瑞星卡卡安全论坛
whoabc - 2007-3-12 8:43:00
系统下的EXE文件的图标变成 ACDsee 图标,文件大小变为 16.2M,瑞星无法检测出来诺顿也无法查杀?
附件:
853513200731283426.bmp
whoabc - 2007-3-12 10:41:00
斑竹,请各位大虾给予帮助,紧急!!!!!!
whoabc - 2007-3-13 11:23:00
各位请帮帮忙,没有朋友遇见这样的病毒吗?
o坤义o - 2007-3-13 11:30:00
先用SRE搞个日志上来别人才能帮你找问题啊
whoabc - 2007-3-13 11:55:00
SRE日志,请朋友帮忙,谢谢
[CODE]
2007-03-13,11:37:17
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows 98 SE -
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ScanRegistry><C:\WINDOWS\scanregw.exe /autorun> [Microsoft Corporation]
<TaskMonitor><C:\WINDOWS\taskmon.exe> [Microsoft Corporation]
<internat.exe><internat.exe> [Microsoft Corporation]
<SystemTray><SysTray.Exe> [Microsoft Corporation]
<LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<vptray><C:\Program Files\Norton AntiVirus\vptray.exe> [Symantec Corporation]
<UFD Monitor><C:\Program Files\Lenovo Flash Disk Utility\Lenovo UFD Utility\UFDMon.exe> [Alcor Micro Corp.]
<UFD Utility><C:\Program Files\Lenovo Flash Disk Utility\Lenovo UFD Utility\USBTD.exe> [ ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme> [Microsoft Corporation]
<SchedulingAgent><C:\WINDOWS\SYSTEM\mstask.exe> [Microsoft Corporation]
<NVSvc><C:\WINDOWS\SYSTEM\nvsvc.exe -runservice> [NVIDIA Corporation]
<rtvscn95><C:\Program Files\Norton AntiVirus\rtvscn95.exe> [Symantec Corporation]
<defwatch><C:\Program Files\Norton AntiVirus\defwatch.exe> [Symantec Corporation]
<r_server><C:\WINDOWS\SYSTEM\R_SERVER.EXE /service> []
==================================
启动文件夹
[Microsoft Office]
<C:\WINDOWS\Start Menu\Programs\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~1\OFFICE\OSA9.EXE [Microsoft Corporation]><N>
[LabKing Software]
<C:\WINDOWS\Start Menu\Programs\启动\LabKing Software.lnk --> C:\LABKING\PPC.EXE [N/A]><N>
==================================
服务
N/A
==================================
whoabc - 2007-3-13 11:57:00
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\SYSTEM\MSDXM.OCX, Microsoft Corporation>
==================================
正在运行的进程
[C:\WINDOWS\SYSTEM\CFGMGR32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NTDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSNP32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[PID: 4294954091][C:\WINDOWS\SYSTEM\MPREXE.EXE] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPRSERV.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSPWL32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSIDLE.DLL] [Microsoft Corporation, 5.00.2614.3500]
[PID: 4294849007][C:\WINDOWS\SYSTEM\MSTASK.EXE] [Microsoft Corporation, 4.71.1959.1]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.80]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\NVARCH32.DLL] [NVIDIA Corporation, 4.14.10.5304]
[PID: 4294854215][C:\WINDOWS\SYSTEM\NVSVC.EXE] [NVIDIA Corporation, 4.14.10.5304]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAP32.DLL] [Symantec Corporation, 5.3.1.39]
[C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\VIRUSDEFS\20070307.037\NAVENG32.DLL] [Symantec Corporation, 20071.1.1.10]
[C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\VIRUSDEFS\20070307.037\NAVEX32A.DLL] [Symantec Corporation, 20071.1.1.10]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPI32.DLL] [Symantec Corp., 4.1.0.6]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\I2LDVP3.DLL] [Symantec Corporation, 7.50.00.846]
[C:\WINDOWS\SYSTEM\MSWSOSP.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHFOLDER.DLL] [Microsoft Corporation, 5.00.2919.200]
[C:\WINDOWS\SYSTEM\RNR20.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
whoabc - 2007-3-13 11:58:00
[PID: 4294867943][C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE] [Symantec Corporation, 7.50.00.846]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVLU.DLL] [Symantec Corporation, 7.50.00.846]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8447.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\WINMM.DLL] [Microsoft Corporation, 4.03.1998]
[C:\WINDOWS\SYSTEM\CTL3D32.DLL] [Microsoft Corporation, 2.31.000]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.80]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\CBA.DLL] [Intel Corporation, 6.0.201.0940 E]
[C:\WINDOWS\SYSTEM\PDS.DLL] [Intel Corporation, 6.0.201.0940 E]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSGSYS.DLL] [Intel Corporation, 6.0.201.0940 E]
[C:\WINDOWS\SYSTEM\NTS.DLL] [Intel Corporation, 6.0.201.0940 E]
[C:\WINDOWS\SYSTEM\NETAPI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2RTF.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2SS.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2UUE.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2AMG.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\SYMAMG32.DLL] [Symantec Corporation with portions by FUJITSU DEVICES INC., 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2ZIP.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2MIME.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2LZ.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2LHA.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\SYMLHA.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2ID.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2ARJ.DLL] [Symantec Corporation, 2.16.0.45]
[C:\PROGRAM FILES\NORTON ANTIVIRUS\DEC2.DLL] [Symantec Corporation, 2.16.0.45]
[C:\WINDOWS\SYSTEM\MSVCP50.DLL] [Microsoft Corporation, 5.00.7022]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8397.0]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
whoabc - 2007-3-13 11:58:00
[PID: 4294887195][C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE] [Symantec Corporation, 7, 50, 0, 1]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8397.0]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHFOLDER.DLL] [Microsoft Corporation, 5.00.2919.200]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\RNR20.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSWSOSP.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADMDLL.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8397.0]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.80]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
whoabc - 2007-3-13 12:00:00
[PID: 4294660711][C:\WINDOWS\RUNDLL32.EXE] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.80]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSSHRUI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSPP32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IMFPRINT.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\SYSTEM\ZSPOOL.DLL] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\SYSTEM\IMF32.DLL] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\SYSTEM\WINSPOOL.DRV] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ZTAG32.DLL] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8397.0]
[C:\WINDOWS\SYSTEM\UNISPIM.IME] [北京清华紫光软件股份有限公司, 2.3.0.1064]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.80]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 5.00.2614.3500]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294761463][C:\WINDOWS\SYSTEM\SPOOL32.EXE] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SPOOLSS.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
whoabc - 2007-3-13 12:00:00
文件关联
.TXT OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MS.w95.spi.osp
C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
1
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
1
© 2000 - 2026 Rising Corp. Ltd.