瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助 关于Worm.DlOnlineGames.g 有扫描日志

12   1  /  2  页   跳转

求助 关于Worm.DlOnlineGames.g 有扫描日志

收藏
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:05 | 只看楼主 短消息 资料
字号: 1楼

求助 关于Worm.DlOnlineGames.g 有扫描日志

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <EXPLORER><C:\Program Files\Common Files\System\wab32res.exe>  []
    <mdr05ru6u><C:\DOCUME~1\Owner\LOCALS~1\Temp\iexpl0re.exe>  []
    <q4whl><C:\DOCUME~1\Owner\LOCALS~1\Temp\crasos.exe>  []
    <ht96ch0vif9k><C:\DOCUME~1\Owner\LOCALS~1\Temp\1explore.exe>  []
    <89x><C:\DOCUME~1\Owner\LOCALS~1\Temp\Servere.exe>  []
    <y077241><C:\DOCUME~1\Owner\LOCALS~1\Temp\c0nime.exe>  []
    <z8rir2dlb><C:\DOCUME~1\Owner\LOCALS~1\Temp\winlog0n.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <shualai><C:\WINDOWS\shualai.exe /i>  []
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
最后编辑2007-04-17 21:50:51.373000000
分享到:
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:05 | 只看楼主 短消息 资料
字号: 2楼

==================================
浏览器加载项
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 412][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1236][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\fyzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Rav31.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1544][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 1552][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.2331]
[PID: 1568][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.2331]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2331]
[PID: 1576][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Rav31.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\fyzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
[PID: 1644][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1652][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2228][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3524][C:\DOCUME~1\Owner\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Rav31.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\fyzo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:07 | 只看楼主 短消息 资料
字号: 3楼

好象驻留在内存了 杀不掉
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:10 | 只看楼主 短消息 资料
字号: 4楼

用Worm.DlOnlineGames(Ani)蠕虫病毒专杀 在安全模式下 也找不到病毒
gototop
 
孤独更可靠
头像
锋芒艾服狮
  • 帖子:1788
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-04-17 19:10 | 短消息 资料
字号: 5楼

<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<mdr05ru6u><C:\DOCUME~1\Owner\LOCALS~1\Temp\iexpl0re.exe> []
<q4whl><C:\DOCUME~1\Owner\LOCALS~1\Temp\crasos.exe> []
<ht96ch0vif9k><C:\DOCUME~1\Owner\LOCALS~1\Temp\1explore.exe> []
<89x><C:\DOCUME~1\Owner\LOCALS~1\Temp\Servere.exe> []
<y077241><C:\DOCUME~1\Owner\LOCALS~1\Temp\c0nime.exe> []
<z8rir2dlb><C:\DOCUME~1\Owner\LOCALS~1\Temp\winlog0n.exe> []


<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<shualai><C:\WINDOWS\shualai.exe /i> []


[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\Rav31.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\Owner\LOCALS~1\Temp\LgSy0.dll] [N/A, ]


[PID: 1544][C:\WINDOWS\shualai.exe] [N/A, ]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]

HOSTS那项自己确认下

删除不掉的用,这个,一下一个..

强制删除工具 PowerRMV
下载地址: http://free.ys168.com/?gudugengkekao
(其他工具-PowerRMV.com 大小101.4KB)
填入要杀灭文件(包括完整的路径) ~勾选“抑止杀灭对象再次生成”,点杀灭!

PS:看好路径~点确定后文件被覆盖....
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:42 | 只看楼主 短消息 资料
字号: 6楼

你的方法不行啊  还是有  杀不掉
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:43 | 只看楼主 短消息 资料
字号: 7楼

有高手高手高高手帮忙没啊 救命啊
gototop
 
孤独更可靠
头像
锋芒艾服狮
  • 帖子:1788
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-04-17 19:47 | 短消息 资料
字号: 8楼

Worm.DlOnlineGames.g?

SysLoad3.exe (Worm.DlOnlineGames)恶性蠕虫病毒专杀下载

http://free.ys168.com/?gudugengkekao

这下载

如果是变种杀不掉的话,那只能反映给瑞星了..
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 19:56 | 只看楼主 短消息 资料
字号: 9楼

大哥 还是不行啊  晕死了
gototop
 
2120270
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2007-04-17
  • 来自:
发表于: 2007-04-17 21:36 | 只看楼主 短消息 资料
字号: 10楼

没高手了吗?难道传说中的高手都回家抱娃娃去了???
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT