiangmin Co., Ltd., 1, 0, 6, 1123]
[C:\Program Files\JiangMin\AntiVirus\lang\KVMon0804.lng] [Jiangmin Co., Ltd., 1, 0, 6, 1019]
[C:\Program Files\JiangMin\AntiVirus\KVNetMon.dll] [Jiangmin Co.Ltd, 1, 0, 6, 1107]
[C:\Program Files\JiangMin\AntiVirus\KvGuardJsMenu.dll] [Jiangmin Co Ltd, 10, 0, 0, 831]
[C:\Program Files\JiangMin\antivirus\KRegEx.dll] [Jiangmin Co. Ltd., 10, 0, 6, 1214]
[C:\Program Files\JiangMin\AntiVirus\lang\TrojDie0804.lng] [, 10, 0, 6, 1221]
[C:\Program Files\JiangMin\antivirus\KRegExMain.dll] [Jiangmin Co.Ltd, 10, 0, 6, 1103]
[C:\Program Files\JiangMin\common\ComUIPS.dll] [Jiangmin Co.Ltd, 1.0.0.808]
[C:\Program Files\JiangMin\AntiVirus\Kvwshm.dll] [Jiangmin Co., Ltd., 10, 0, 6, 724]
[C:\Program Files\JiangMin\AntiVirus\PrivateMon.dll] [Jiangmin Co.Ltd, 1, 0, 0, 909]
[C:\Program Files\JiangMin\common\KvTxd.dll] [Jiangmin Co., Ltd., 10.0.6.1106]
[PID: 296][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1388][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\DllHost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\JiangMin\common\ComUI.dll] [Jiangmin Co,.Ltd, 1, 0, 7, 112]
[C:\Program Files\JiangMin\common\ComUIPS.dll] [Jiangmin Co.Ltd, 1.0.0.808]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\JiangMin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 6, 1201]
[C:\Program Files\JiangMin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[PID: 1804][D:\Program Files\Tencent\QQ\TMDlls\TM.exe] [腾讯公司, 0, 0, 0, 0]
[D:\Program Files\Tencent\QQ\TMDlls\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[D:\Program Files\Tencent\QQ\TMDlls\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\Program Files\Tencent\QQ\TMDlls\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\BaseUIClass.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\BaseCtrlClass.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQ\TMDlls\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Tencent\QQ\TMDlls\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[D:\Program Files\Tencent\QQ\TMDlls\RICHED20.DLL] [Jiangmin Co Ltd, 10, 0, 0, 831]
[D:\Program Files\Tencent\QQ\TMDlls\riched20_.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\Tencent\QQ\TMDlls\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ\TMDlls\QQAPI.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQRes.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\TMDlls\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[D:\Program Files\Tencent\QQ\TMDlls\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\Program Files\Tencent\QQ\TMDlls\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\WizardCtrl.dll] [Tencent, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQMainFrame.dll] [TENCENT, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\CQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\TMDlls\NewSkin.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\MailSummary.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\FrameBar.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\CameraDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\UserRelationWeight.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[D:\Program Files\Tencent\QQ\TMDlls\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\InstantSession.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\MiscCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQSpace.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ\TMDlls\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 0, 3, 0, 44]
[D:\Program Files\Tencent\QQ\TMDlls\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\Program Files\Tencent\QQ\TMDlls\CustomFace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQ\TMDlls\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[PID: 1132][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\JiangMin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 1, 0, 7, 319]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\JiangMin\AntiVirus\lang\kvxp0804.lng] [N/A, ]
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll] [Alcohol Soft Development Team, 1.4.7.1024]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1800][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 6, 1, 50]
[C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\Program Files\Maxthon\Plugin\FloatBar\FloatBar.dll] [, 1, 8, 0, 0]
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1128][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.8134]
[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.6568]
[C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2014]
[C:\Program Files\JiangMin\AntiVirus\KVOffice.dll] [Jiangmin Co., Ltd., 10, 0, 7, 331]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\JiangMin\AntiVirus\lang\KVOffice0804.lng] [N/A, ]
[C:\Program Files\JiangMin\Kernel\EngFace.dll] [Jiangmin Co., Ltd., 2, 0, 7, 412]
[C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL] [Microsoft Corporation, 1.02]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINDOWS\system32\VB6CHS.DLL] [Microsoft Corporation, 6.00.8988]
[C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL] [Microsoft Corporation, 1.1.6215]
[C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3EN.DLL] [Microsoft Corporation, 3.1.2303]
[C:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216]
[C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3SC.DLL] [Microsoft Corporation, 3.0.1708.0]
[C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
[C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\INTLNAME.DLL] [Microsoft Corporation, 11.0.6467]
[C:\Program Files\Common Files\Microsoft Shared\Smart Tag\CHDATEST.DLL] [Microsoft Corporation, 2.00]
[C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL] [Microsoft Corporation, 11.0.5510]
[C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\2052\stintl.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 5, 60, 2209, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 0, 909, 0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 2827, 1]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9972]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[PID: 1944][E:\soft\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================关闭系统还原:在「我的电脑」上按右键,选择「属性」
进入「系统还原」,勾选「在所有驱动器上关闭系统还原」,按下「应用」,出现提示对话框时按「是」(病毒清理后请自己决定是否打开系统还原)
清理临时文件夹:点此下载ATF Cleaner
执行后,勾选「全选」,按下「立刻清理」
根据SREng扫描日志请按照如下步骤,尝试删除和修复
1.建议使用XDelBox删除以下文件:(XDelBox下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3忽略即可)
c:\windows\system32\drivers\pnpwmkdrv.sys
2.删除重启后使用SREng修复下面各项:
启动项目 -- 服务-- 驱动程序之如下项删除:
[PnpWmkDrv / PnpWmkDrv] <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys>
系统恢复--文件关联--修复
最后下载windows清理助手清理恶意软件以及自身杀软升级至最新,进行全盘杀毒
http://www.arswp.com/download/arswp/arswp.rar
[ 本帖最后由 风源使者 于 2007-6-6 15:40 编辑 ]
谢谢风源!
问题已解决了
清理了6个木马和一个未知风险
只是那个文件不存在
[ 本帖最后由 dhwjzh 于 2007-6-6 16:39 编辑 ]
标签:
证券/理财 股票 收盘 点评 空方 多方 下跌 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
相关文章:
- Foxit PDF Reader 2.0 Build 0602 河源下载站单文件汉化绿色版
- UltraExplorer V1.4.4_英文绿色免费版 具有资源管理器所有功能的文件管理器
- 百目(BaiMu)RSS阅读器v1.1绿色特别版
- 鼠标打字 ·免费版·高级版ⅲ V2.2
- [05
- 雄风万能数码输入法 2006 Build 0218
- [转帖]QQ2005正式 狂人DIY版 Ver20060106
- 万能文件查看器v1.0绿色版
- Gidot TypeSetter V3.0p_简体中文绿色免费版 文章自动排版软件、适合采集员
- [求助] DVD摄像机的视频播放问题
- [求助] 哪位能传个Win2003下的net.exe文件?
- [求助] 开机自检(可我明明按正常动作关机)
- 【08月15日】黑鹰红客基地每日软件更新
- 操作系统全集
- [分享]Windows XP Embedded SP2 官方下载地址
- [分享]正版游戏CDKEY大全
- [下载](06、2、6)论坛好软及时更新
- [分享] NOD32最新可用免费升级服务器(速度和U3差不多)
- [求助] 金山毒霸漏洞修复下载的补丁存放位置
- [求助] 求个免费发手机短信的软件
文章评论
[以下网友留言只代表其个人观点,不代表中华网的观点或立场]