瑞星卡卡安全论坛技术交流区系统软件 电脑中毒,进不了桌面!!【求助】 有日志了; ···

12   1  /  2  页   跳转

电脑中毒,进不了桌面!!【求助】 有日志了; ···

收藏
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 11:38 | 只看楼主 短消息 资料
字号: 1楼

电脑中毒,进不了桌面!!【求助】 有日志了; ···

我的电脑昨天中毒了,开机的时候进不了桌面,通过任务管理器结束一个nortonp.exe进程以后才可以进入,并且进去后, 桌面上有一个垃圾网站的图标“成人电影”。我自己用兔子看了一下启动多了好多东西,我关闭了重起还有。在进程里面还有3个可疑进程(lsass.ese  SVCHOST.ESE ,svchost.ese ),找到了文件并且删除了,可是关闭后在开,又出来了。每一个盘里面都有AUTORUN和RavMon.EXE文件,删除不掉。要怎么删除,谢谢!!我想上传日志,但是工具不知道那里,请问那里下载 日志扫描的工具  谢谢!!!

附件附件:

下载次数:2766
文件类型:image/pjpeg
文件大小:
上传时间:2007-4-4 11:38:42
描述:



最后编辑2007-04-09 12:57:12
分享到:
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2007-04-04 11:48 | 短消息 资料
字号: 2楼

SRENG扫描工具下载地址:http://www.KZTechs.com
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2007-04-04 11:55 | 短消息 资料
字号: 3楼

找了个更全的,勘称毒区数量最多的帖子:
请下载SREng2 ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),
把保存的报告日志文件内容复制-粘贴上来,日志一次粘不完,分次粘完,
下载地址
http://www.kztechs.com/sreng/sreng2.zip
gototop
 
封箭
头像
初生襁褓狮
  • 帖子:789
  • 注册: 2004-12-14
  • 来自:
发表于: 2007-04-04 12:00 | 短消息 资料
字号: 4楼

看图其他的米看到!发现个mppds.exe,cmdbcs.exe
办法:
清除byetmr.exe,cmdbcs.exe,mppds.exe,msccrt.exe,upxdnd.exe,winform.exe


运行---msconfig-如下图:



根据SREng扫描日志请按照如下步骤,尝试删除和修复

运行SRENG--->启动项目--->注册表--->删除以下注册表
<svc><; C:\DOCUME~1\Diva\LOCALS~1\Temp\byetmr.exe>  [Microsoft Corporation]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe>  [N/A]
    <mppds><; C:\WINDOWS\mppds.exe>  [N/A]
    <msccrt><; C:\WINDOWS\msccrt.exe>  [N/A]
    <upxdnd><; C:\DOCUME~1\Diva\LOCALS~1\Temp\upxdnd.exe>  []
    <winform><; C:\WINDOWS\winform.exe>  [N/A]
    <wsttrs><; C:\WINDOWS\wsttrs.exe>  [N/A]
<twin><C:\WINDOWS\system32\twunk32.exe>  []

运行SRENG--->启动项目--->注册表--->
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><; ?粓?
? >  [N/A]
--->编辑为
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load> [N/A]

1. 杀毒前关闭系统还原(Win2000系统可以忽略):右键 我的电脑 ,属性,系统还原,在所有驱动器上关闭系统还原 打勾即可。
清除IE的临时文件:打开IE 点工具-->Internet选项 : Internet临时文件,点“删除文件”按钮 ,将 删除所有脱机内容 打勾,点确定删除。
关闭QQ等应用程序。
进行如下操作前,请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。

2.用强制删除工具 PowerRMV 下载地址: 下载地址:http://dl.filseclab.com/down/powerrmv.zip
分别填入下面的文件(包括完整的路径) ,勾选“抑止杀灭对象再次生成”,点杀灭 【有找不到提示的请忽略错误继续】
C:\DOCUME~1\Diva\LOCALS~1\Temp\byetmr.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\DOCUME~1\Diva\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\winform.exe
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\system32\twunk32.exe
C:\DOCUME~1\Diva\LOCALS~1\Temp\svchost.exe

卸载QQ,删除安装文件夹,重装。


2、先用:2007新版威金专杀工具,针对近期变种专杀 .exe图标变白
恢复exe文件之后用第二种杀毒软件
费尔托斯特安全(网上到处都有)
gototop
 
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 12:24 | 只看楼主 短消息 资料
字号: 5楼

[CODE]

2007-04-04,12:08:32

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS2\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <svc><C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\ie777.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <333><C:\Syswm1i\svchost.exe>  []
    <4><C:\SysWsj7\svchost.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SiSRaid><; C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe>  [SiS]
    <SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <WangWang><; "D:\淘宝汪汪\安装文件\WangWang\WangWang.EXE">  [阿里软件(中国)有限公司]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <CertificateRegistration><; SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <PCSuiteTrayApplication><; E:\7260PC套件\安装文件\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <StormCodec_Helper><"D:\暴风影音\安装文件\Storm Codec\StormSet.exe" /S /opti>  []
    <miniqqlive><; "C:\Program Files\Tencent\QQLive\MiniQQLive.exe">  [Tencent]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <yassistse><; C:\progra~1\yahoo!\assistant\yassistse.exe>  [(Verified)Microsoft Windows Publisher]
    <mppds><C:\WINDOWS2\mppds.exe>  []
    <winform><C:\WINDOWS2\winform.exe>  []
    <msccrt><C:\WINDOWS2\msccrt.exe>  []
    <cmdbcs><C:\WINDOWS2\cmdbcs.exe>  []
    <SVCHOST><C:\WINDOWS2\MDM.EXE>  []
    <upxdnd><C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.exe>  []
    <cmdbc><C:\WINDOWS2\cmdbc.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <GrpConv><grpconv -o>  [N/A]
    <nortonp><C:\WINDOWS2\nortonp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS2\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS2\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[Utility Tray]
  <C:\Documents and Settings\All Users.WINDOWS2\「开始」菜单\程序\启动\Utility Tray.lnk --> C:\WINDOWS2\system32\sistray.exe [Silicon Integrated Systems Corporation]><H>
[腾讯QQ]
  <C:\Documents and Settings\chunqiu.607E7E68691B4D0\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\QQ\安装文件\QQ.exe [TENCENT]><H>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\chunqiu.607E7E68691B4D0\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQ\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><H>

==================================
服务
[AF849484 / AF849484][Stopped/Auto Start]
  <C:\WINDOWS2\system32\AF849484.EXE -service><Microsoft Corporation>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Vedio Adapter / VGADown][Running/Auto Start]
  <C:\WINDOWS2\lsass.exe><N/A>
[Windows SystemDown / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS2\system32\servet.exe><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[FAMETECH USB PC CAMERA / CA561][Running/Manual Start]
  <System32\Drivers\SPCA561.SYS><SP>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\安装文件\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\QQ\安装文件\npkcusb.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[sisidex / sisidex][Running/Boot Start]
  <\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP][Running/Manual Start]
  <system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[SiSRaid / SiSRaid][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[tvequodb / tvequodb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tvequodb.sys><Yahoo! China Corporation>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <system32\DRIVERS\usb2vcom.sys><Ark Pioneer Microelectronics Ltd.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[squell / squell][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
gototop
 
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 12:24 | 只看楼主 短消息 资料
字号: 6楼

==================================
浏览器加载项
[Thunder Browser Helper]
  {33BBE42E-0E42-4F12-B075-8D21ACB10DCB} <D:\迅雷\安装文件\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷\安装文件\Thunder.exe, Thunder Networking Technologies,LTD>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\安装文件\QQ.EXE, TENCENT>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS2\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS2\system32\QQPhotoDraw.dll, TENCENT>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS2\system32\aliedit\AliEdit.dll, www.alipay.com>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS2\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS2\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS2\system32\INPUTC~1.DLL, >
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS2\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS2\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Thunder Browser Helper]
  {33BBE42E-0E42-4F12-B075-8D21ACB10DCB} <D:\迅雷\安装文件\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS2\system32\aliedit\AliEdit.dll, www.alipay.com>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\新建文~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS2\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS2\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS2\system32\BANKCE~1.DLL, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\淘宝汪汪\安装文件\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS2\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS2\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\安装文件\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS2\system32\SUBMIT~1.DLL, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS2\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS2\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[&使用迅雷下载]
  <D:\迅雷\安装文件\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷\安装文件\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\安装文件\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\QQ\安装文件\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\安装文件\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\安装文件\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>
gototop
 
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 12:25 | 只看楼主 短消息 资料
字号: 7楼

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS2\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1480][C:\WINDOWS2\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS2\system32\AF849484.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS2\system32\winform.dll]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbc.dll]  [N/A, ]
    [C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS2\system32\msccrt.dll]  [N/A, ]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 82, 63, 9]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 82, 77, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL]  [Nokia., 6, 82, 72, 2]
    [C:\WINDOWS2\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS2\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 82, 36, 1]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 82, 14, 0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [yahoo! china, 3, 6, 7, 1122]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\迅雷\安装文件\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 4, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll]  [Yahoo! China, 3, 1, 7, 1022]
[PID: 1656][C:\WINDOWS2\system32\3925249E.exe]  [N/A, ]
    [C:\WINDOWS2\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 544][C:\Syswm1i\svchost.exe]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 752][C:\WINDOWS2\SVCHOST.EXE]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 908][C:\WINDOWS2\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1080][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1008][C:\WINDOWS2\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444][C:\WINDOWS2\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1388][C:\WINDOWS2\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1344][C:\WINDOWS2\system32\runonce.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\WINDOWS2\nortonp.exe]  [N/A, ]
    [C:\WINDOWS2\system32\nortonp.dll]  [N/A, ]
[PID: 2664][C:\Documents and Settings\chunqiu.607E7E68691B4D0\My Documents\00\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS2\system32\winform.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS2\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS2\system32\md6media.dll(, N/A)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS2\system32\md6media.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[D:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[E:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[F:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[G:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[H:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"

==================================
HOSTS 文件
127.0.0.1      localhost
61.188.38.107      www.9605899.com
61.188.38.107      hyap98.com
61.188.38.107      www.hyap98.com
61.188.38.107      82087871.com
61.188.38.107      www.82087871.com
61.188.38.107      47555.cn
61.188.38.107      nc.47555.cn
61.188.38.107      cn.47555.cn
61.188.38.107      crsky.47555.cn
61.188.38.107      www.47555.cn

==================================
API HOOK
入口点错误:NtQuerySystemInformation (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:EnumServicesStatusA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:EnumServicesStatusW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:FindNextFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)

==================================
隐藏进程
    [1116] C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\ie777.exe
    [1580] C:\WINDOWS2\G_Server.exe

==================================


[/CODE]
gototop
 
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 12:26 | 只看楼主 短消息 资料
字号: 8楼

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS2\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1480][C:\WINDOWS2\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS2\system32\AF849484.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS2\system32\winform.dll]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbc.dll]  [N/A, ]
    [C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS2\system32\msccrt.dll]  [N/A, ]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 82, 63, 9]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 82, 77, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL]  [Nokia., 6, 82, 72, 2]
    [C:\WINDOWS2\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS2\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 82, 36, 1]
    [E:\7260PC套件\安装文件\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 82, 14, 0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [yahoo! china, 3, 6, 7, 1122]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\迅雷\安装文件\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 4, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll]  [Yahoo! China, 3, 1, 7, 1022]
[PID: 1656][C:\WINDOWS2\system32\3925249E.exe]  [N/A, ]
    [C:\WINDOWS2\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 544][C:\Syswm1i\svchost.exe]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 752][C:\WINDOWS2\SVCHOST.EXE]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 908][C:\WINDOWS2\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1080][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1008][C:\WINDOWS2\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444][C:\WINDOWS2\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1388][C:\WINDOWS2\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1344][C:\WINDOWS2\system32\runonce.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\WINDOWS2\nortonp.exe]  [N/A, ]
    [C:\WINDOWS2\system32\nortonp.dll]  [N/A, ]
[PID: 2664][C:\Documents and Settings\chunqiu.607E7E68691B4D0\My Documents\00\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 8, 1026]
    [C:\WINDOWS2\G_Server.DLL]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS2\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS2\system32\winform.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS2\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS2\system32\md6media.dll(, N/A)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS2\system32\md6media.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[D:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[E:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[F:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[G:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[H:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"

==================================
HOSTS 文件
127.0.0.1      localhost
61.188.38.107      www.9605899.com
61.188.38.107      hyap98.com
61.188.38.107      www.hyap98.com
61.188.38.107      82087871.com
61.188.38.107      www.82087871.com
61.188.38.107      47555.cn
61.188.38.107      nc.47555.cn
61.188.38.107      cn.47555.cn
61.188.38.107      crsky.47555.cn
61.188.38.107      www.47555.cn

==================================
API HOOK
入口点错误:NtQuerySystemInformation (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:EnumServicesStatusA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:EnumServicesStatusW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:FindNextFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)
入口点错误:FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS2\G_Server.DLL)

==================================
隐藏进程
    [1116] C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\ie777.exe
    [1580] C:\WINDOWS2\G_Server.exe

==================================


[/CODE]
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2007-04-04 13:04 | 短消息 资料
字号: 9楼

<mppds><C:\WINDOWS2\mppds.exe> []
<winform><C:\WINDOWS2\winform.exe> []
<msccrt><C:\WINDOWS2\msccrt.exe> []
<cmdbcs><C:\WINDOWS2\cmdbcs.exe> []
<upxdnd><C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.exe> []
<cmdbc><C:\WINDOWS2\cmdbc.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<GrpConv><grpconv -o> [N/A]
<nortonp><C:\WINDOWS2\nortonp.exe> []
[C:\WINDOWS2\G_Server.DLL] [N/A, ]
[C:\WINDOWS2\system32\mppds.dll] [N/A, ]
[C:\WINDOWS2\system32\winform.dll] [N/A, ]
[C:\Syswm1i\Ghook.dll] [N/A, ]
[C:\WINDOWS2\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS2\system32\cmdbc.dll] [N/A, ]
[C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS2\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS2\G_Server.DLL] [N/A, ]

[C:\WINDOWS2\system32\mppds.dll] [N/A, ]
[C:\WINDOWS2\system32\winform.dll] [N/A, ]
[C:\Syswm1i\Ghook.dll] [N/A, ]
[C:\WINDOWS2\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS2\system32\cmdbc.dll] [N/A, ]
[C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS2\system32\msccrt.dll] [N/A, ]

Autorun.inf
[C:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[D:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[E:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[F:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[G:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
[H:\]
[AutoRun]
open=RavMon.exe
shell\open=打开(&O)
shell\open\Command=RavMon.exe
shell\explore=资源管理器(&X)
shell\explore\Command="RavMon.exe -e"
==================================
HOSTS 文件
127.0.0.1 localhost
61.188.38.107 www.9605899.com
61.188.38.107 hyap98.com
61.188.38.107 www.hyap98.com
61.188.38.107 82087871.com
61.188.38.107 www.82087871.com
61.188.38.107 47555.cn
61.188.38.107 nc.47555.cn
61.188.38.107 cn.47555.cn
61.188.38.107 crsky.47555.cn
61.188.38.107 www.47555.cn
==================================
隐藏进程
[1116] C:\DOCUME~1\CHUNQI~1.607\LOCALS~1\Temp\ie777.exe
[1580] C:\WINDOWS2\G_Server.exe

==================================

你的机器已经成了病毒大本营了。病毒、流氓、鸽子一应俱全,全部杀灭可能要花很多工夫.....
另外下面两个个人觉得也有问题:
<C:\WINDOWS2\lsass.exe><N/A>(伪系统进程,可惜路径不对)
[Windows SystemDown / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS2\system32\servet.exe><N/A>(看服务的项目名称是WINDOWS系统当机,凶啊!)
gototop
 
-_-#
头像
快乐黄口狮
  • 帖子:128
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-04-04 13:07 | 只看楼主 短消息 资料
字号: 10楼

那要怎么办啊!!!就一下的时间,就中了那么多啊!!!郁闷,
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT