中了蠕虫,无法解决,请大家看看日志 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中了蠕虫,无法解决,请大家看看日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

中了蠕虫,无法解决,请大家看看日志

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-03 21:04 \| 只看楼主短消息资料字号：小中大 1楼中了蠕虫,无法解决,请大家看看日志 Logfile of HijackThis v1.99.1 Scan saved at 20:54:59, on 2006-8-3 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\ICO.EXE C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe D:\易发\bin\yfdown.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\PowerPanel\Program\PcfMgr.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\ywau.exe C:\WINDOWS\TEMP\~1.tmp.exe C:\Documents and Settings\vaio\桌面\ha_hijackthis_1991\HijackThis.exe R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\english\KuGoo3\KuGoo3DownXControl.ocx O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [yfdown] D:\易发\bin\yfdown.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: PowerPanel.lnk = ? O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\english\qq\AddToNetDisk.htm O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\english\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\english\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\english\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\english\qq\SendMMS.htm O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - D:\english\jgkk\IEPlugin.dll O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - D:\english\jgkk\IEPlugin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\english\qq\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\english\qq\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\english\qq\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\english\qq\QQIEHelper.dll (file missing) O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/cn/ O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_admin88&url=http://client.jogo.cn/download/cnnic/cdn.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C9A0C7F-25E6-4C2E-891C-E8A62BF18901}: NameServer = 202.96.128.86 202.96.134.133 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2006-08-04 01:05:45
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	分享到：

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-03 21:11 \| 只看楼主短消息资料字号：小中大 2楼好象是Worm.Bobic.t 和Trojan.PSW.Misc.jyr
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:10 \| 只看楼主短消息资料字号：小中大 3楼一直无法解决啊，现在病毒把一些软件给弄坏了，请大虾们帮帮忙吧
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-08-04 00:16 \| 短消息资料字号：小中大 4楼修复那个01项.. 病毒路径.. http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:24 \| 只看楼主短消息资料字号：小中大 5楼 2006-08-04,00:12:58 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation] <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [] <run><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation] <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation] <ATIModeChange><Ati2mdxx.exe> [ATI Technologies, Inc.] <AtiPTA><atiptaxx.exe> [ATI Technologies, Inc.] <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [Synaptics, Inc.] <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [Synaptics, Inc.] <Mouse Suite 98 Daemon><ICO.EXE> [Primax Electronics Ltd.] <HKSERV.EXE><C:\Program Files\Sony\HotKey Utility\HKserv.exe> [Sony Corporation] <JOGSERV2.EXE><C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe> [Sony Corporation] <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [] <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <yfdown><D:\易发\bin\yfdown.exe> [联合证券] <DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <KnightIII><8?x?> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [Microsoft Corporation] <Userinit><userinit.exe,> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [Microsoft Corporation] ================================== 启动文件夹 [PowerPanel] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\PowerPanel.lnk><N> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\System32\Ati2evxx.exe><N/A> [IMAPI CD-Burning COM Service / ImapiService] <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation> [LightScribeService Direct Disc Labeling Service / LightScribeService] <C:\Program Files\Common Files\LightScribe\LSSrvc.exe><> [Rising Process Communication Center / RsCCenter] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Sony SPTI Service / SPTISRV] <C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe><Sony Corporation> [Ulead Burning Helper / UleadBurningHelper] <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> ================================== 浏览器加载项 [] {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\english\KuGoo3\KuGoo3DownXControl.ocx, N/A> [bho Class] {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部> [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <D:\english\jgkk\IEPlugin.dll, > [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <D:\english\jgkk\IEPlugin.dll, > [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\english\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\english\qq\QQIEHelper.dll, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [&使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [&使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [上传到QQ网络硬盘] <D:\english\qq\AddToNetDisk.htm, N/A> [使用KuGoo3下载(&K)] <D:\english\KuGoo3\KuGoo3DownX.htm, N/A> [添加到QQ自定义面板] <D:\english\qq\AddPanel.htm, N/A> [添加到QQ表情] <D:\english\qq\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\english\qq\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 608][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 672][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 700][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 748][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 760][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 932][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1044][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1064][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1280][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1340][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1364][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 26> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20> [C:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9> [C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6> [C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3> [C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6> [C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30> [C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9> [C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11> [C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7> [C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:25 \| 只看楼主短消息资料字号：小中大 6楼 [C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17> [C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [PID: 1480][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [D:\english\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [PID: 1644][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)> [PID: 1856][C:\WINDOWS\System32\atiptaxx.exe] <ATI Technologies, Inc.><6.13.10.2535> [C:\WINDOWS\System32\ATRPUIXX.CHS] <ATI Technologies, Inc.><6.13.10.2535> [C:\WINDOWS\System32\atipdsxx.dll] <ATI Technologies, Inc.><6.13.10.2535> [PID: 1864][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] <Synaptics, Inc.><6.2.10 21Mar02> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 1924][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] <Synaptics, Inc.><6.2.10 21Mar02> [C:\WINDOWS\System32\SynTPAPI.dll] <Synaptics, Inc.><6.2.10 21Mar02> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 1948][C:\WINDOWS\System32\ICO.EXE] <Primax Electronics Ltd.><1, 0, 0, 7> [PID: 1968][C:\Program Files\Sony\HotKey Utility\HKserv.exe] <Sony Corporation><Version 2.3.00.01301> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [C:\Program Files\Sony\HotKey Utility\HKRes.dll] <Sony Corporation><Version 2.1.01.08140> [C:\Program Files\Common Files\Sony Shared\Jog Dial Utility\JogDial.dll] <Sony Corporation><7, 0, 1, 2140> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll] <Sony Corporation><2.4.00.12040> [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll] <Sony Corporation><4.02.8170> [PID: 1988][C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe] <Sony Corporation><7, 0, 2, 3050> [C:\Program Files\Sony\Jog Dial Navigator\ComCenter.dll] <Sony Corporation><1, 0, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [C:\Program Files\Sony\Jog Dial Navigator\JogLocale.dll] <Sony><1, 0, 2, 4110> [C:\Program Files\Sony\Jog Dial Navigator\StateMgr.dll] <Sony Corporation><1, 0, 2, 4030> [C:\Program Files\Sony\Jog Dial Navigator\View.dll] <Sony Corporation><1, 0, 2, 4040> [C:\Program Files\Sony\Jog Dial Navigator\TrayIcon.dll] <Sony Corporation><1, 0, 1, 2140> [C:\Program Files\Sony\Jog Dial Navigator\Remocon.dll] <Sony Corporation><1, 0, 1, 2260> [C:\Program Files\Sony\Jog Dial Navigator\Sound.dll] <Sony Corporation><1, 0, 1, 2140> [C:\Program Files\Sony\Jog Dial Navigator\Indctr.dll] <Sony Corporation><1, 0, 2, 4040> [C:\Program Files\Sony\Jog Dial Navigator\Setting.dll] <Sony Corporation><1, 0, 2, 3050> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll] <Sony Corporation><2.4.00.12040> [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll] <Sony Corporation><4.02.8170> [C:\Program Files\Sony\Jog Dial Navigator\SjProxy.dll] <N/A><N/A> [PID: 208][D:\易发\bin\yfdown.exe] <联合证券><1.0.0.613> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 232][C:\Program Files\D-Tools\daemon.exe] <DAEMON'S HOME><3.44.0.0> [C:\WINDOWS\daemon.dll] <N/A><3.44.0.0> [C:\Program Files\D-Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12> [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.1.0> [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.02.0.0> [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.01.0.0> [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.02.0.0> [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 280][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:25 \| 只看楼主短消息资料字号：小中大 7楼 [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 296][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 28> [C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24> [C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19> [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2> [C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 316][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 504][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.0.0155> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [PID: 1024][C:\Program Files\PowerPanel\Program\PcfMgr.exe] <Phoenix Technologies Ltd.><4.3.1.1> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [C:\Program Files\Common Files\Sony Shared\UILibrary\UILib.dll] <Sony Corporation><2.4.00.08300> [C:\Program Files\Common Files\Sony Shared\UILibrary\Tastes\gold.dll] <Sony Corporation><2.1.00.11020> [C:\Program Files\PowerPanel\Program\EngPM.dll] <Phoenix Technologies Ltd.><4.3.0.1> [C:\Program Files\PowerPanel\PROGRAM\PMDM.dll] <Phoenix Technologies Ltd.><4.3.1.1> [C:\Program Files\PowerPanel\Program\EngDM.DLL] <Phoenix Technologies Ltd.><4.1.0.1> [C:\Program Files\PowerPanel\Program\PTLACPI.DLL] <Phoenix Technologies Ltd.><4.3.1.1> [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll] <Sony Corporation><2.4.00.12040> [C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll] <Sony Corporation><4.02.8170> [C:\Program Files\PowerPanel\Program\BSACPICM.DLL] <><1, 0, 0, 1> [C:\Program Files\PowerPanel\Program\BSNTSBS.DLL] <><1, 0, 0, 3> [PID: 1384][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A> [PID: 1800][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] <><1.0.21.1> [PID: 1816][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)> [PID: 1460][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 3> [PID: 1428][C:\Program Files\Rising\Rav\RsLogVw.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18> [C:\Program Files\Rising\Rav\RsCommx.dll] <rising><18, 0, 0, 1> [C:\Program Files\Rising\Rav\rsguilib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24> [C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5> [C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10> [PID: 3480][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> [D:\english\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A> [C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll] <深圳世强软件开发部><2005, 8, 30, 1> [C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3> [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 2352][C:\Documents and Settings\vaio\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505> [C:\Program Files\Sony\Jog Dial Navigator\WMHook.dll] <Sony Corporation><3, 9, 1, 2140> [C:\WINDOWS\System32\SynTPFcs.dll] <Synaptics, Inc.><6.2.10 21Mar02> ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ==================================
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-08-04 00:31 \| 短消息资料字号：小中大 8楼没看见你所谓的蠕虫..
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:35 \| 只看楼主短消息资料字号：小中大 9楼单瑞星中不断弹出啊处理结果发现日期扫描方式路径文件 Backdoor.Gpigeon.ymf 删除成功 2006-07-09 01:37 文件监控 C:\WINDOWS Windowsnews.exe Trojan.PSW.WoWar.db 删除成功 2006-07-09 02:04 文件监控 C:\RECYCLER RECYCLER.DLL Trojan.PSW.JHOnline.dc 删除成功 2006-07-09 02:07 文件监控 C:\WINDOWS\SYSTEM32 861IEXPLOR.DLL Trojan.PSW.Misc.jyr 忽略 2006-08-03 18:12 文件监控 C:\System Volume Information\_restore{760E3FDC-763D-41DB-ABB3-E0535371013C}\RP24 A0011265.exe Worm.Bobic.t 忽略 2006-08-03 20:51 文件监控 C:\WINDOWS\System32 qyetckqlq.exe Worm.Bobic.n 重新启动计算机后删除文件2006-08-03 20:51 文件监控 C:\WINDOWS\system32 ywau.exe Worm.Bobic.n 重新启动计算机后删除文件2006-08-03 20:51 文件监控 C:\WINDOWS\SYSTEM32 ywau.exe Worm.Bobic.bz 重新启动计算机后删除文件2006-08-03 21:04 文件监控 C:\WINDOWS\TEMP ~DF2.tmp Backdoor.PoeBot.cb 重新启动计算机后删除文件2006-08-03 22:18 文件监控 C:\WINDOWS\system32 oamaszsp.exe 病毒名称处理结果发现日期扫描方式路径文件病毒来源 Backdoor.Gpigeon.ckj 清除成功 2006-07-09 00:01 手动扫描 IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE 本机 Backdoor.Gpigeon.ckj 清除成功 2006-07-09 00:42 手动扫描 IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE 本机 VBS.icarOs 删除成功 2006-07-30 17:47 快捷扫描 H: folder.htt 本机 Worm.Novar 删除成功 2006-07-30 17:47 快捷扫描 H: RavMon.exe 本机 Trojan.PSW.WoWar.db 删除成功 2006-08-03 21:26 手动扫描 C:\Documents and Settings\vaio\Local Settings\Temp 1iexplor.exe 本机 Trojan.PSW.Lmir.kdo 删除成功 2006-08-03 21:26 手动扫描 C:\Documents and Settings\vaio\Local Settings\Temp 32iexplor.exe 本机 Trojan.PSW.Lmir.kdo 删除成功 2006-08-03 21:46 手动扫描 C:\Program Files\Common Files INTEXPLORE.pif 本机 Trojan.PSW.LiuMaZi.eu 删除成功 2006-08-03 21:46 手动扫描 C:\Program Files\Common Files\Microsoft Shared\MSInfo InfoMz.Ime 本机 Trojan.PSW.WoWar.db 删除成功 2006-08-03 21:52 手动扫描 C:\RECYCLER RECYCLER.exe 本机 Worm.Bobic.t 删除成功 2006-08-03 22:03 手动扫描 C:\WINDOWS\system32 qyetckqlq.exe 本机 Worm.Bobic.n 删除成功 2006-08-03 22:04 手动扫描 C:\WINDOWS\system32 ywau.exe 本机 Worm.Bobic.bz 删除成功 2006-08-03 22:05 手动扫描 C:\WINDOWS\Temp ~DF2.tmp 本机
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:	发表于： 2006-08-04 00:36 \| 只看楼主短消息资料字号：小中大 10楼我还把它们删除了
1267 初生襁褓狮帖子:34 注册: 2006-07-13 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT