瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 我的绿伞不见了,进程中的瑞星程序都加了个"尾巴"
sunwei111 - 2006-10-2 19:07:00
机子的主页总在不停地改变,先是7939,后又出现一些乱七八糟网址(02top)。我用过论坛上的方法,也用过7939专杀工具,但还是不行,瑞星小绿伞还是不出现,强行加载却是个小红伞。瑞星也杀不了毒,进程中瑞星程序都有个~ 符号的小尾巴。请问这个问题怎么解决?

附件: 7330302006102185940.JPG
sunwei111 - 2006-10-2 19:16:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <msnnt><; C:\WINDOWS\winampc.exe>  []
    <updatereal><; C:\WINDOWS\realupdate.exe other>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [N/A]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <realserv.exe><C:\WINDOWS\system32\realserv.exe>  [N/A]
    <iexplorer.exe><C:\WINDOWS\system32\iexplorer.exe>  [N/A]
    <realtpsk><; C:\WINDOWS\system\realsched.exe>  [N/A]
    <Update><; C:\Program Files\Common Files\UPDATE2\Update.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Portable Equipment Service / Framework]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mssapi.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Spectrum24 Events Monitor / IPRIP]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\acss.dll><LINKMEDIA Tech>
[Windows Install Helper / NHLscA]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[NetMeeting Remote Desktop Agent / Nwsapagent]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Nwsapagent.dll><LINKMEDIA Tech>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
sunwei111 - 2006-10-2 19:16:00
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[BaseTDI / BaseTDI]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5001.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5001.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[raObject Class]
  {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
sunwei111 - 2006-10-2 19:17:00
正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 704][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 716][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 864][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 944][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1056][C:\WINDOWS\system32\CCenter~.exe]  [N/A, N/A]
[PID: 1072][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [c:\windows\system32\acss.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
    [c:\windows\system32\mssapi.dll]  [Microsoft Corporation, 5.1.2600.0]
    [c:\windows\system32\nwsapagent.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
[PID: 1136][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1484][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\zzcoke.dll]  [Microsoft Corporation, 6, 0, 2900, 2755]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\aspaerdev.dll]  [N/A, N/A]
    [c:\windows\system32\mssapi.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1568][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1728][C:\WINDOWS\system32\realserv.exe]  [N/A, N/A]
[PID: 1736][C:\WINDOWS\system32\iexplorer.exe]  [N/A, N/A]
[PID: 1756][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2000][C:\WINDOWS\SYSTEM32\RUNDLL.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2028][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.01.4345]
[PID: 160][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1660][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1684][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\sdmAgent22.dll]  [LINKMEDIA Tech, 1, 5, 0, 7]
[PID: 1896][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 380][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1400][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5001.dll]  [Microsoft Corporation, 1, 3, 5, 0]
    [C:\WINDOWS\system32\SafeHelper12.dll]  [LINKMEDIA Tech, 2, 0, 0, 3]
    [C:\WINDOWS\system32\aspaerdev.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\zzcoke.dll]  [Microsoft Corporation, 6, 0, 2900, 2755]
    [C:\WINDOWS\system32\Inte32.dll]  [N/A, N/A]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 180][D:\Downloads\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
59.34.148.98      www.hao123.com
59.34.148.98      www.4199.com
59.34.148.98      www.9505.com
59.34.148.98      www.7322.com
218.5.76.175      www.huoche.com.cn

==================================
sunwei111 - 2006-10-2 19:19:00
重新克隆不到1分钟又成这个样子了.
请教高手怎么样解决这个问题????????
影子110 - 2006-10-2 19:20:00
<msnnt><; C:\WINDOWS\winampc.exe> []
<updatereal><; C:\WINDOWS\realupdate.exe other> [N/A]


<realserv.exe><C:\WINDOWS\system32\realserv.exe> [N/A]
<iexplorer.exe><C:\WINDOWS\system32\iexplorer.exe> [N/A]
<realtpsk><; C:\WINDOWS\system\realsched.exe> [N/A]
<Update><; C:\Program Files\Common Files\UPDATE2\Update.exe> [N/A]

这几个文件找到后打包(压缩并加上密码:123)发到下面邮箱~
xue_mai_qi@163.com

(这几项都有问题~~)
另,看你的描述~有点像中了威金~
影子110 - 2006-10-2 19:31:00
另,建议楼主学习使用SSM这个工具,它可以禁止病毒进程的运行~禁止病毒DLL的注入~禁止病毒服务和驱动的加载~

再用icesword删除其相关文件,

下载:
ssm
http://www.syssafety.com/files.html
IceSword
本版的置顶帖里有(常用小工具~)
使用方法或简易教程,~在这个论坛里搜一下,有好多的~~或可以发帖求助~
sunwei111 - 2006-10-2 19:57:00
不是威金病毒,邮件已发出,请查收!谢谢!!!

附件: 7330302006102194900.JPG
sunwei111 - 2006-10-3 7:45:00
有谁知道这个问题的解决方法!!!!
猪知山 - 2006-10-3 8:12:00
msnnt><; C:\WINDOWS\winampc.exe> []
<updatereal><; C:\WINDOWS\realupdate.exe other> [N/A]


<realserv.exe><C:\WINDOWS\system32\realserv.exe> [N/A]
<iexplorer.exe><C:\WINDOWS\system32\iexplorer.exe> [N/A]
<realtpsk><; C:\WINDOWS\system\realsched.exe> [N/A]
<Update><; C:\Program Files\Common Files\UPDATE2\Update.exe> [N/A]

[C:\WINDOWS\system32\SYNCOR11.DLL
C:\WINDOWS\system32\Inte32.dll
这几个打包给我,方式见签名,谢谢
sunwei111 - 2006-10-25 10:35:00
我的机子中了不知名的病毒,所有的安装程序在安装时在目录下生成一个setup~.exe文件,出现安装对话框它就消失了,在安装过程中安装再去找setup~.exe时找不到,最后只有中断安装。我用了瑞星,卡巴斯基,以及Killqx.exe、qqkav.exe等专杀工具都杀不到。请问还有谁有更好杀毒软件??? 
1
查看完整版本: 我的绿伞不见了,进程中的瑞星程序都加了个"尾巴"
© 2000 - 2026 Rising Corp. Ltd.