瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【原创】初进论坛,高手看看下问题啊

12   2  /  2  页   跳转

【原创】初进论坛,高手看看下问题啊

收藏
就是不懂啊
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-08 09:19 | 只看楼主 短消息 资料
字号: 11楼

正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 768][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1084][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1132][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1512][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1764][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2016][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.01-0307]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 2024][C:\WINDOWS\system32\VTtrayp.exe]  [S3 Graphics Co., Ltd., 2.00.36-0308B]
    [C:\WINDOWS\system32\VTDisply.dll]  [S3 Graphics Co., Ltd., 2.00.51-0308]
    [C:\WINDOWS\system32\VTGamma2.dll]  [S3 Graphics Co., Ltd., 2.00.21-0308B]
    [C:\WINDOWS\system32\VTInfo2.dll]  [S3 Graphics Co., Ltd., 2.00.26-0308B]
    [C:\WINDOWS\system32\VTOvrlay.dll]  [S3 Graphics Co., Ltd., 2.00.23-0308B]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 2032][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.42]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 188][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [, 2, 4, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  [CNNIC, 2, 2, 0, 3]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 204][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 228][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.76]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 328][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\new\TEMPLA~1\f2d45b5\1.dll]  [千橡互联, 3, 0, 2, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [C:\DOCUME~1\new\TEMPLA~1\f2d45b5\3.dll]  [千橡互联, 3, 0, 2, 8]
    [C:\DOCUME~1\new\TEMPLA~1\f2d45b5\4.dll]  [千橡互联, 3, 0, 2, 8]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 400][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 3528][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\DOWNLO~1\blcticm.dll]  [tbyqxsoft, 1, 0, 0, 1]
    [E:\Program Files\QQ2005\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
    [C:\WINDOWS\system32\vagmet.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  [CNNIC, 1, 1, 0, 0]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
    [C:\WINDOWS\system32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 3968][D:\mmsk\mmsk.exe]  [木马杀客, 2,0,0,6]
    [D:\mmsk\krnln.fnr]  [, 1, 0, 0, 1]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [D:\mmsk\iext2.fne]  [, 1, 0, 0, 1]
    [D:\mmsk\iext.fne]  [, 1, 0, 0, 1]
    [D:\mmsk\HYExtLib.fne]  [N/A, N/A]
    [D:\mmsk\HtmlView.fne]  [, 1, 0, 0, 1]
    [D:\mmsk\TrayIcon.fne]  [, 1, 0, 0, 1]
    [D:\mmsk\iext3.fne]  [, 1, 0, 0, 1]
    [D:\mmsk\xplib.fne]  [N/A, N/A]
    [D:\mmsk\mmskskin.dll]  [, 2, 0, 0, 6]
    [D:\mmsk\SkinPPWTL.dll]  [http://www.skinplusplus.com, 2, 1, 0, 0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [D:\mmsk\shell.fne]  [N/A, N/A]
    [D:\mmsk\EThread.fne]  [N/A, N/A]
    [D:\mmsk\dp1.fne]  [N/A, N/A]
    [D:\mmsk\eAPI.fne]  [, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
[PID: 264][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\vagmet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
[PID: 2660][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3632][C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe]  [Soeperman Enterprises Ltd., 1.99.0001]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
[PID: 3780][C:\Documents and Settings\new\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 1, 0, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 2, 0, 4]
    [C:\WINDOWS\qqKey.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
gototop
 
就是不懂啊
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-08 09:20 | 只看楼主 短消息 资料
字号: 12楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
12000字节,竟然连了这么多次,不好意思,帮忙看下啊
gototop
 
就是不懂啊
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-08 09:25 | 只看楼主 短消息 资料
字号: 13楼

1803152这个程序,以前也有过内似的其他数字的文件,随机启动,我在注册表里删了.但是启动以后出现其他数字的程序随机启动.
用杀毒软件扫了下,竟然有1000多病毒,许多杀不掉
现在的问题是开机总检测qqkey.dll病毒,也不知怎么杀
gototop
 
影子110
头像
叱咤花甲狮
  • 帖子:4210
  • 注册: 2005-04-10
  • 来自:怀黯
发表于: 2006-10-08 09:30 | 短消息 资料
字号: 14楼

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<1803152><C:\WINDOWS\system32\1803152.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
9><C:\WINDOWS\system32\Ravdm.exe> [N/A]
<kokv><C:\WINDOWS\system\081ia8e.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<-392347><; C:\WINDOWS\system32\-392347.exe> [N/A]
<1803152><; C:\WINDOWS\system32\1803152.exe> [N/A]
<Bittorrent><; C:\WINDOWS\bittorrent.exe> [N/A]
<IESAddr><; C:\WINDOWS\system32\-392347.exe> [N/A]
<RavAV><; C:\WINDOWS\AdobeR.exe> [N/A]
<Update><; C:\Program Files\Common Files\UPDAT\Update.exe> [N/A]

进入安全模式,去掉上面的启动项,并删除相关文件,


删除下面这个服务~并删除这个文件夹中它的一系列文件(是鸽子,还有一些DLL)
QQ / QQ]
<C:\WINDOWS\qq.exe><N/A>

修复文件关联~

另,建议下个兔子,把3721给弄出去~~
gototop
 
就是不懂啊
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-08 09:47 | 只看楼主 短消息 资料
字号: 15楼

110感谢啊,但是你说的这个:删除下面这个服务~并删除这个文件夹中它的一系列文件(是鸽子,还有一些DLL)
QQ / QQ]
<C:\WINDOWS\qq.exe><N/A>

修复文件关联~
能不能说详细些,我基本上都不会,呵呵
gototop
 
影子110
头像
叱咤花甲狮
  • 帖子:4210
  • 注册: 2005-04-10
  • 来自:怀黯
发表于: 2006-10-08 10:05 | 短消息 资料
字号: 16楼

开始  》 运行 》输入  Regedit.exe  》确定
打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名QQ
重启,查找并删除如下文件
C:\WINDOWS\qq.exe
C:\WINDOWS\qqKey.DLL(可能在这个文件夹下还有其它以QQ为主文件名的文件,有就删)

修复文件关联就是sreng上的一个功能.
系统修复>文件关联.
gototop
 
就是不懂啊
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-08 10:28 | 只看楼主 短消息 资料
字号: 17楼

感谢啊,已经基本搞好
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT