中病毒了。。烦恼中 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中病毒了。。烦恼中

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 3 页

跳转页

中病毒了。。烦恼中

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:49 \| 只看楼主短消息资料字号：小中大 11楼 [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [PID: 1724 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.8] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 1864 / new][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3] [D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll] [BitComet, 20070704] [C:\WINDOWS\system32\AlxTB1.dll] [Alexa Internet, 7, 0, 1, 57] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 160 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 308 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 404 / new][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.27] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 1044 / new][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 00, 100, 1161] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 1064 / new][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 1236 / new][C:\WINDOWS\VM_STI.EXE] [Vimicro, 4, 2, 1124, 6] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:49 \| 只看楼主短消息资料字号：小中大 12楼 [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 1264 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8195] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1520 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1656 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [PID: 1404 / new][C:\WINDOWS\IGM.exe] [N/A, ] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [PID: 1920 / new][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 2140 / new][C:\WINDOWS\SoundMan.exe] [Realtek Semiconductor Corp., 5, 1, 0, 48] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 2200 / new][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.98] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:49 \| 只看楼主短消息资料字号：小中大 13楼 [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 2276 / new][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 7, 1, 518, 1751] [D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [D:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [D:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 7,1,518,1751] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [d:\Program Files\Tencent\TIMProxy.dll] [tencent, 0, 3, 2, 4] [D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 7,1,518,1751] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ] [D:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 7,1,518,1751] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ] [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ] [D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2] [D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310] [D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 96] [D:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 7,1,518,1751] [D:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 7,1,518,1751]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:50 \| 只看楼主短消息资料字号：小中大 14楼 [D:\Program Files\Tencent\QQ\QQFileTransfer.dll] [TENCENT, 7,1,518,1751] [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31] [PID: 3000 / new][D:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,1,518,1751] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [d:\Program Files\Tencent\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 3552 / new][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 54] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.70] [C:\Program Files\Rising\Rav\htmllib.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.12] [C:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 1, 73] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.32] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.27] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [C:\Program Files\Rising\Rav\ravuimsg.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [PID: 596 / new][D:\Program Files\Tencent\QQ\QZone\Qzone.exe] [腾讯公司, 1, 8, 102, 15] [D:\Program Files\Tencent\QQ\QZone\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [PID: 1776 / new][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3] [C:\WINDOWS\system32\xunleibho_v13.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 48] [D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll] [BitComet, 20070704] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.000.249.1] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.000.249.1] [C:\WINDOWS\system32\AlxTB1.dll] [Alexa Internet, 7, 0, 1, 57] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:50 \| 只看楼主短消息资料字号：小中大 15楼 [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [D:\Program Files\Tencent\QQ\QQPlayerProxy.dll] [Tencent, 2, 7, 108, 101] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL] [Microsoft Corporation, 5.10.2927.0] [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31] [PID: 3420 / new][D:\Program Files\Tencent\QQ\QQPlayerSvr.exe] [Tencent, 2, 7, 108, 101] [D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [D:\PROGRA~1\Tencent\QQ\VQQPLA~1.OCX] [Tencent Technology (Shenzhen) Company Limited, 3, 7, 108, 72] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [D:\PROGRA~1\Tencent\QQ\vqqsdl.dll] [Tencent Technology (Shenzhen) Company Limited, 3, 7, 108, 74] [D:\PROGRA~1\Tencent\QQ\TNProxy.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 10] [D:\Program Files\Tencent\QQ\QQMusicDld.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 1, 100, 82] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3524 / new][D:\Program Files\Tencent\TT\TTraveler.exe] [腾讯公司, 3, 3, 200, 290] [C:\WINDOWS\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.4] [D:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5] [D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [D:\Program Files\Tencent\TT\TTNetFavor.dll] [N/A, ] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0] [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31] [PID: 544 / new][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\kaqhfzy.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12] [F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\system32\ratbfpi.dll] [N/A, ] [C:\WINDOWS\system32\kvmxfma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyfpm.dll] [N/A, ] [C:\WINDOWS\system32\avzxemn.dll] [N/A, ]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:	发表于： 2007-10-19 20:51 \| 只看楼主短消息资料字号：小中大 16楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] open=IO.pif shellexecute=IO.pif shell\\Auto\\command=IO.pif [D:\] [AutoRun] open=IO.pif shellexecute=IO.pif shell\\Auto\\command=IO.pif [E:\] [AutoRun] open=IO.pif shellexecute=IO.pif shell\\Auto\\command=IO.pif [F:\] [AutoRun] open=IO.pif shellexecute=IO.pif shell\\Auto\\command=IO.pif ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 1044, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1044, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1064, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1064, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1404, C:\WINDOWS\IGM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1404, C:\WINDOWS\IGM.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2140, C:\WINDOWS\SOUNDMAN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2140, C:\WINDOWS\SOUNDMAN.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 596, D:\PROGRAM FILES\TENCENT\QQ\QZONE\QZONE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 596, D:\PROGRAM FILES\TENCENT\QQ\QZONE\QZONE.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3524, D:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3524, D:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
vivian151 初生襁褓狮帖子:46 注册: 2005-04-27 来自:

好学的菜鸟a 初生襁褓狮帖子:45 注册: 2007-10-14 来自:	发表于： 2007-10-19 21:12 \| 短消息资料字号：小中大 17楼你急不急啊！~~~我前天也中拉这个病毒，高手指点下修复好拉可以告诉你经验！！！
好学的菜鸟a 初生襁褓狮帖子:45 注册: 2007-10-14 来自:

没有梦想的男人锋芒艾服狮帖子:1680 注册: 2007-07-07 来自:	发表于： 2007-10-19 22:06 \| 短消息资料字号：小中大 18楼在清理病毒前希望楼主把以下文件用winrar压缩加密123发给我.谢谢了. qcqyt1983@163.com C:\IO.pif C:\WINDOWS\system32\SoundMan.exe 下载 arswp清理助手: http://www.arswp.com/ 下载XDelbox1.5删除工具: http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902 下载完后断开网络. 打开XDelbox1.5勾选“抑制再生”、“备份文件”（为误操作留条后路）。把以下路径添加进去(或者复制下面路径然后点xdelbox右键"从剪贴板导入),然后点右键,立即重启并删除.(如果提示不存在点确定就是) C:\WINDOWS\IGM.exe C:\Program Files\NetMeeting\avpms.exe C:\WINDOWS\system32\avzxemn.dll C:\WINDOWS\system32\kvdxema.dll C:\WINDOWS\system32\rsmyfpm.dll C:\WINDOWS\system32\avwlcmn.dll C:\WINDOWS\system32\kvmxfma.dll C:\WINDOWS\system32\ratbfpi.dll C:\WINDOWS\system32\kaqhfzy.dll C:\WINDOWS\system32\kawdbzy.dll C:\WINDOWS\system32\ineters.exe C:\WINDOWS\system32\SoundMan.exe C:\WINDOWS\system32\tthh3.ini C:\WINDOWS\system32\Alcmtr.exe C:\WINDOWS\system32\alcwzrd.exe C:\WINDOWS\system32\qoq.exe C:\Autorun.inf D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf C:\IO.pif D:\IO.pif E:\IO.pif F:\IO.pif 重启电脑后，让电脑自动进入“GO XDELBOX***”杀灭以上文件后登陆系统（中途不要干涉），删除完后重启计算机时按F8进入安全模式: (如果进不了就进正常模式) 打开sreng 启动项目--注册表--删除如下项目: <WinSysM><C:\WINDOWS\IGM.exe> [] <avpms><C:\Program Files\NetMeeting\avpms.exe> [] <clean><; autohal /Clean> [N/A] SoundMan><SoundMan.exe> [1] <{5859245F-345D-BC13-AC4F-145D47DA34F5}><C:\WINDOWS\system32\avzxemn.dll> [] <{5C87A354-ABC3-DEDE-FF33-3213FD7447C5}><C:\WINDOWS\system32\kvdxema.dll> [N/A] <{6E32FA58-3453-FA2D-BC49-F340348ACCE6}><C:\WINDOWS\system32\rsmyfpm.dll> [] <{3960356A-458E-DE24-BD50-268F589A56A3}><C:\WINDOWS\system32\avwlcmn.dll> [N/A] <{6D47B341-43DF-4563-753F-345FFA3157D6}><C:\WINDOWS\system32\kvmxfma.dll> [] <{66650011-3344-6688-4899-345FABCD1566}><C:\WINDOWS\system32\ratbfpi.dll> [] <{67D81718-1314-5200-2597-587901018076}><C:\WINDOWS\system32\kaqhfzy.dll> [] <{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\system32\kawdbzy.dll> [N/A] <IFEO[ctfmon.exe]><SoundMan.exe> [1] 双击<AppInit_DLLs>把><kaqhfzy.dll>删除掉.确定. 修复系统 1.请把下面的代码拷入记事本中然后另存为1.reg文件 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL] "RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Adva nced" "Text"="@shell32.dll,-30500" "Type"="radio" "CheckedValue"=dword:00000001 "ValueName"="Hidden" "DefaultValue"=dword:00000002 "HKeyRoot"=dword:80000001 "HelpID"="shell.hlp#51105" 双击1.reg把这个注册表项导入 2.开始－运行输入regedit 展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc 双击Image path 编辑数值数据为 %systemroot%\system32\svchost.exe -k netsvcs 确定打开arswp--高级模式--清理相关--临时文件--开始清理打开arswp--高级模式--定制扫描--完整扫描,扫描所有文件--开始扫描. 点我的电脑--管理--本地用户和组--看看有没有不认识的用户.删除掉.并停止guest账户. 以上参考newcenturysun版主的SoundMan.exe病毒和IO.pif病毒分析.其中SoundMan.exe有点像似但又不太一样.可能是新变种吧.还是IO.pif变种带有?希望newcenturysun版主看到此帖后再看看这个样本.样本我拿到的给你. newcenturysun版主的分析: http://hi.baidu.com/newcenturysun/blog/item/e8fe76d92f440a2f11df9baf.html http://hi.baidu.com/newcenturysun/blog/item/d7d5f2cda54984520fb34597.html 楼主如果按照上面操作了还有问题重新扫描日志发上来.
没有梦想的男人锋芒艾服狮帖子:1680 注册: 2007-07-07 来自:

好学的菜鸟a 初生襁褓狮帖子:45 注册: 2007-10-14 来自:	发表于： 2007-10-19 22:22 \| 短消息资料字号：小中大 19楼【回复“没有梦想的男人”的帖子】请问理想大哥：[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><kaqhfzy.dll> [] 他注册表中的这一项不需要单独改拉吗？？？？
好学的菜鸟a 初生襁褓狮帖子:45 注册: 2007-10-14 来自:

锋芒艾服狮

帖子:1680
注册: 2007-07-07
来自:

发表于： 2007-10-19 22:26 | 短消息资料

字号：小中大 20楼

引用:

【好学的菜鸟a的贴子】【回复“没有梦想的男人”的帖子】
请问理想大哥：[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kaqhfzy.dll> []
他注册表中的这一项不需要单独改拉吗？？？？
………………

不好意思忘记了.已经更改.

gototop

<<上一主题|下一主题>>

2 / 3 页

跳转页

页面顶部

Powered by Discuz!NT