»
游客:
注册
|
登录
|
帮助
微点交流论坛
»
微点主动防御软件
» 提交病毒来了
20
2/2
<
1
2
作者:
标题: 提交病毒来了
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#11
红伞再报
附件 1:
13.png
(2008-7-23 22:01, 13.34 K,下载次数: 52)
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:01
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#12
看红伞报的都是ie缓存
把ie缓存清理完后
发贴时红伞还报
这个图是wab.exe出错报的
[
Last edited by tanglewish on 2008-7-23 at 22:03
]
附件 1:
14.png
(2008-7-23 22:02, 8.39 K,下载次数: 23)
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:02
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#13
Quote:
Originally posted by
Legend
at 2008-7-23 21:57:
您是否安装了其他安全软件?
请问您的操作系统具体是什么版本?
请生成技术支持信息(微点主界面-->辅助功能-->生成技术支持信息)并及时联系我们在线管理员(QQ:466248167),让他帮您分析一下
现在都清理完,再生成还有效果吗?
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:06
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#14
filelog.txt部分内容:
2008-07-23 21:10:33 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:33 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:33 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:23 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:12 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:10:02 C:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 I:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 H:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 G:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 F:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 E:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 21:09:52 D:\MSDOS.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:11
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#15
reglog.txt部分:
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:53:05 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE G:\WINDOWS\SYSTEM32\CTFMON.EXE
2008-07-23 20:49:33 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ARSWP.EXE "I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE" /AUTO I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE
2008-07-23 20:49:20 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIAFQEY\ IMAGEPATH \??\G:\WINDOWS\SYSTEM32\DRIVERS\WIAFQEY.SYS I:\NOD_UPD\SHADU\UPLOADS\ARSWP\ARSWP.EXE
2008-07-23 20:35:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NPF\ IMAGEPATH \??\G:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS G:\WINDOWS\SYSTEM32\SC.EXE
2008-07-23 20:34:24 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYS_HKP\ IMAGEPATH \??\G:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~31.TMP C:\PROGRAM FILES\INTERNET EXPLORER\5.PIF
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GFUPD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDFIELD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANTIARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPTRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPC32.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNKILLER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTILITIES.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AST.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRAMEWORKSERVICE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:43 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
2008-07-23 20:33:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\WAB.EXE
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:14
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#16
继续:
2008-07-23 20:54:33 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYS_HKP\ IMAGEPATH \??\G:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~62.TMP C:\PROGRAM FILES\INTERNET EXPLORER\5.PIF
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GFUPD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GUARDFIELD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANTIARP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPTRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VPC32.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNKILLER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTILITIES.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AST.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FRAMEWORKSERVICE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:08 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\ DEBUGGER G:\WINDOWS\SYSTEM32\DLLCACHE\WUAUCLT.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
2008-07-23 20:54:07 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\ TEST G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE G:\WINDOWS\SYSTEM32\WUAUCLT1.EXE
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:14
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#17
SECURITYLOG.txt部分
2008-07-23 20:54:10 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1184 58.211.7.59 80 阻断
2008-07-23 20:54:10 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1183 58.211.7.59 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1182 58.211.7.25 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1181 58.211.7.25 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1180 58.211.7.41 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1179 58.211.7.36 80 阻断
2008-07-23 20:54:09 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1178 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1679 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1678 58.211.7.36 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1677 58.211.7.59 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1676 58.211.7.59 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1675 58.211.7.25 80 阻断
2008-07-23 20:45:45 2.PIF C:\PROGRAM FILES\INTERNET EXPLORER\2.PIF 0.0.0.0 1645 58.211.7.25 80 永远禁止
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:15
tanglewish
注册用户
积分 57
发帖 57
注册 2008-7-14
#18
FileExport_Startup_Other.txt
autoexec.bat 批处理文件 其他软件 C:\AUTOEXEC.BAT
Beep.sys 驱动 其他软件 G:\WINDOWS\system32\drivers\beep.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BEEP
fppdis2a.exe /source=HKLM 注册表启动组 其他软件 G:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\PDFFACTORY PRO 分配器 V2
PCIDump.sys 驱动 其他软件 文件不存在(G:\WINDOWS\System32\DRIVERS\PCIDump.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCIDUMP
lbrtfdc.sys 驱动 其他软件 文件不存在(G:\WINDOWS\System32\DRIVERS\lbrtfdc.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LBRTFDC
ssv.dll Explorer插件 其他软件 G:\Program Files\Java\jre1.6.0_06\bin\ssv.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Changer.sys 驱动 其他软件 文件不存在(G:\WINDOWS\System32\DRIVERS\Changer.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CHANGER
wuauclt1.exe 注册表启动组 其他软件 文件不存在(G:\WINDOWS\system32\wuauclt1.exe) HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\TEST
srvany.exe 服务 其他软件 I:\ftp_search\app2srv\srvany.exe HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTPSEARCH
d346prt.sys 驱动 其他软件 G:\WINDOWS\system32\drivers\d346prt.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\D346PRT
AvaFind.exe 注册表启动组 其他软件 G:\Program Files\AvaFind Pro\AvaFind.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AVAFIND
amd_dc_opt.exe 注册表启动组 其他软件 G:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AMD_DC_OPT
SSMWinlogonEx.dll 系统直接调用 其他软件 G:\WINDOWS\system32\SSMWinlogonEx.dll HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SYSTEM SAFETY MONITOR
i2omgmt.sys 驱动 其他软件 文件不存在(G:\WINDOWS\System32\DRIVERS\i2omgmt.sys) HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I2OMGMT
vstor2-ws60.sys 驱动 其他软件 G:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VSTOR2-WS60
※ ※ ※ 本文纯属【tanglewish】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:15
threeswords
中级用户
积分 400
发帖 387
注册 2008-3-25
#19
第一张图没看明白
微点报的是已知,并已阻止其运行,楼主说的是微点拦截失败?
楼主如果有病毒样本,可以直接发给微点,压缩加密码(密码:virus)发送到
virus@micropoint.com.cn
,记得附上技术支持信息。
还有不知道楼主是浏览哪个网页中毒的?
※ ※ ※ 本文纯属【threeswords】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
2008-7-23 22:59
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
#20
请楼主及时将样本文件和技术支持信息(微点主界面-->辅助功能-->生成技术支持信息)发送到我们
support@micropoint.com.cn
邮箱,我们好及时分析处理。
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
微点官方认证新浪微博:欢迎进入
微点新浪微博
微点技术支持邮箱:
support@micropoint.com.cn
给Legend发短消息
2008-7-23 23:14
20
2/2
<
1
2
论坛跳转:
微点软件公测区
安全快报
> 病毒快报
> 漏洞快报
微点产品在线技术支持
> 微点主动防御软件
> 预升级反馈专区
> 微点杀毒软件
微点用户交流区
> 微点新闻
> 微点软件使用交流
> 微点茶室
安全技术交流区
> 主动防御
> 反病毒
> 防火墙
综合区
> 电脑&数码
> 体育&娱乐&休闲
> 灌水区
版务管理
内部使用专区
可打印版本
|
推荐
|
订阅
|
收藏
[
联系我们
-
东方微点
]
北京东方微点信息技术有限责任公司 福建东方微点信息安全有限责任公司
闽ICP备05030815号
