瑞星卡卡安全论坛在线技术支持在线技术支持[已关闭] 【求助】各位大大这是怎么了!!知道的帮帮偶!万分感谢!!

12   1  /  2  页   跳转

【求助】各位大大这是怎么了!!知道的帮帮偶!万分感谢!!

收藏
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-09 13:46 | 只看楼主 短消息 资料
字号: 1楼

【求助】各位大大这是怎么了!!知道的帮帮偶!万分感谢!!

这是什么病毒啊!
偶每次清除之后,系统只要重启又有.我该怎样解决.谢谢了
请看截图:
ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±

附件附件:

您所在的用户组无法下载或查看附件

最后编辑2007-02-15 16:33:15
分享到:
gototop
 
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-10 16:24 | 只看楼主 短消息 资料
字号: 2楼

怎么没有人啊!人呢ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
奇迹天下
头像
叱咤花甲狮
  • 帖子:2935
  • 注册: 2004-07-01
  • 来自:
发表于: 2007-02-10 20:06 | 短消息 资料
字号: 3楼

灰鸽子病毒ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-11 10:14 | 只看楼主 短消息 资料
字号: 4楼

引用:
【奇迹天下的贴子】灰鸽子病毒
………………

嗯?谢谢楼上的!!
我该怎么解决呢?ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
奇迹天下
头像
叱咤花甲狮
  • 帖子:2935
  • 注册: 2004-07-01
  • 来自:
发表于: 2007-02-11 11:38 | 短消息 资料
字号: 5楼

去下载sreng,扫描日志,贴上来ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-11 13:51 | 只看楼主 短消息 资料
字号: 6楼

感谢奇迹天下的热情帮助!!
2007-02-11,13:21
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RfwMain><"D:\RISING\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\RISING\Rising\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
服务
[Netwo Systema Graypigeon / graypigeo][Stopped/Auto Start]
  <C:\WINDOWS\serverasd.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <D:\RISING\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\RISING\Rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\Rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Print Spooler / Spooler][Stopped/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><N/A>

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][D:\RISING\Rising\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 948][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140][D:\RISING\Rising\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [D:\RISING\Rising\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\RISING\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\RISING\Rising\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\RISING\Rising\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\RISING\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\RISING\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\RISING\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\RISING\Rising\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\RISING\Rising\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [D:\RISING\Rising\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\RISING\Rising\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\RISING\Rising\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\RISING\Rising\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\RISING\Rising\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\RISING\Rising\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\RISING\Rising\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\RISING\Rising\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\RISING\Rising\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [D:\RISING\Rising\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\RISING\Rising\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [D:\RISING\Rising\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\RISING\Rising\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\RISING\Rising\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\RISING\Rising\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
    [D:\RISING\Rising\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [D:\RISING\Rising\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [D:\RISING\Rising\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [D:\RISING\Rising\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\RISING\Rising\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\RISING\Rising\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1244][D:\RISING\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
    [D:\RISING\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [D:\RISING\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [D:\RISING\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [D:\RISING\Rising\Rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [D:\RISING\Rising\Rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [D:\RISING\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1324][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\RISING\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [F:\Program Files\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1608][D:\RISING\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [D:\RISING\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\RISING\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\RISING\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\RISING\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\RISING\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1640][D:\RISING\Rising\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\RISING\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\RISING\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\RISING\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\RISING\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1688][D:\RISING\Rising\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [D:\RISING\Rising\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\RISING\Rising\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\RISING\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\RISING\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\RISING\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\RISING\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\RISING\Rising\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[PID: 244][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [D:\RISING\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 388][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
[PID: 1636][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

                  感谢奇迹天下的热情帮助!!
ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
天生我才WHJ
头像
特邀体验者
  • 帖子:3919
  • 注册: 2006-07-09
  • 来自:
论坛8周年活动礼物
发表于: 2007-02-11 20:35 | 短消息 资料
字号: 7楼

安全模式下杀毒试一试ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
天生我才WHJ
头像
特邀体验者
  • 帖子:3919
  • 注册: 2006-07-09
  • 来自:
论坛8周年活动礼物
发表于: 2007-02-11 20:36 | 短消息 资料
字号: 8楼

不过有时候久了它就自己没了  查不到木马了ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-12 22:11 | 只看楼主 短消息 资料
字号: 9楼

引用:
【天生我才WHJ的贴子】安全模式下杀毒试一试
………………

偶试过了不行啊?ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
nanguo
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-09
  • 来自:
发表于: 2007-02-14 18:42 | 只看楼主 短消息 资料
字号: 10楼

达达帮帮忙啊ë„Èó·_t¼bbs.ikaka.comíàw©ý)ÙÕ±
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT