广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 6653 个阅读者
 
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
hlking0110 手机
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x2
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[问题讨论] 中毒~已知病毒名称
目前卡巴斯基扫描到C:\windows\system32\iasnx9tc.dll
C:\Documents and Settings\user\Local Settings\Temp\~17.tmp;感染了病毒
Email-Worm.Win32.Warezov.ms;2007/4/4 上午 08:46:25
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D2FUGHNM\Update-KB3303-x86[1].zip;感染了病毒
Email-Worm.Win32.Warezov.ms;2007/4/4 上午 08:46:41


C:\WINDOWS\System32\dtcclzex.dl<==这个因为不知道是何种程式所以也请大大帮查THX
以下是SRENG2所扫描出来的结果

-------------------------------------------------------------------------------------------------------------------------------------------
复制程式
 

2007-04-04,08:26:25 

System Repair Engineer 2.4.12.806 
Smallfrogs ([url]http://www.KZTechs.com[/url]) 

Windows XP Professional Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed 

Follow item(s) have been choosed: 
All Boot Items (Including Registry, Startup Folders, Services and so on) 
Browser Add-ons 
Runing Processes (Including process model information) 
File Associations 
Winsock Provider 
Autorun.Inf 
HOSTS File 


Boot Items 
Registry 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher] 
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] 
<WebOffice 3.0(1)><C:\Program Files\Novax\Netask Messenger\webclient.exe> [Novax Corp.] 
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
<load><> [N/A] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher] 
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher] 
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher] 
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.] 
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [N/A] 
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [N/A] 
<AWMON><"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"> [N/A] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher] 
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
<AppInit_DLLs><> [N/A] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher] 
[color=#ff0000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dtcclzex]
<WinlogonNotify: dtcclzex><C:\WINDOWS\System32\dtcclzex.dll>[/color] [N/A] 
[color=#ff0000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iasnx9tc][/color] 
[color=#ff0000]<WinlogonNotify: iasnx9tc><C:\WINDOWS\System32\iasnx9tc.dll>[/color] [N/A] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] 
<WinlogonNotify: WgaLogon><WgaLogon.dll> [Microsoft Corp.] 

================================== 
Startup Folders 
[Microsoft Office] 
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N> 
[Netask Messenger] 
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\Netask Messenger.lnk --> C:\PROGRA~1\Novax\NETASK~1\WEBCLI~1.EXE [Novax Corp.]><N> 
[Adobe Reader Speed Launch] 
<C:\Documents and Settings\All Users\「开始」功能表\程式集\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> 
[UltraVNC Server] 
<C:\Documents and Settings\user\「开始」功能表\程式集\启动\UltraVNC Server.lnk --> C:\PROGRA~1\UltraVNC\winvnc.exe [UltraVNC]><N> 

================================== 
Services 
[Human Interface Device Access / HidServ][Stopped/Disabled] 
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> 
[Kaspersky Anti-Virus Service / kavsvc][Running/Auto Start] 
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe"><Kaspersky Lab> 
[Kaspersky Network Agent / klnagent][Running/Auto Start] 
<"C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe"><Kaspersky Lab> 
[Machine Debug Manager / MDM][Running/Auto Start] 
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation> 
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] 
<C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe><HP> 

================================== 
Drivers 
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] 
<system32\drivers\ac97intc.sys><Intel Corporation> 
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start] 
<System32\DRIVERS\e100b325.sys><Intel Corporation> 
[KL1 driver / kl1][Running/Boot Start] 
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab> 
[KLIF driver / klif][Running/System Start] 
<System32\drivers\klif.sys><Kaspersky Labs> 
[KLMC driver / klmc][Running/System Start] 
<System32\drivers\klmc.sys><Kaspersky Lab> 
[nv4 / nv4][Running/Manual Start] 
<System32\DRIVERS\nv4.sys><NVIDIA Corporation> 
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start] 
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> 
[Secdrv / Secdrv][Stopped/Manual Start] 
<System32\DRIVERS\secdrv.sys><N/A> 

================================== 
Browser Add-ons 
[Yahoo! Toolbar Helper] 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> 
[AcroIEHlprObj Class] 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> 
[SSVHelper Class] 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.> 
[Java Plug-in] 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.> 
[Messenger] 
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation> 
[收音机(&R)] 
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> 
[Yahoo!奇摩捷径列] 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> 
[Crystal Report Viewer Control 9] 
{2DEF4530-8CE6-41C9-84B6-A54536C90213} <C:\WINDOWS\Downloaded Program Files\CRViewer9.dll, Crystal Decisions> 
[YInstStarter Class] 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\YAHOO!\Common\yinsthelper.dll, Yahoo! Inc.> 
[TreeEditor Class] 
{7B468F35-D212-4C44-BF24-002977F4C0A7} <C:\WINDOWS\Downloaded Program Files\ted.dll, 超华资讯股份有限公司[[email]sunsheng@ms5.hinet.net[/email]]> 
[Java Plug-in] 
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.> 
[CHTAuthC Class] 
{A68902FF-6FE8-4DAF-A1DB-1B20BE7FEF7F} <C:\WINDOWS\Downloaded Program Files\CHTAuthClient.dll, 中华电信研究所> 
[Java Plug-in] 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.> 
[Java Plug-in 1.5.0_06] 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.> 
[Shockwave Flash Object] 
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.> 
[汇出至 Microsoft Excel(&X)] 
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> 

================================== 
Running Processes 
[PID: 612][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] 
[PID: 684][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] 
[PID: 1888][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] 
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] 
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300] 
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] 
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\shellex.dll] [Kaspersky Lab, 5.0.712.1] 
[PID: 280][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5] 
[PID: 508][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] 
[PID: 532][C:\Program Files\Novax\Netask Messenger\webclient.exe] [Novax Corp., 3, 50, 0, 0] 
[C:\Program Files\Novax\Netask Messenger\MFC42.DLL] [Microsoft Corporation, 6.02.4131.0] 
[C:\Program Files\Novax\Netask Messenger\WCS_SYSTEMTRAY.DLL] [WebStorage Corp., 1, 0, 1, 3] 
[C:\Program Files\Novax\Netask Messenger\Hook.dll] [WebStorage Corp., 1, 0, 1, 1] 
[PID: 1268][C:\Program Files\UltraVNC\winvnc.exe] [UltraVNC, 1.1.0.0] 
[PID: 2504][C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe] [Lavasoft Sweden, 6.2.0.208] 
[PID: 2596][C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe] [Lavasoft Sweden, 3.1.2.17] 
[PID: 4000][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] 
[C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll] [Yahoo! Inc., 2006, 10, 26, 1] 
[C:\Program Files\Yahoo!\Companion\Installs\cpn\YTabBar.dll] [Yahoo!, 2006.10.17.1] 
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300] 
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] 
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5] 
[C:\Program Files\Yahoo!\Companion\Installs\cpn\pubmod.dll] [Yahoo! Inc., 2005, 12, 16, 1] 
[C:\Program Files\Yahoo!\Companion\Installs\cpn\ypubc.dll] [Yahoo! Inc., 2006.1.25.01] 
[C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll] [Yahoo! Inc., 2006, 7, 27, 1] 
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\scrchpg.dll] [Kaspersky Lab, 5.0.712.20] 
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\scbridge.dll] [Kaspersky Lab, 5.0.712.1] 
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klipc.dll] [Kaspersky Lab, 5.0.712.0] 
[C:\WINDOWS\System32\MSTCIPHA.IME] [Microsoft Corporation, 5.1.0.60] 
[C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHT.DLL] [Microsoft Corporation, 1.0.1038.0] 
[C:\Program Files\Common Files\Microsoft Shared\IME\MSTCIA\Applet\chtskdic.dll] [Microsoft Corporation, 8.0.0.1912] 
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0] 
[PID: 3316][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] 
[PID: 2184][C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe] [Sun Microsystems, Inc., 5.0.60.5] 
[PID: 3288][C:\Documents and Settings\user\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] 

================================== 
File Associations 
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] 
.EXE OK. ["%1" %*] 
.COM OK. ["%1" %*] 
.PIF OK. ["%1" %*] 
.REG OK. [regedit.exe "%1"] 
.BAT OK. ["%1" %*] 
.SCR OK. ["%1" /S] 
.CHM OK. ["C:\WINDOWS\hh.exe" %1] 
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] 
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] 
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] 
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] 
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] 
.LNK OK. [{00021401-0000-0000-C000-000000000046}] 

================================== 
Winsock Provider 
N/A 

================================== 
Autorun.Inf 
N/A 

================================== 
HOSTS File 
127.0.0.1 localhost 

================================== 
API HOOK 
RVA Error: LoadLibraryA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5DEE6E0) 
RVA Error: LoadLibraryExA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5DEE820) 
RVA Error: LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5DEE8E0) 
RVA Error: LoadLibraryW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF5DEE780) 

================================== 
Hidden Process 
[441] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe 
[497] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe 
[2037] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe 

================================== 





献花 x0 回到顶端 [楼 主] From:台湾 | Posted:2007-04-04 09:09 |
彗星风采 手机
个人头像
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x24
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

报表中没有看到有问题的存在喔!...
楼主所说的下述这些应该已经被卡巴清除掉了..
C:\Documents and Settings\user\Local Settings\Temp\~17.tmp;感染了病毒
Email-Worm.Win32.Warezov.ms;2007/4/4 上午 08:46:25
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\D2FUGHNM\Update-KB3303-x86[1].zip;感染了病毒

另外下列这些档案...建议楼主依路径找到档案..然后上传至VT做分析喔!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dtcclzex]
<WinlogonNotify: dtcclzex><C:\WINDOWS\System32\dtcclzex.dll> [N/A]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iasnx9tc]
<WinlogonNotify: iasnx9tc><C:\WINDOWS\System32\iasnx9tc.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

PS..楼主您的XP还是SP1的喔...要赶紧更新了喔! 表情


[ 此文章被彗星风采在2007-04-04 21:24重新编辑 ]


献花 x0 回到顶端 [1 楼] From:台湾中华电信HINET | Posted:2007-04-04 12:48 |
hlking0110 手机
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x2
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

一楼大大

小弟不知道vt是什么可否麻烦指点迷津!

感激^^ 表情


献花 x0 回到顶端 [2 楼] From:台湾 | Posted:2007-04-04 14:14 |
blestarry 会员卡
个人头像
个人文章 个人相簿 个人日记 个人地图
初露锋芒
级别: 初露锋芒 该用户目前不上站
推文 x47 鲜花 x325
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

下面是引用hlking0110于2007-04-04 14:14发表的 :
一楼大大

小弟不知道vt是什么可否麻烦指点迷津!

感激^^ 表情

VT = VIRUSTOTAL


一个集合世界大部分的防毒软体统合扫描网站
可上传物件至此网站判断分析是否有受感染、误报 表情


献花 x0 回到顶端 [3 楼] From:台湾Chang Gung College of Medi | Posted:2007-04-04 14:24 |
LostDream
个人头像
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x6
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

Registry
<WinlogonNotify: iasnx9tc><C:\WINDOWS\System32\iasnx9tc.dll> [N/A]
<WinlogonNotify: dtcclzex><C:\WINDOWS\System32\dtcclzex.dll>[N/A]

清掉。


献花 x0 回到顶端 [4 楼] From:台湾 | Posted:2007-04-04 18:04 |
彗星风采 手机
个人头像
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x24
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

关闭系统还原..清除所有IE暂存档..进入安全模式..
SReng主程式..切换至Boot Items分页中的Registry选项..找到
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dtcclzex]
<WinlogonNotify: dtcclzex><C:\WINDOWS\System32\dtcclzex.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iasnx9tc]
<WinlogonNotify: iasnx9tc><C:\WINDOWS\System32\iasnx9tc.dll> [N/A]
选Delete..按下是删除..
Icesword切换到File模式.依路径C:\WINDOWS\System32\dtcclzex.dll..C:\WINDOWS\System32\iasnx9tc.dll..
点选Delete..删除..


献花 x0 回到顶端 [5 楼] From:台湾中华电信HINET | Posted:2007-04-04 21:29 |

首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.062034 second(s),query:16 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言