瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 警惕恶意木马下载器auto.exe(7.8更新)

«12345678»   5  /  15  页   跳转

警惕恶意木马下载器auto.exe(7.8更新)

收藏
安全防卫
头像
飘泊而立狮
  • 帖子:699
  • 注册: 2006-01-14
  • 来自:
发表于: 2007-07-05 00:31 | 短消息 资料
字号: 41楼

附病毒日志如下:
2007-07-05,10:22:07

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <DrvMon.exe><C:\WINDOWS\system32\DrvMon.exe>  [Alcor Micro, Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <\\192.168.1.63\EPSON Stylus Photo R230 Series><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P45 "\\192.168.1.63\EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230">  [N/A]
    <在 TJDN-001 上自动 EPSON Stylus Photo R230 Series (副本 2)><; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P58 "在 TJDN-001 上自动 EPSON Stylus Photo R230 Series (副本 2)" /O23 "\\TJDN-001\EPSONStyR230" /M "Stylus Photo R230">  [N/A]
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)>  [N/A]
    <High Definition Audio Property Page Shortcut><; HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]
    <QQDownload><; "d:\Program Files\QQ2006\QQDownload.exe" autostart>  [N/A]
    <RfwMain><; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [N/A]
    <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc.]
    <WebThunder><; d:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe>  [N/A]
    <TIMHost><C:\WINDOWS\TIMHost.exe>  [N/A]
    <Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe>  [N/A]
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  [N/A]
    <WinForm><C:\WINDOWS\WinForm.exe>  [N/A]
    <Microsoft Autorun10><C:\WINDOWS\system32\nwizwmgjs.exe>  [N/A]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  [N/A]
    <Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe>  [N/A]
    <Microsoft Autorun7><C:\WINDOWS\system32\nwizqjsj.exe>  [N/A]
    <Microsoft Autorun12><C:\WINDOWS\system32\nwizzhuxians.exe>  [N/A]
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  [N/A]
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{88A46432-969E-4F5E-913D-3AAF4B6A3051}><C:\WINDOWS\system32\SvTime.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Windows dbtt RunThem / dbtt][Others/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\ywoo\igyy.dll><N/A>
[FB000E3A / FB000E3A][Others/Auto Start]
  <C:\WINDOWS\system32\F77B20D5.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Win32 Debug Service / MSDebugsvc][Stopped/Disabled]
  <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Others/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nVidia WDM Video Capture (universal) / nvcap][Running/Auto Start]
  <system32\DRIVERS\nvcap.sys><NVIDIA Corporation>
[nVidia WDM A/V Crossbar / NVXBAR][Running/Auto Start]
  <system32\DRIVERS\NVxbar.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
gototop
 
安全防卫
头像
飘泊而立狮
  • 帖子:699
  • 注册: 2006-01-14
  • 来自:
发表于: 2007-07-05 00:34 | 短消息 资料
字号: 42楼

正在运行的进程
[[PID: 732][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
    [C:\WINDOWS\system32\msplrct.dll]  [N/A, N/A]
[PID: 800][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 812][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 984][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zerwx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkufd.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkjbj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hjtdx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\whgdm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wgfdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1052][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1160][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1296][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1364][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1572][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dtmon.dll]  [Data Techniques, Inc., 3.00.00]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 1680][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\GetsFiles.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wgfdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\whgdm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hjtdx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkjbj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkufd.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\zerwx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nwizwlwzs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dh2104.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nwizwmgjs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nwizzhuxians.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nwizqjsj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\Program Files\MyTvEX\Codecs\mmfinfo.dll]  [N/A, N/A]
    [C:\Program Files\MyTvEX\Codecs\mkunicode.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Program Files\QQ2006\qdshm.dll]  [, 1, 0, 101, 20]
    [D:\Program Files\QQ2006\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Corel\shared\Versions\CVersion.dll]  [Corel Corporation Limited, 9.0.0.528]
    [C:\Program Files\Corel\shared\Versions\VERS232.dll]  [N/A, N/A]
    [C:\Program Files\Corel\shared\Versions\IMPLODE.DLL]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 404][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zerwx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkufd.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkjbj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hjtdx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\whgdm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wgfdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\F0D78D11.DLL]  [Microsoft Corporation, N/A]
[PID: 864][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1988][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2040][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 516][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\zerwx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkufd.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkjbj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hjtdx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\whgdm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wgfdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Adobe\Shell\AIIcon.dll]  [Adobe Systems Incorporated, 11.0]
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CdrIco.DLL]  [Corel Corporation, 1.0.0.458]
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CRLUTL.dll]  [Corel Corporation, 1.0.0.458]
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CRLI18N.dll]  [Corel Corporation, 1.0.0.458]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 524][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.968\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\zerwx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkufd.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wkjbj.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hjtdx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\whgdm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\wgfdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]

Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[G:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
gototop
 
月夜·幽灵
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-07-04
  • 来自:
发表于: 2007-07-05 08:53 | 短消息 资料
字号: 43楼

隐藏文件不能显示~~~~病毒找不着啊!!!狂晕~~~~~~~~
gototop
 
月夜·幽灵
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-07-04
  • 来自:
发表于: 2007-07-05 08:54 | 短消息 资料
字号: 44楼

隐藏文件不能显示~~~~病毒找不着啊!!!狂晕~~~~~~~~
gototop
 
湘m浪子
头像
自信弱冠狮
  • 帖子:307
  • 注册: 2007-04-08
  • 来自:
发表于: 2007-07-05 09:38 | 短消息 资料
字号: 45楼

留个QQ不怕被人抓啊???
gototop
 
details
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-05
  • 来自:
发表于: 2007-07-05 11:23 | 短消息 资料
字号: 46楼

我昨天也中了这种病毒,跟版主所说的一样。
到今天凌晨1点刚杀完,现在才看到帖子,所以顶一下。
gototop
 
CheungWillams
头像
初生襁褓狮
  • 帖子:84
  • 注册: 2006-01-07
  • 来自:
发表于: 2007-07-05 11:51 | 短消息 资料
字号: 47楼

谢谢!!!
gototop
 
deadmanzj
头像
特邀体验者
  • 帖子:2592
  • 注册: 2006-07-24
  • 来自:
发表于: 2007-07-05 12:06 | 短消息 资料
字号: 48楼

情中玉*小辉???熟悉的名字....
gototop
 
deadmanzj
头像
特邀体验者
  • 帖子:2592
  • 注册: 2006-07-24
  • 来自:
发表于: 2007-07-05 12:09 | 短消息 资料
字号: 49楼

阳光,把QQ截图去掉....贴着有意思吗??这等于给他打广告了....
gototop
 
deadmanzj
头像
特邀体验者
  • 帖子:2592
  • 注册: 2006-07-24
  • 来自:
发表于: 2007-07-05 12:14 | 短消息 资料
字号: 50楼

为什么我自己回复的看不到了....?
gototop
 
<<上一主题|下一主题>>
«12345678»   5  /  15  页   跳转
页面顶部
Powered by Discuz!NT