vhqq.dll
一台趋势企业版服务器,自动报警有病毒,仔细一看病毒位置是在c:\winnt\system32\vhqq.dll直接用趋势杀,杀不掉。然后我想手动去杀。就到文件夹里去找,但是没有找到,我以为是因为他是隐藏文件,就到文件夹属性里面去设置显示隐藏文件,但是根本没有效果,原来是注册表被篡改了,然后我把注册表改回来,能够显示隐藏文件了,但是还是找不到那个vhqq.dll。救命啊~~ 又弹出来好多病毒。搜了下网页。确定就是机器狗变种了 360机械狗专杀[url]http://360.qihoo.com/4005462/3086143.html[/url]
如果不行
下载 System Repair Engineer ,并储存到桌面
[url]http://depressedboy.uubox.net/self.u/safe/sreng2.zip/[/url]
解压并执行SREng.exe
按 Smart Scan, 确认已选取所有项目 ,按 Scan
扫瞄需要几分钟,请等候...
最後,按 Save Reports ----> 储存到桌面
贴上报告 [code]2008-03-07,16:49:52
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<ctfmon.exe><C:\WINNT\system32\ctfmon.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [(Verified)"Trend Micro, Inc."]
<360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
<IFEO[360Loader.exe]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
<IFEO[IceSword]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe]
<IFEO[kmailmon.exe]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
<IFEO[ras]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
<IFEO[runiep]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
<IFEO[taskmgr.exe]><svchost.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINNT\system32\interne.exe><1>
[OfficeScan NT RealTime Scan / ntrtscan][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[OfficeScan Master Service / ofcservice][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe"><Trend Micro Inc.>
[OfficeScan Control Manager Agent / OfficeScanCMAgent][Stopped/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe"><Trend Micro Inc.>
[OfficeScan NT Listener / tmlisten][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>
[OfficeScan NT Personal Firewall / TmPfw][Running/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe"><Trend Micro Inc.>
[趋势科技策略服务器 for Cisco NAC / tmPolicyServer][Running/Auto Start]
<"C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe"><Trend Micro Inc.>
[OfficeScan NT Proxy Service / TmProxy][Stopped/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"><Trend Micro Inc.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[Security Control / secctrl][Stopped/Auto Start]
<c:\winnt\system32\rundll32.exe vmvreg32.dll,scan><Microsoft Corporation>
==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINNT\system32\drivers\360AntiArp.sys><奇虎网>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Trend Micro Common Firewall Service / tmcfw][Running/Manual Start]
<system32\DRIVERS\TM_CFW.sys><Trend Micro Inc.>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmFilter.sys><Trend Micro Inc.>
[Trend Micro TDI Driver / tmtdi][Running/System Start]
<system32\DRIVERS\tmtdi.sys><Trend Micro Incorporated.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[RodogKiller / RodogKiller][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[Pandrv / Pandrv][Running/Disabled]
<\??\C:\WINNT\system32\Pandrv.sys><N/A>
==================================
浏览器加载项
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Encrypt Class]
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[趋势科技防毒墙网络版管理控制台]
{4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} <C:\WINNT\DOWNLO~1\ATXCON~1.OCX, Trend Micro Inc.>
[PieChart Class]
{A050E865-64E3-431B-8079-F0DFCEA90A2D} <C:\WINNT\Downloaded Program Files\AtxPie.dll, Trend Micro Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
==================================
正在运行的进程
[PID: 176][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[PID: 248][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 260][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 452][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 480][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[PID: 544][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 696][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 588][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.7021]
[PID: 680][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll] [Trend Micro Inc., 1.6.0.1056]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ssapi32.dll] [Trend Micro Inc., 5.2.0.1032]
[PID: 816][C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TMNotify.dll] [Trend Micro Inc., 1,3,0,1023]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\wtclog.dll] [Trend Micro Inc., 2, 2, 0, 1008]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TmPrApi_NSMB_mt.dll] [Trend Micro Inc., 1.0.0.1004]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIResUTF8.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcNotify.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIShare.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\tmu.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\DZIP32.dll] [Inner Media, Inc., 3.00.15]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcShare.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LogCache.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\SpywareResource.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIOCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcPurgeLog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\GenReportTable.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcDownload.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\unzip.dll] [Trend Micro Inc., 1.32.0.1000]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcNotifyQueue.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LogAgent.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHOConsole.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcPfwCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHLClient.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHPmc.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 880][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 920][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[PID: 936][C:\WINNT\system32\tcpsvcs.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 980][C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\PolicyServer\ABCGIResUTF8.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\PolicyServer\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 996][C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[PID: 1024][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 1040][C:\WINNT\System32\wins.exe] [Microsoft Corporation, 5.00.2195.7005]
[PID: 1052][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1096][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.6664]
[PID: 1124][C:\WINNT\System32\dns.exe] [Microsoft Corporation, 5.00.2195.7147]
[PID: 1140][C:\WINNT\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984]
[PID: 1200][C:\WINNT\system32\msdtc.exe] [Microsoft Corporation, 1999.9.3421.3]
[PID: 1308][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\unzip.dll] [Trend Micro Inc., 1.32.0.1000]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\WerAgent.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll] [Trend Micro Inc., 1.0.0.0]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcTmProxy.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPfwApi.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\tmdbg.dll] [N/A, ]
[PID: 1648][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\vhqq.dll] [N/A, ]
[D:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 1872][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 1916][C:\Program Files\360safe\antiarp\antiarp.exe] [奇虎网, 2, 0, 0, 1004]
[PID: 1928][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 2012][C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe] [Trend Micro Inc., 3.3.0.1015]
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\Program Files\Trend Micro\OfficeScan Client\tmHash.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\TmPfwRul.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\TmPfwLog.dll] [Trend Micro Inc., 2.6.0.1026]
[PID: 2124][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 2396][C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe] [Trend Micro Inc., 1.0.0.1155]
[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[PID: 2412][C:\WINNT\TEMP\QJF351.EXE] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 2668][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[PID: 12400][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12392][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 11652][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12320][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12352][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12356][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12308][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12376][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12096][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12284][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12252][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12328][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12396][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12208][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12416][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12040][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12156][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12184][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12344][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12216][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12240][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 12132][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 11920][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 11980][C:\WINNT\system32\cmd.exe] [Microsoft Corporation, 5.00.2195.6995]
[PID: 11992][C:\Documents and Settings\Administrator\桌面\360compkill.exe] [N/A, ]
[c:\winnt\system32\vmvreg32.dll] [N/A, ]
[PID: 11716][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX5\KillerSet.exe] [360Safe.com, 1, 0, 0, 3]
[c:\winnt\system32\vmvreg32.dll] [N/A, ]
[PID: 11804][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[c:\winnt\system32\vmvreg32.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Documents and Settings\Administrator\桌面\sreng2\Plugins\NTFSTREAM.SRE] [Smallfrogs Studio, 1, 0, 0, 5]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1916, C:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 11992, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\360COMPKILL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 11716, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RARSFX5\KILLERSET.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================[/code]帮我看看~谢谢了 这种我见过,
病毒加载到内存后就删除原文件,关机时又保存回去,用PE盘试试
不过我RESET就解决了,(不知道是不是这个,至少三次)
QQ:330154856 这种我见过,
病毒加载到内存后就删除原文件,关机时又保存回去,用PE盘试试
不过我RESET就解决了,(不知道是不是这个,至少三次)
QQ:330154856 下载XDelbox 1.6
[url=http://www.dodudou.com/down/]http://www.dodudou.com/down/[/url]
文件强制删除工具,支持XP/2000等系统,但不支持操作系统在C盘以外的XP/2000
运行xdelbox前最好卸载所有移动存储介质(包括U盘,MP3,手机存储卡等)务必注意
复制病毒档案位置,开启XDelBox>按右键>剪贴板导入不检查路径>按抑制再生>
C:\WINNT\system32\verisignpub1.crl
c:\winnt\system32\vmvreg32.dll
C:\WINNT\system32\vhqq.dll
C:\WINNT\system32\interne.exe
C:\WINNT\system32\Pandrv.sys
右键>立刻重启执行删除>重启後会进入dos模式删除病毒文件
执行 SREng.exe
b) 按 Boot Items ---> Registry
CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A]
选取你想删除的项目 ----> 按 Delete ----> Yes
Boot Items 之下点选 Services,然後按 Win32 Services
点选以下项目,按 Delete service,勾选隐藏微软认证,然後按 Set
Help and Support / helpsvc
之後会弹出一个视窗,按 No,再按 OK
执行 SREng
Boot Items\启动专案 之下点选 Services\服务 > 然後按 Win32 Drivers\win32驱动
勾选隐藏微软认证 , 点选以下项目,
Pandrv / Pandrv][Running/Disabled]
按 Delete Drivers\删除,然後按 Set ,之後会弹出一个视窗,按 No,再按 OK
RodogKiller / RodogKiller][Running/] ←你有用机械狗补丁吗?
下载IFEO映像挟持修复程序修复
[url=http://www.111safe.com/soft/sort010/down-49.html]http://www.111safe.com/soft/sort010/down-49.html[/url]
下载windows 清理助手(arswp)
[url=http://www.arswp.com/download.html]http://www.arswp.com/download.html[/url]
按option,可选择语言
arswp按更新,选第二个乱码(更新伺服器),升级到最新特徵码,可能需要一段时间
开启arswp
自订扫描>系统区扫描>开始扫描>如扫描到威胁,请清理
清理相关>清理磁盘>磁碟机 C
做完以上,可否反映一下你的情况:loveliness:
[[i] 本帖最后由 wing13 于 2008-3-7 22:57 编辑 [/i]] 等我上班了再试试. [code]2008-03-10,13:29:12
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 4 (Build 2195) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<ctfmon.exe><C:\WINNT\system32\ctfmon.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [(Verified)"Trend Micro, Inc."]
<360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start> [奇虎网]
<WinSysM><C:\WINNT\235780M.exe> [N/A]
<SoundMan><SoundMan.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
<IFEO[ctfmon.exe]><SoundMan.exe> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]
==================================
Startup Folders
N/A
==================================
Services
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[CurrentControlSet / MsWin32Reg][Stopped/Auto Start]
<C:\WINDOWS\system32\serve.exe><N/A>
[OfficeScan NT RealTime Scan / ntrtscan][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[OfficeScan Master Service / ofcservice][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe"><Trend Micro Inc.>
[OfficeScan Control Manager Agent / OfficeScanCMAgent][Stopped/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe"><Trend Micro Inc.>
[Security Control / secctrl][Stopped/Auto Start]
<c:\winnt\system32\rundll32.exe vmvreg32.dll,scan><Microsoft Corporation>
[OfficeScan NT Listener / tmlisten][Running/Auto Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>
[OfficeScan NT Personal Firewall / TmPfw][Running/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe"><Trend Micro Inc.>
[趋势科技策略服务器 for Cisco NAC / tmPolicyServer][Running/Auto Start]
<"C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe"><Trend Micro Inc.>
[OfficeScan NT Proxy Service / TmProxy][Stopped/Manual Start]
<"C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe"><Trend Micro Inc.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINNT\system32\interne.exe><N/A>
==================================
Drivers
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINNT\system32\drivers\360AntiArp.sys><奇虎网>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Trend Micro Common Firewall Service / tmcfw][Running/Manual Start]
<system32\DRIVERS\TM_CFW.sys><Trend Micro Inc.>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\TmFilter.sys><Trend Micro Inc.>
[Trend Micro TDI Driver / tmtdi][Running/System Start]
<system32\DRIVERS\tmtdi.sys><Trend Micro Incorporated.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Pandrv / Pandrv][Running/Disabled]
<\??\C:\WINNT\system32\Pandrv.sys><N/A>
==================================
Browser Add-ons
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Encrypt Class]
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[趋势科技防毒墙网络版管理控制台]
{4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} <C:\WINNT\DOWNLO~1\ATXCON~1.OCX, Trend Micro Inc.>
[PieChart Class]
{A050E865-64E3-431B-8079-F0DFCEA90A2D} <C:\WINNT\Downloaded Program Files\AtxPie.dll, Trend Micro Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
==================================
Running Processes
[PID: 176][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[PID: 248][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 260][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 452][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 480][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[PID: 544][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 572][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.7021]
[PID: 624][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll] [Trend Micro Inc., 1.6.0.1056]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ssapi32.dll] [Trend Micro Inc., 5.2.0.1032]
[PID: 732][C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TMNotify.dll] [Trend Micro Inc., 1,3,0,1023]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\wtclog.dll] [Trend Micro Inc., 2, 2, 0, 1008]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TmPrApi_NSMB_mt.dll] [Trend Micro Inc., 1.0.0.1004]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIResUTF8.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcNotify.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIShare.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\tmu.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\DZIP32.dll] [Inner Media, Inc., 3.00.15]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcShare.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LogCache.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\SpywareResource.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIOCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcPurgeLog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\GenReportTable.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcDownload.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\unzip.dll] [Trend Micro Inc., 1.32.0.1000]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcNotifyQueue.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\LogAgent.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHOConsole.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\OfcPfwCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CGIRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHLClient.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\CmdHPmc.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 896][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 924][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[PID: 1016][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINNT\system32\vhqq.dll] [N/A, ]
[PID: 1000][C:\Program Files\360safe\antiarp\antiarp.exe] [奇虎网, 2, 0, 0, 1004]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 996][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 1004][C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[PID: 1124][C:\WINNT\system32\tcpsvcs.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1152][C:\Program Files\Trend Micro\PolicyServer\PolicyServer.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\PolicyServer\ABCGIResUTF8.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\PolicyServer\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 1208][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 1284][C:\WINNT\System32\wins.exe] [Microsoft Corporation, 5.00.2195.7005]
[PID: 1308][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1332][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.6664]
[PID: 1360][C:\WINNT\System32\dns.exe] [Microsoft Corporation, 5.00.2195.7147]
[PID: 1380][C:\WINNT\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984]
[PID: 1448][C:\WINNT\system32\msdtc.exe] [Microsoft Corporation, 1999.9.3421.3]
[PID: 1708][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan Client\unzip.dll] [Trend Micro Inc., 1.32.0.1000]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\WerAgent.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll] [Trend Micro Inc., 1.31.0.1708]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll] [Trend Micro Inc., 1.0.0.0]
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcTmProxy.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\TmPfwApi.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\tmdbg.dll] [N/A, ]
[PID: 2148][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 2224][C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe] [Trend Micro Inc., 3.3.0.1015]
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\Program Files\Trend Micro\OfficeScan Client\tmHash.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\TmPfwRul.dll] [Trend Micro Inc., 3.3.0.1015]
[C:\PROGRA~1\TRENDM~1\OFFICE~2\TmPfwLog.dll] [Trend Micro Inc., 2.6.0.1026]
[PID: 2120][C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe] [Trend Micro Inc., 1.0.0.1155]
[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll] [Trend Micro Inc., 2,81,0,1024]
[PID: 1232][C:\WINNT\TEMP\ZC9B6B.EXE] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 1492][C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\cgiRecvFile.exe] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\CGIShare.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\VSAPI32.dll] [Trend Micro Inc., 8.320-1004]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\tmu.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\DZIP32.dll] [Inner Media, Inc., 3.00.15]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\TimeString.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\loadhttp.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\Pwd.dll] [Trend Micro Inc., 8.0.0.1034]
[C:\Program Files\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\CGIRes.dll] [Trend Micro Inc., 8.0.0.1034]
[PID: 2284][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2452][C:\Program Files\Internet Explorer\PLUGINS\SysWin7s.Jmp] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2440][C:\WINNT\explorer.exe] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\vhqq.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\235780MM.DLL] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 872][C:\WINNT\system32\com\savesave8.exe] [N/A, ]
[C:\WINNT\system32\vhqq.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 1640][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINNT\system32\vhqq.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT Error. [C:\WINNT\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 2.joppnqq.com
127.0.0.1 1.joppnqq.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 3.joppnqq.com
127.0.0.1 www.868wg.com
127.0.0.1 ilove.com
127.0.0.1 www.tomwg.com
127.0.0.1 www.22aaa.com
127.0.0.1 new.749571.com
127.0.0.1 cao.kv8.info
127.0.0.1 171817.171817.com
127.0.0.1 down.malasc.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.333292.com
127.0.0.1 up.22x44.com
==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1000, C:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================[/code]这到底是啥病毒。过了几分钟又活了!!我晕死 下载XDelbox 1.6
[url=http://www.dodudou.com/down/]http://www.dodudou.com/down/[/url]
文件强制删除工具,支持XP/2000等系统,但不支持操作系统在C盘以外的XP/2000
运行xdelbox前最好卸载所有移动存储介质(包括U盘,MP3,手机存储卡等)务必注意
复制病毒档案位置,开启XDelBox>按右键>剪贴板导入不检查路径>按抑制再生>
C:\WINNT\235780M.exe
C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys
C:\WINDOWS\system32\serve.exe
C:\WINNT\system32\interne.exe
C:\WINNT\system32\vhqq.dll
右键>立刻重启执行删除>重启後会进入dos模式删除病毒文件
SREng.exe
b) 按 Boot Items ---> Registry
<WinSysM><C:\WINNT\235780M.exe>
<{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys> []
选取你想删除的项目 ----> 按 Delete ----> Yes
Boot Items 之下点选 Services,然後按 Win32 Services
勾选隐藏微软认证,点选以下项目,然後按 Set
CurrentControlSet / MsWin32Reg][Stopped/Auto Start]
Help and Support / helpsvc][Stopped/Auto Start]
按 Delete service,之後会弹出一个视窗,按 No,再按 OK
Boot Items\启动专案 之下点选 Services\驱动,然後按 win32 Drivers\win32驱动
勾选隐藏微软认证 , 点选以下项目,
Pandrv / Pandrv][Running/Disabled]
<\??\C:\WINNT\system32\Pandrv.sys><N/A>
然後按 Set,按 Delete 删除,之後会弹出一个视窗,按 No,再按 OK
执行 SREng.exe
b) 按 System Repair > Browser Add-ons
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
选取你想删除的项目 > 按 Delete Selected > Yes
下载IFEO映像挟持修复程序再修复
[url=http://www.111safe.com/soft/sort010/down-49.html]http://www.111safe.com/soft/sort010/down-49.html[/url]
下载安装金山清理专家
[url=http://client.download.duba.net/KASSetupWithantiArp.exe]http://client.download.duba.net/KASSetupWithantiArp.exe[/url]
用
恶意软件查杀
漏洞修补
[[i] 本帖最后由 wing13 于 2008-3-10 23:10 编辑 [/i]] 楼上的.辛苦了.谢谢你的帮助.我下午再试试.不管能不能杀掉病毒.我们已经决定换LINUX系统了..
我下午试完了以后再来反馈一下 昨天一天忙晕菜了.刚刚去看了下那台中毒的服务器,360随便一扫就是一大堆的木马,哎,某个木马程序会自动从网上下载他的同类.整个硬盘全部格掉.装LINUX了.
再次谢谢那位愿意花时间帮助我的朋友.
页:
[1]