瑞星卡卡安全论坛
飞天蛛蛛 - 2007-7-23 13:23:00
电脑昨天才作的系统,然后同学看以前保存的网页时候,机器开始不对,后来看到硬盘右击出现autorun才知道中招了……然后每次开机都有瑞星提示杀了几个在temp里的病毒,然后到 那里找也删不掉,安全模式也不管(包括杀毒和瑞星粉碎)
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
杀掉的病毒日志在附件里
扫描的日志如下:
Logfile of HijackThis v1.99.1
Scan saved at 12:54:57, on 2007-7-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\下载的东东\ha_hijackthis_1991\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - D:\软件安装盘\web迅雷\WebThunderBHO_Now.dll
O2 - BHO: (no name) - {0E43571F-3477-4A6A-8505-19BB75A970D4} - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用Web迅雷下载 - D:\软件安装盘\web迅雷\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - D:\软件安装盘\web迅雷\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - D:\软件安装盘\KuGoo2007\InExtend\KuGoo3DownXControl.ocx
O20 - AppInit_DLLs: dhbpri.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
附件:
6963092007723131311.txt
流星陨落 - 2007-7-23 13:45:00
日志无明显病毒,使用卡卡助手清理系统,并升级瑞星到最新版本,每日定时升级瑞星,开启实时监控、防火墙和卡卡助手
飞天蛛蛛 - 2007-7-23 13:48:00
可我同学的Q号刚刚才被盗还在申述中……………………
那个鸟病毒会不会让我们的帐号信息什么的的邮到别人的信箱中????实在不行我格式化
痛苦绝望中……
飞天蛛蛛 - 2007-7-23 13:53:00
还有就是刚才上网下ARP防火墙,对.rar文件扫描病毒时有弹出窗口是里面的一个文件扫描时间超时,以前重没这情况的,是病毒的事还是偶然的巧合?
流星陨落 - 2007-7-23 13:55:00
下载安装卡卡助手,选择诊断求助,勾选文件详细信息和文件名相似分析,将诊断日志以附件形式发到论坛“日志求助区”
http://tool.ikaka.com/
飞天蛛蛛 - 2007-7-23 13:58:00
Perflib_Perfdata_2f0.dat和Perflib_Perfdata_34c.dat删除不掉 他们是临时里面的,在安全模式下也不管
飞天蛛蛛 - 2007-7-23 14:02:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-23 13:47:6) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
ose
[A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
RfwProxySrv
[A ] 2. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 3. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
rpcapd
[A ] 4. c:\program files\winpcap\rpcapd.exe
.text,.rdata,.data,
RsCCenter
[A ] 5. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 6. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
飞天蛛蛛 - 2007-7-23 14:02:00
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 7. c:\windows\system32\drivers\alcxsens.sys
Sensaura
Sensaura WDM 3D Audio Driver
.text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 8. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,.rdata,.data,.CRT,.data1,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 9. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
bootdrv
[A ] 10. c:\windows\system32\drivers\bootdrv.sys
bootdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 11. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 12. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 13. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 14. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 15. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
ialm
[A ] 16. c:\windows\system32\drivers\ialmnt5.sys
Intel Corporation
Intel Graphics Miniport Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 17. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
mProcRs
[A ] 18. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
NPF
[A ] 19. c:\windows\system32\drivers\npf.sys
Politecnico di Torino
NPF Driver - TME extensions
.text,.rdata,.data,INIT,.rsrc,.reloc,
PCAMPR5
[A ] 20. c:\windows\system32\pcampr5.sys
Printing Communications Assoc., Inc. (PCAUSA)
PCAUSA NDIS 5.0 MPR Protocol Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
PCANDIS5
[A ] 21. c:\windows\system32\pcandis5.sys
Printing Communications Assoc., Inc. (PCAUSA)
PCAUSA NDIS 5.0 Protocol Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 22. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 23. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 24. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 25. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 26. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
[AM] 27. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.rdata,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[AM] 28. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000AAA-A363-466E-BEF5-9BB68697AA7F}
[AM] 29. d:\软件安装盘\web迅雷\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
飞天蛛蛛 - 2007-7-23 14:03:00
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[AM] 30. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
KuGoo3
[A ] 31. d:\软件安装盘\kugoo2007\inextend\kugoo3downxcontrol.ocx
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 32. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 33. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
RISING
[AM] 34. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[AM] 35. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
Web Folders
[A ] 36. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
Windows木马清道夫
[AM] 37. d:\软件安装盘\木马清道夫\ftccommenu.dll
Fygsoft and Microsoft
Com组件菜单
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 34. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 38. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
{0EA66AD2-CF26-2E23-532B-B292E22F3266}
[AM] 39. c:\program files\internet explorer\plugins\newtemp.dll
UPX0,UPX1,.rsrc,
{613AF41A-21B1-131B-1BFC-D2A90DF4A2B6}
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
{22311A42-AC1B-158F-FD32-5674345F23A2}
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
{5A65498A-7653-9801-1647-987114AB7F45}
[AM] 42. c:\windows\system32\zxepri.dll
{40117B96-998D-4D80-8F89-5E9DBD9F3460}
[AM] 43. c:\program files\internet explorer\plugins\syswin64.sys
{459AFD5B-159F-ACD8-954C-ACD545FA6584}
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
{425AB2F3-234A-7469-2F43-E341713ABFA4}
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[A ] 46. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
RfwMain
[A ] 47. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
runeip
[AM] 48. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
飞天蛛蛛 - 2007-7-23 14:03:00
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 49. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 50. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 50. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 50. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 50. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 其他自启动项目
+ c:\autorun.inf
open
[A ] 51. c:\pegefile.pif
UPX0,UPX1,.rsrc,
shellexecute
[A ] 51. c:\pegefile.pif
UPX0,UPX1,.rsrc,
shell\Auto\command
[A ] 51. c:\pegefile.pif
UPX0,UPX1,.rsrc,
+ d:\autorun.inf
open
[A ] 52. d:\pegefile.pif
UPX0,UPX1,.rsrc,
shellexecute
[A ] 52. d:\pegefile.pif
UPX0,UPX1,.rsrc,
shell\Auto\command
[A ] 52. d:\pegefile.pif
UPX0,UPX1,.rsrc,
+ e:\autorun.inf
open
[A ] 53. e:\pegefile.pif
UPX0,UPX1,.rsrc,
shellexecute
[A ] 53. e:\pegefile.pif
UPX0,UPX1,.rsrc,
shell\Auto\command
[A ] 53. e:\pegefile.pif
UPX0,UPX1,.rsrc,
飞天蛛蛛 - 2007-7-23 14:05:00
+ 正在运行的进程
+ 00000174(372) Explorer.EXE
003D0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
10000000[0001B000]
[AM] 34. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
00BB0000[00011000]
[AM] 38. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
00BE0000[0000D000]
[AM] 39. c:\program files\internet explorer\plugins\newtemp.dll
UPX0,UPX1,.rsrc,
00DA0000[00012000]
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
00E10000[0000A000]
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
00E60000[0000A000]
[AM] 42. c:\windows\system32\zxepri.dll
00EB0000[00011000]
[AM] 43. c:\program files\internet explorer\plugins\syswin64.sys
00FD0000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
72C80000[00008000]
[ M] 54. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
014F0000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
01C80000[0003C000]
[ M] 56. c:\windows\system32\igfxpph.dll
Intel Corporation
igfxpph Module
.text,.rdata,.data,.rsrc,.reloc,
01640000[0001E000]
[ M] 57. c:\windows\system32\hccutils.dll
Intel Corporation
hccutils Module
.text,.rdata,.data,.rsrc,.reloc,
01CC0000[00029000]
[ M] 58. c:\windows\system32\igfxres.dll
Intel Corporation
xxxxres Module
.text,.rdata,.data,.rsrc,.reloc,
01CF0000[00058000]
[AM] 27. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.rdata,.data,.rsrc,.reloc,
01D60000[00024000]
[ M] 59. c:\windows\system32\igfxdev.dll
Intel Corporation
igfxdev Module
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 60. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
01990000[0002D000]
[AM] 33. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
033E0000[00019000]
[ M] 61. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
03030000[00033000]
[AM] 37. d:\软件安装盘\木马清道夫\ftccommenu.dll
Fygsoft and Microsoft
Com组件菜单
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
30BF0000[00289000]
[ M] 62. c:\windows\system32\ffdshow.ax
DirectShow and VFW video and audio decoding/encoding/processing filter
.text,.rdata,.data,.rodata,.rsrc,.reloc,
7C340000[00056000]
[ M] 63. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
04150000[000E4000]
[ M] 64. d:\软件安装盘\storm codec\codecs\vsfilter.dll
Gabest
DirectShow/VirtualDub/Avisynth 的图形和文本字幕滤镜
.text,_TEXT64,.rdata,.data,.rsrc,.reloc,
03850000[0002B000]
[ M] 65. d:\软件安装盘\storm codec\codecs\ttl2dec.dll
.text,.rdata,.data,.reloc,
飞天蛛蛛 - 2007-7-23 14:05:00
+ 000001b4(436) smss.exe
+ 000001f4(500) csrss.exe
+ 0000020c(524) winlogon.exe
004D0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
72C80000[00008000]
[ M] 54. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 0000023c(572) services.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 00000248(584) lsass.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 000002e8(744) svchost.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 00000318(792) svchost.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 00000354(852) runiep.exe
00400000[00012000]
[AM] 48. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00AD0000[00011000]
[AM] 43. c:\program files\internet explorer\plugins\syswin64.sys
00B20000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000036c(876) svchost.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 0000038c(908) ctfmon.exe
003D0000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
00A00000[00011000]
[AM] 43. c:\program files\internet explorer\plugins\syswin64.sys
10000000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000398(920) svchost.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 000003d0(976) svchost.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 0000051c(1308) spoolsv.exe
003C0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 0000056c(1388) RavStub.exe
00400000[00018000]
[ M] 66. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 67. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 60. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 0000069c(1692) Ras.exe
00400000[0013F000]
[ M] 68. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
003D0000[00012000]
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
10000000[000A3000]
[ M] 69. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01500000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
01740000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
01750000[0000A000]
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
01770000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 00000768(1896) alg.exe
+ 0000087c(2172) Dot1XClient.exe
00400000[00025000]
[ M] 70. c:\program files\huawei-3com\h3c 802.1x 客户端\dot1xclient.exe
.text,.rdata,.data,.rsrc,
10000000[00019000]
[ M] 71. c:\windows\system32\w32n50.dll
Printing Communications Assoc., Inc. (PCAUSA)
WinDis 32 API & Platform Compatibility DLL
.text,.rdata,.data,.rsrc,.reloc,
00CF0000[00011000]
[AM] 43. c:\program files\internet explorer\plugins\syswin64.sys
00FE0000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
01120000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
011B0000[0000A000]
[AM] 42. c:\windows\system32\zxepri.dll
011C0000[0000A000]
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
011D0000[00012000]
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
011F0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
飞天蛛蛛 - 2007-7-23 14:06:00
+ 000008dc(2268) conime.exe
10000000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000009e8(2536) svchost.exe
003C0000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
+ 00000b1c(2844) iexplore.exe
003D0000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
10000000[00057000]
[AM] 28. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
06ED0000[00019000]
[AM] 29. d:\软件安装盘\web迅雷\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
07D80000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
325C0000[00012000]
[AM] 35. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
08580000[00019000]
[ M] 61. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
08E40000[0000A000]
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
08E50000[00012000]
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
08E70000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
30000000[002EE000]
[ M] 72. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 54. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
07C80000[0000B000]
[AM] 30. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ 00000dc0(3520) iexplore.exe
003D0000[0000A000]
[AM] 44. c:\windows\system32\jzdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
10000000[00057000]
[AM] 28. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
06ED0000[00019000]
[AM] 29. d:\软件安装盘\web迅雷\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
07D40000[0001B000]
[ M] 55. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
07DB0000[0000A000]
[AM] 45. c:\windows\system32\wgdpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
07DC0000[0000A000]
[AM] 41. c:\windows\system32\dhbpri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
082E0000[00012000]
[AM] 40. c:\windows\system32\xyepri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
325C0000[00012000]
[AM] 35. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
08550000[00019000]
[ M] 61. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 54. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 72. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
0C780000[00035000]
[ M] 73. c:\windows\system32\xpsp3res.dll
Microsoft Corporation
Service Pack 3 Messages
.rsrc,
流星陨落 - 2007-7-23 14:12:00
c:\pegefile.pif
d:\pegefile.pif
e:\pegefile.pif
c:\windows\system32\jzdpri.dll
c:\program files\internet explorer\plugins\newtemp.dll
c:\windows\system32\xyepri.dll
c:\windows\system32\dhbpri.dll
c:\windows\system32\zxepri.dll
c:\program files\internet explorer\plugins\syswin64.sys
c:\windows\system32\wgdpri.dll
以上文件压缩发送到http://up.rising.com.cn/webmail/uploadnew.htm
使用卡卡助手清理系统,并升级瑞星到最新版本,安全模式全盘杀毒
我为歌狂啊 - 2008-7-13 16:20:00
今天不知怎么的,电脑一开机就自动注销,最后关机了,好像是中了病毒,我把病毒名称写下来,希望大家帮帮忙! Trojan.win32.un```````````````````````` :default46:
pehi - 2008-7-13 17:26:00
楼上的能进安全模式吗???中了木马...但名字是不是没打全??建议也是上传一份日志上来吧...
用windows清理助手清理一下系统。(未签名的那些不要选择删除)
windows清理助手下载页面:
http://www.arswp.com/download.html———————————————————————————————————————
然后使用System Repair Engineer扫描日志,将日志作为附件上传上来。
下载页面:
http://www.kztechs.com/sreng/download.html操作方法:
1、下载后解压缩,运行SREngPS.EXE;
2、如果无法打开尝试把SREngPS.EXE改名为123.com,并复制到c:\windows目录下运行;
3、依次点击【智能扫描】-【扫描】,耐心等待,扫描结束后点击【保存报告】;
4、选择保存路径,文件名保持默认,直接点击【保存】;
5、打开保存的日志文件SREngLOG.log,完整复制全部内容,新建一个文本文档,将日志中的全部内容粘贴到“新建文本文档.txt”
中;
6、将“新建文本文档.txt”作为附件上传,同时务必详细描述问题现象,如果有查杀不净的病毒务必提供病毒名和路径。
注意:扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序。
木马群专工具:
http://bbs.ikaka.com/showtopic-8443439.aspx关于SRENG工具运行后被病毒异常关闭并删除其文件的情况,请优先使用瑞星听诊器或syscheck扫描系统日志来,因为在扫描系统进
程日志的工具中,首选的就是SRENG工具,其次就是瑞星听诊器或syscheck了。具体请看天月来了版主的这贴:
http://bbs.ikaka.com/showtopic-8517758.aspx
shunqifeng - 2008-7-16 11:04:00
升级杀毒软件查杀下看看
1
© 2000 - 2026 Rising Corp. Ltd.