【求助】格式错误，请版主删了这贴，谢谢 bbs.ikaka.com

冰寒客 - 2007-9-18 10:57:00

kvdxbis.exe>>C:\WINDOWS\system32\kvdxbis.exe 本机
Trojan.PSW.Win32.OnlineGames.yqi 清除成功 2007-09-18 09:27 手动扫描 avwlast.exe>>C:\WINDOWS\system32\avwlast.exe 本机
Backdoor.Win32.Agent.moi 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 systems.exe>>upack0.39 本机
Trojan.PSW.Win32.XYOnline.hu 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 kvmxcis.exe>>upack0.34 本机
Trojan.PSW.Win32.ZhengTu.yjx 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 rsmyasp.exe>>upack0.34 本机
Trojan.PSW.Win32.OnlineGames.yov 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 avzxast.exe>>upack0.34 本机
Trojan.PSW.Win32.XYOnline.hw 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 kvdxbis.exe>>upack0.34 本机
Trojan.PSW.Win32.OnlineGames.yqi 删除成功 2007-09-18 09:29 手动扫描 c:\windows\system32 avwlast.exe>>upack0.34 本机
Trojan.PSW.Win32.LMir.yez 删除成功 2007-09-18 09:34 手动扫描 c:\documents and settings\new\local settings\temp 03.exe>>Aspack212r 本机
Trojan.PSW.Win32.OnlineGames.ykv 删除成功 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravgjmon.exe>>upack0.39 本机
Trojan.PSW.Win32.OnlineGames.ykv 重新启动计算机后删除文件 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravgjmon.dat>>upack0.34 本机
Trojan.PSW.Win32.OnlineGames.yis 删除成功 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravwdmon.exe>>upack0.39 本机
Trojan.PSW.Win32.AskTao.cf 重新启动计算机后删除文件 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravwdmon.dat>>upack0.34 本机
Trojan.PSW.Win32.OnlineGames.ykc 删除成功 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravcqmon.exe>>upack0.39 本机
Trojan.PSW.Win32.OnlineGames.ykc 重新启动计算机后删除文件 2007-09-18 09:35 手动扫描 c:\program files\netmeeting ravcqmon.dat>>upack0.34 本机

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Poco 0.31; Maxthon; Mozilla/4.0(Compatible Mozilla/4.0EmbeddedWB- 14.59 from: http://bsalsa.com/ )

冰寒客 - 2007-9-18 10:59:00

以下为日志内容：

[CODE]

2007-09-18,09:54:30

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><; C:\WINDOWS\system32\壁纸自动换.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<msnmask><C:\Program Files\Common Files\Microsoft Shared\MSInfo\msnmask.exe> [N/A]
<winmask><C:\Program Files\Common Files\Microsoft Shared\MSInfo\winmask.exe> [N/A]
<ravmsmon><C:\Program Files\NetMeeting\ravmsmon.exe> []
<AGRSMMSG><; AGRSMMSG.exe> [Agere Systems]
<Alcmtr><; ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<InCD><; C:\Program Files\Ahead\InCD\InCD.exe> [Ahead Software AG]
<IntelWireless><; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation]
<IntelZeroConfig><; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation]
<LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe> [Agere Systems]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
<RemoteControl><; "D:\program files\cyberlinkdvd\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<RTHDCPL><; RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><rarjapi.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><> [N/A]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins> []
<{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> []
<{3D47B341-43DF-4563-753F-345FFA3157D3}><C:\WINDOWS\system32\kvmxcma.dll> [N/A]
<{234345F1-DACF-3452-CB7D-4620F34A1532}><C:\WINDOWS\system32\rsztbpm.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> [N/A]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> [N/A]
<{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}><C:\WINDOWS\system32\rsjzbpm.dll> []
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{4B681598-AD5F-BC8C-77DC-748FAC8D3FB4}><C:\WINDOWS\system32\kafydzy.dll> []
<{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINDOWS\system32\avwlamn.dll> [N/A]
<{37D81718-1314-5200-2597-587901018073}><C:\WINDOWS\system32\kaqhczy.dll> []
<{2C87A354-ABC3-DEDE-FF33-3213FD7447C2}><C:\WINDOWS\system32\kvdxbma.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><; C:\PROGRA~1\Picasa2\Picasa2.scr> [N/A]

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\腾讯QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

冰寒客 - 2007-9-18 11:01:00

服务
[Atheros 配置服务 / ACS][Running/Auto Start]
<C:\WINDOWS\system32\acs.exe><N/A>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InCD Helper / InCDsrv][Running/Auto Start]
<C:\Program Files\Ahead\InCD\InCDsrv.exe><Ahead Software AG>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[systems / systems][Stopped/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>

冰寒客 - 2007-9-18 11:09:00

麻烦版主删除！刚发现格式错了，我重发

瑞星卡卡安全论坛