瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 木马伪Spoolsv.exe进程100%!!!无法查杀???

12   2  /  2  页   跳转

木马伪Spoolsv.exe进程100%!!!无法查杀???

收藏
PBJ254387
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2005-04-30
  • 来自:
发表于: 2006-10-30 18:21 | 只看楼主 短消息 资料
字号: 11楼

[C:\Program Files\金山词霸 2005\ijl11.dll]  [Intel Corporation, 1.1.2]
    [C:\Program Files\金山词霸 2005\NormGrab.DLL]  [Kingsoft Co, Ltd., 6, 0, 0, 0]
    [C:\Program Files\金山词霸 2005\toTTSEngine50.dll]  [Kingsoft Corporation, 1, 0, 0, 1]
    [C:\Program Files\金山词霸 2005\xfile.dll]  [N/A, N/A]
    [C:\Program Files\金山词霸 2005\DBCore10.dll]  [Kingsoft  Corp., 1, 0, 0, 0]
    [C:\Program Files\金山词霸 2005\XdictGrb.dll]  [Kingsoft Co, Ltd., 8, 5, 0, 0]
[PID: 2412][C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe]  [Adobe Systems Incorporated, 6.0.0.2003051900]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AGM.dll]  [Adobe Systems Incorporated, 4.10.49]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\CoolType.dll]  [Adobe Systems Incorporated, 4.13.41]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\JP2KLib.dll]  [Adobe system Incorporated, 1.0.22891]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\OPP.dll]  [Adobe Systems Incorporated, 1.02.05]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\BIB.dll]  [Adobe Systems Incorporated, 1.1.14]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ACE.dll]  [Adobe Systems Incorporated, 2.03.24]
    [C:\WINDOWS\system32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 226]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\SPPlugins\ADMPlugin.apl]  [Adobe Systems Incorporated, 3.00x75]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\SPPlugins\ExpressViews.apl]  [Adobe Systems Incorporated, 6.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Accessibility.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\AcroForm.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ADBC.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Annotations\Annots.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Catalog.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Checkers.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\DigSig.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\DistillerPI.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ebook.api]  [Adobe Systems Incorporated, 6.0.0.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\EScript.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\EWH32.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\FlattenerView.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\hls.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\HTML2PDF.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\IA32.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ImageConversion\ImageConversion.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\ImageViewer\ImageViewer.API]  [Adobe Systems Inc., 5.0.0.38163]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\LegalPDF.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\MakeAccessible.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Multimedia\Multimedia.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PaperCapture\PaperCapture.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PDDom.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PictureTasks\PictureTasks.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\PPKLite.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Preflight\Preflight.api]  [callas software gmbh, 1.0.112.1]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\printme.api]  [Electronics For Imaging, Inc., 6, 0, 16, 1]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\reflow.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SaveAsRTF.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SaveAsXML\SaveAsXML.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Search.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Search5.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SendMail.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\SepsView.api]  [Adobe Systems Incorporated, 6.0.0.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Soap.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Spelling.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Tablepicker\TablePicker.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\TouchUp.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\Updater.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\esdupdate.dll]  [Adobe Systems, 2, 0, 0, 21]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\weblink.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\WebPDF.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\xdict32.API]  [Kingsoft Co, Ltd., 8, 5, 0, 0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\XFA.api]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\Common Files\Adobe\Linguistics\Linguistic.dll]  [Adobe Systems Incorporated, 1.00RC4]
    [C:\WINDOWS\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 5, 0, 0]
    [C:\WINDOWS\system32\WbCodeU.dll]  [, 2, 5, 0, 0]
[PID: 304][C:\WINDOWS\system32\WISPTIS.EXE]  [Microsoft Corporation, 1.0.2201.0 (xpsp1.020820-1800)]
[PID: 1000][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\TPHANDLE.dll]  [江苏科建教育软件有限责任公司, 5, 0, 10, 10]
    [C:\PROGRA~1\FlashGet\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\system32\Sbhoplin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3156][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE]  [Microsoft Corporation, 11.0.5612]
    [C:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI61.DLL]  [CANON INC., 1.80.3.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR61.DLL]  [CANON INC., 1.80.3.0]
    [C:\WINDOWS\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 5, 0, 0]
    [C:\WINDOWS\system32\WbCodeU.dll]  [, 2, 5, 0, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.60.709.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 60, 2629, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 5, 60, 2209, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 6, 0, 909, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL]  [Zenographics, Inc., 0, 3, 3508, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
[PID: 2852][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\WINDOWS\system32\TPHANDLE.dll]  [江苏科建教育软件有限责任公司, 5, 0, 10, 10]
    [C:\PROGRA~1\FlashGet\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\system32\Sbhoplin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 200][C:\WINDOWS\system32\dllhost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1696][\\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4fa7c59b\mscorlib.dll]  [N/A, N/A]
    [c:\windows\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll]  [ , 7.10.3052.4]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\qvwauedh.dll]  [ , 0.0.0.0]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\assembly\dl2\d8f5ef2e\4cf91139_2afac601\weblink.dll]  [ , 1.0.2492.15733]
    [c:\windows\assembly\gac\crystaldecisions.crystalreports.engine\9.1.5000.0__692fbea5521e1304\crystaldecisions.crystalreports.engine.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystaldecisions.shared\9.1.5000.0__692fbea5521e1304\crystaldecisions.shared.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystalkeycodelib\9.1.5000.0__692fbea5521e1304\crystalkeycodelib.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystaldecisions.reportsource\9.1.5000.0__692fbea5521e1304\crystaldecisions.reportsource.dll]
gototop
 
PBJ254387
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2005-04-30
  • 来自:
发表于: 2006-10-30 18:22 | 只看楼主 短消息 资料
字号: 12楼

[Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystaldecisions.web\9.1.5000.0__692fbea5521e1304\crystaldecisions.web.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystalenterpriselib\9.1.5000.0__692fbea5521e1304\crystalenterpriselib.dll]  [ Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystalreportpluginlib\9.1.5000.0__692fbea5521e1304\crystalreportpluginlib.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystalinfostorelib\9.1.5000.0__692fbea5521e1304\crystalinfostorelib.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\assembly\gac\crystalpluginmgrlib\9.1.5000.0__692fbea5521e1304\crystalpluginmgrlib.dll]  [Crystal Decisions, Inc., 9.1.9800.0]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\1zwdbohv.dll]  [N/A, N/A]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\kr5sgz8t.dll]  [N/A, N/A]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\nbvlovrx.dll]  [ , 0.0.0.0]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\cwl78m9m.dll]  [N/A, N/A]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\weblink\4d2f14b1\43289e27\cvtxp8y4.dll]  [N/A, N/A]
[PID: 240][\\permaisuri\Common Share Folder\扫描工具\SREng.exe]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-10-30 18:26 | 短消息 资料
字号: 13楼

你好像装了二个杀软卡巴和瑞星吗
gototop
 
PBJ254387
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2005-04-30
  • 来自:
发表于: 2006-10-30 18:28 | 只看楼主 短消息 资料
字号: 14楼

只有瑞星
gototop
 
xiaxxx1984
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2005-08-03
  • 来自:
发表于: 2006-10-30 18:47 | 短消息 资料
字号: 15楼

这个毒我也碰到过。我有一个方法就是在服务里面把print sploov这个打印机的服务禁止。不过禁止此服务就不能使用打印机。

因为我要使用打印机所以把系统重装了一次。
没有找到有效的方法。希望高手指点。
gototop
 
PBJ254387
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2005-04-30
  • 来自:
发表于: 2006-10-31 08:44 | 只看楼主 短消息 资料
字号: 16楼

UP
我这里有好多台电脑都一样
用Printer Server这病毒在局域网内传播
重装这么多台电脑是很恐怖的。。。

高手!!!
gototop
 
lbz5339
头像
初生襁褓狮
  • 帖子:49
  • 注册: 2006-07-10
  • 来自:
发表于: 2006-11-02 09:16 | 短消息 资料
字号: 17楼

引用:
【PBJ254387的贴子】只有瑞星
………………

我试过了,即使禁止打印机也没有效!
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT