aotorun和sersvet产生出病毒杀不掉，高手帮忙啊,有日志【求助】 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 aotorun和sersvet产生出病毒杀不掉，高手帮忙啊,有日志【求助】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 5 页

跳转页

aotorun和sersvet产生出病毒杀不掉，高手帮忙啊,有日志【求助】

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 01:04 \| 只看楼主短消息资料字号：小中大 11楼 [PID: 1196 / user][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [PID: 1392 / user][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [PID: 1440 / user][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [PID: 1588 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 5] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [PID: 1752 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [PID: 2092 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [PID: 2240 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [PID: 2360 / SYSTEM][C:\Program Files\Canon\CAL\CALMAIN.exe] [Canon Inc., 8, 0, 0, 21] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [PID: 2940 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3420 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\wggpri.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.2] [PID: 2684 / user][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [PID: 2760 / user][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [PID: 2780 / user][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ]
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 01:05 \| 只看楼主短消息资料字号：小中大 12楼 [PID: 2692 / user][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [E:\Program Files\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9] [E:\Program Files\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11] [E:\Program Files\Components\ResWorker\DsBho_01.dll] [, 1, 0, 0, 4] [E:\Program Files\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6] [E:\Program Files\adobereader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.3r18] [PID: 1116 / SYSTEM][C:\WINDOWS\system32\ztaset.exe] [N/A, ] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [PID: 688 / SYSTEM][C:\WINDOWS\system32\dhdins.exe] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [PID: 2664 / SYSTEM][C:\WINDOWS\system32\jziins.exe] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [PID: 3072 / SYSTEM][C:\WINDOWS\system32\qheins.exe] [N/A, ] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [PID: 528 / SYSTEM][C:\WINDOWS\system32\fyeins.exe] [N/A, ] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [PID: 2512 / user][E:\Program Files\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 8, 329] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [E:\Program Files\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 26] [E:\Program Files\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 16, 2, 108] [E:\Program Files\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [E:\Program Files\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 16, 2, 108] [E:\Program Files\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 29] [E:\Program Files\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8] [E:\Program Files\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 0, 18] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.3r18] [E:\Program Files\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9] [E:\Program Files\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 19] [E:\Program Files\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 36] [E:\Program Files\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 3, 18] [E:\Program Files\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 4, 15] [E:\Program Files\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 2, 60] [E:\Program Files\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20] [E:\Program Files\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15] [E:\Program Files\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 1, 4, 72] [E:\Program Files\Components\VPSHELL\VPSHELL.dll] [XunLei, 1, 2, 0, 10] [E:\Program Files\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [E:\Program Files\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 16] [E:\Program Files\Components\InMedia\iEmbed10.dll] [　, 3, 3, 1, 83] [E:\Program Files\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 13, 4, 58] [E:\Program Files\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [E:\Program Files\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0] [E:\Program Files\Components\DownAndPlay\DapPlayer_Now.dll] [XunLei, 1, 0, 1, 44] [E:\Program Files\Plugins\ThunderKAV\ThunderKAV.dll] [深圳市迅雷网络技术有限公司, 1.0.3.22] [E:\Program Files\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 2, 0, 11] [E:\Program Files\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6] [E:\Program Files\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 18] [E:\Program Files\Plugins\ThunderKAV\bin\ikave.dll] [, 5, 0, 0, 62] [E:\Program Files\Plugins\ThunderKAV\bin\kave.dll] [Kaspersky Lab., 5, 0, 0, 62] [PID: 2196 / user][E:\Program Files\Plugins\ThunderKAV\bin\ScanningProcess.exe] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [E:\Program Files\Plugins\ThunderKAV\bin\prloader.dll] [Kaspersky Lab, 6.0.1.305] [E:\Program Files\Plugins\ThunderKAV\bin\prkernel.ppl] [Kaspersky Lab, 6.0.1.305] [e:\program files\plugins\thunderkav\bin\prefetch.ppl] [Kaspersky Labs, 1, 0, 0, 56] [e:\program files\plugins\thunderkav\bin\avpmgr.ppl] [Kaspersky Lab, 6.0.1.305] [e:\program files\plugins\thunderkav\bin\wdiskio.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\nfio.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\avlib.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\dtreg.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\prutil.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\avp1.ppl] [Kaspersky Lab, 6.0.0.299] [e:\program files\plugins\thunderkav\bin\l_llio.ppl] [Kaspersky Labs, 6.0.9.75] [e:\program files\plugins\thunderkav\bin\ichstrms.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\hashcont.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\hccmp.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\uniarc.ppl] [Kaspersky Lab, 6.0.0.16] [e:\program files\plugins\thunderkav\bin\minizip.ppl] [Kaspersky Lab, 6.0.0.16] [e:\program files\plugins\thunderkav\bin\prseqio.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\hashmd5.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\inflate.ppl] [Kaspersky Lab, 6.0.0.16] [e:\program files\plugins\thunderkav\bin\tempfile.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\cab.ppl] [Kaspersky Lab, 6.0.0.16] [e:\program files\plugins\thunderkav\bin\arj.ppl] [Kaspersky Lab, 6.0.0.16] [e:\program files\plugins\thunderkav\bin\rar.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\mdb.ppl] [Kaspersky Lab, 6.0.0.300] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [e:\program files\plugins\thunderkav\bin\msoe.ppl] [Kaspersky Lab, 6.0.0.276] [e:\program files\plugins\thunderkav\bin\iwgen.ppl] [Kaspersky Lab, 6.0.0.276] [PID: 2908 / user][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [PID: 4076 / user][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX02.031\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\wggpri.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\WINDOWS\system32\fyepri.dll] [N/A, ] [C:\WINDOWS\system32\qhepri.dll] [N/A, ] [C:\WINDOWS\system32\jzipri.dll] [N/A, ] [C:\WINDOWS\system32\dhdpri.dll] [N/A, ] [C:\WINDOWS\system32\ztaman.dll] [N/A, ] [C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX02.031\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 01:05 \| 只看楼主短消息资料字号：小中大 13楼 ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] open=sersvet.exe shellexecute=sersvet.exe shell\Auto\command=sersvet.exe [D:\] [AutoRun] open=sersvet.exe shellexecute=sersvet.exe shell\Auto\command=sersvet.exe [E:\] [AutoRun] open=sersvet.exe shellexecute=sersvet.exe shell\Auto\command=sersvet.exe [F:\] [AutoRun] open=sersvet.exe shellexecute=sersvet.exe shell\Auto\command=sersvet.exe [H:\] [AutoRun] open=sersvet.exe shellexecute=sersvet.exe shell\Auto\command=sersvet.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1276, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1196, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1392, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2684, C:\PROGRAM FILES\RISING\RAV\RAV.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2760, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2512, E:\PROGRAM FILES\PROGRAM\THUNDER5.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2196, E:\PROGRAM FILES\PLUGINS\THUNDERKAV\BIN\SCANNINGPROCESS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2908, C:\PROGRAM FILES\WINRAR\WINRAR.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 10:18 \| 只看楼主短消息资料字号：小中大 14楼日志贴出来了，高手帮忙看看，谢谢
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 10:25 \| 只看楼主短消息资料字号：小中大 15楼最新发现，qq帐户里面的q币被盗了，瑞星杀毒都杀了好几遍了，怎么还有啊。提高手帮帮我啊，我现在什么都不敢弄了，特别是网上银行，呜～
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

╰☆不留名シ健康舞勺狮帖子:285 注册: 2007-04-30 来自:	发表于： 2007-08-29 11:35 \| 短消息资料字号：小中大 16楼 SREng-启动项目->注册表->删除以下启动项目 <?{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><> [N/A] <{725AB2F3-234A-7469-2F43-E341713ABFA7}><C:\WINDOWS\system32\wggpri.dll> [] <{9A65498A-7653-9801-1647-987114AB7F49}><C:\WINDOWS\system32\zxipri.dll> [] <{E1351752-5628-1547-FFAB-BADC13512AFE}><C:\WINDOWS\system32\ztaman.dll> [] <{56368135-64FA-BC34-DA32-DCF4FD431C95}><C:\WINDOWS\system32\qhepri.dll> [] <{B12BC423-3713-224D-3F55-32B35C62B11B}><C:\WINDOWS\system32\tlvpri.dll> [] <{959AFD5B-159F-ACD8-954C-ACD545FA6589}><C:\WINDOWS\system32\jzipri.dll> [] <{42311A42-AC1B-158F-FD32-5674345F23A4}><C:\WINDOWS\system32\dhdpri.dll> [] <{4F12545B-1212-1314-5679-4512ACEF8904}><C:\WINDOWS\system32\wddpri.dll> [] <{53472AF2-174F-AC37-197C-CAC3BCA146C5}><C:\WINDOWS\system32\fyepri.dll> [] <MSDEG32><LYLoader.exe> [] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDMG32><LYLoadmr.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] 编辑<AppInit_DLLs><wggpri.dll> [] 为<AppInit_DLLs><> [] 重启显示隐藏文件后删除(不要双吉磁盘，可用资源管理器打开) C:\WINDOWS\system32\wggpri.dll C:\WINDOWS\system32\fyepri.dll C:\WINDOWS\system32\qhepri.dll C:\WINDOWS\system32\jzipri.dll C:\WINDOWS\system32\dhdpri.dll C:\WINDOWS\system32\ztaman.dll C:\sersvet.exe D:\sersvet.exe E:\sersvet.exe F:\sersvet.exe H:\sersvet.exe C:\Autorun.inf D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf H:\Autorun.inf C:\WINDOWS\system32\LYLoader.exe C:\WINDOWS\system32\LYLoadbr.exe C:\WINDOWS\system32\LYLeador.exe C:\WINDOWS\system32\LYLoador.exe C:\WINDOWS\system32\LYLoadar.exe C:\WINDOWS\system32\LYLoadmr.exe C:\WINDOWS\system32\LYLoadhr.exe C:\WINDOWS\system32\LYLoadqr.exe 还有问题.再扫个日志上来.
╰☆不留名シ健康舞勺狮帖子:285 注册: 2007-04-30 来自:

日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京	发表于： 2007-08-29 11:37 \| 短消息资料字号：小中大 17楼用SRENG 先在启动项目里把 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <MSDEG32><LYLoader.exe> [] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDMG32><LYLoadmr.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] 删除打开-我的电脑-工具-文件夹选项-隐藏受保护的系统文件的勾去掉-显示隐藏文件-确定然后到C:\WINDOWS\SYSTEM32 下面找到 C:\WINDOWS\system32\wggpri.dll> [] C:\WINDOWS\system32\zxipri.dll> [] C:\WINDOWS\system32\ztaman.dll> [] C:\WINDOWS\system32\qhepri.dll> [] C:\WINDOWS\system32\tlvpri.dll> [] C:\WINDOWS\system32\jzipri.dll> [] C:\WINDOWS\system32\dhdpri.dll> [] C:\WINDOWS\system32\wddpri.dll> [] C:\WINDOWS\system32\fyepri.dll> [] 把这些DLL文件全部改名用SRENG -启动项目-服务-WIN32服务应用程序-隐藏已认证的微软项目-找到 [Telepho / Windowsvis][Stopped/Auto Start] <C:\WINDOWS\system32\sersvet.exe><N/A> 这个服务--删除服务--设置--否重起,重起过后,切记不要双击盘打开用WINRAR打开每个盘, 把autorun.inf和sersvet.exe 删除然后,找到已经改名的 C:\WINDOWS\system32\wggpri.dll> [] C:\WINDOWS\system32\zxipri.dll> [] C:\WINDOWS\system32\ztaman.dll> [] C:\WINDOWS\system32\qhepri.dll> [] C:\WINDOWS\system32\tlvpri.dll> [] C:\WINDOWS\system32\jzipri.dll> [] C:\WINDOWS\system32\dhdpri.dll> [] C:\WINDOWS\system32\wddpri.dll> [] C:\WINDOWS\system32\fyepri.dll> [] 删除.用SRENG,在启动项目里把这些删了把[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><wggpri.dll> [] 这个键值改为空重新安装杀毒软件,全盘杀毒,还有很多病毒: [PID: 1116 / SYSTEM][C:\WINDOWS\system32\ztaset.exe] [N/A, ] [PID: 688 / SYSTEM][C:\WINDOWS\system32\dhdins.exe] [N/A, ] [PID: 2664 / SYSTEM][C:\WINDOWS\system32\jziins.exe] [N/A, ] [PID: 3072 / SYSTEM][C:\WINDOWS\system32\qheins.exe] [N/A, ] [PID: 528 / SYSTEM][C:\WINDOWS\system32\fyeins.exe] [N/A, ] 还有,记得操作前先断网~~ 把以上操作复制保存到文本,断网,然后开搞
日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京

日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京	发表于： 2007-08-29 11:38 \| 短消息资料字号：小中大 18楼按我的做~
日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京

厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:	发表于： 2007-08-29 14:07 \| 只看楼主短消息资料字号：小中大 19楼已经按你的方法操作了，你说的“<AppInit_DLLs><wggpri.dll> [] 这个键值改为空”但是，我没有找到有><wggpri.dll>。杀毒软件重装以后杀出来的病毒也不是你说的那几个，是病毒14[1].exe>>upx_c在C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GLMHGJ8P目录下，和病毒9[1].exe>>upack0.34在C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4h234pqv下，我把病毒所在的目录的文件夹全面删除了。不知道这样的操作，现在，病毒是否已经清楚干净了？谢谢谢谢
厥根粉初生襁褓狮帖子:41 注册: 2005-09-24 来自:

日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京	发表于： 2007-08-29 14:58 \| 短消息资料字号：小中大 20楼再扫个日志来看看~~
日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京

<<上一主题|下一主题>>

2 / 5 页

跳转页

页面顶部

Powered by Discuz!NT