瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求救,中了trojan.dl.win32.qqhelper.bat瑞星查出来但杀不掉

12   1  /  2  页   跳转

求救,中了trojan.dl.win32.qqhelper.bat瑞星查出来但杀不掉

收藏
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:19 | 只看楼主 短消息 资料
字号: 1楼

求救,中了trojan.dl.win32.qqhelper.bat瑞星查出来但杀不掉

[CODE]

2007-11-14,10:42:38

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [N/A]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Antiarp><E:\Program Files\360safe\antiarp\antiarp.exe /start>  [奇虎网]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Fortinet Service Scheduler / FA_Scheduler][Running/Auto Start]
  <C:\Program Files\Lenovo\LenovoClient\scheduler.exe><Lenovo (Beijing) Ltd.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[UFSoft SMS Platform / U8SmsSrv][Running/Auto Start]
  <C:\WINNT\system32\U8SMSSrv.exe><N/A>
[U8管理软件 / UFNet][Running/Auto Start]
  <C:\WINNT\system32\ServerNT.EXE><N/A>
[Windows Advanced Manager / wamer][Stopped/Auto Start]
  <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7266.exe"><N/A>
[wint / wint][Stopped/Disabled]
  <C:\WINNT\system32\RunDLL32.exe ><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[一起来音乐助手 / Yiqilai][Stopped/Auto Start]
  <"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe"><Yiqilai>

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; TencentTraveler )
最后编辑2007-11-14 22:50:36
分享到:
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:20 | 只看楼主 短消息 资料
字号: 2楼

驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINNT\system32\drivers\360AntiArp.sys><奇虎网>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[fortidrv / fortidrv][Running/Boot Start]
  <\SystemRoot\System32\drivers\fortidrv.sys><N/A>
[fortips / fortips][Running/Auto Start]
  <\??\C:\WINNT\System32\drivers\fortips.sys><N/A>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[Fortinet network virtual adapter / ft_vnic][Running/Manual Start]
  <System32\DRIVERS\ftvnic.sys><Lenovo(Beijing) Ltd.>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\usbtoken.sys><>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HanWang Pen Class Driver / hwmclass][Running/System Start]
  <System32\DRIVERS\hwmclass.sys><Windows (R) 2000 DDK provider>
[%hwpen3.SvcDesc% / hwpen3][Stopped/Manual Start]
  <System32\DRIVERS\hwpen3.sys><Windows (R) 2000 DDK provider>
[IsDrv118 / IsDrv118][Running/System Start]
  <\SystemRoot\System32\Drivers\IsDrv118.sys><N/A>
[j34xq0 / j34xq0][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\j34xq0.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\KRegEx.sys><N/A>
[KSysCall / KSysCall][Stopped/System Start]
  <\??\C:\PROGRA~1\KV2005\KSysCall.sys><N/A>
[KVDP / KVDP][Stopped/Manual Start]
  <\??\C:\PROGRA~1\KV2005\KVDP_4.sys><N/A>
[KWATCH / KWATCH][Stopped/Manual Start]
  <\??\C:\KAV\KWATCH.SYS><N/A>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[USB Mass Storage / OEMSTOR][Stopped/Manual Start]
  <system32\DRIVERS\USBMSDk.SYS><USB Mass Storage.>
[PProtect / PProtect][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sense3 / Sense3][Running/Auto Start]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[Superk53 / Superk53][Running/Auto Start]
  <\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[vkvxve / vkvxve3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\vkvxve3.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINNT\Downloaded Program Files\CONFLICT.5\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:21 | 只看楼主 短消息 资料
字号: 3楼

浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINNT\system32\GDREAD~1.DLL, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\system32\INPUTC~1.DLL, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[CSetLET Class]
  {C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINNT\system32\GDSetLET.dll, >
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[Kingsoft DUBA OnlineScan]
  {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINNT\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <e:\Program Files\360safe\live.dll, N/A>
[添加到QQ表情]
  <E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 220][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 248][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 260][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 400][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 652][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 660][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 724][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 3, 0, 0]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 764][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 776][C:\Program Files\Lenovo\LenovoClient\scheduler.exe]  [Lenovo (Beijing) Ltd., 1.0.407.0]
    [C:\Program Files\Lenovo\LenovoClient\utilsdll.dll]  [Lenovo (Beijing) Ltd., 1.0.407.0]
    [C:\Program Files\Lenovo\LenovoClient\LIBEAY32.dll]  [N/A, ]
[PID: 808][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 888][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.080.0380]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 992][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\WINNT\system32\imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
    [C:\WINNT\system32\HANWANGP.IME]  [HanWang Corporation, 4.00.950]
[PID: 1036][C:\WINNT\system32\WINDOW~1\Server\nspmon.exe]  [Microsoft Corporation, 4.1.00.3934]
[PID: 1064][C:\WINNT\system32\WINDOW~1\Server\nscm.exe]  [Microsoft Corporation, 4.1.00.3934]
[PID: 1116][C:\WINNT\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINNT\system32\HANWANGP.IME]  [HanWang Corporation, 4.00.950]
[PID: 1160][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1216][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1312][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
[PID: 1364][C:\WINNT\system32\U8SMSSrv.exe]  [N/A, ]
[PID: 1376][C:\WINNT\system32\ServerNT.EXE]  [N/A, ]
    [C:\WINNT\system32\UMiscell.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\sgv.dll]  [, 8, 2, 0, 0]
    [C:\WINNT\system\Sense3.dll]  [N/A, ]
    [C:\WINNT\system32\SecuComm.dll]  [N/A, ]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.080.0380]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL]  [Microsoft Corporation, 2.61.7326.0]
    [C:\Program Files\Common Files\System\OLE DB\SQLOLEDB.RLL]  [Microsoft Corporation, 2000.080.0380]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1480][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1488][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1428][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 1584][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.5512.0]
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:21 | 只看楼主 短消息 资料
字号: 4楼

[C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.5512.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.5512.0]
[PID: 1656][C:\WINNT\system32\WINDOW~1\Server\nspm.exe]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\WINDOW~1\Server\nmsa.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\Windows Media\Server\nsodbc.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\Windows Media\Server\mdsprx.dll]  [Microsoft Corporation, 4.1.00.3917]
    [C:\WINNT\system32\imaadp32.acm]  [Microsoft Corporation, 5.00.2195.6612]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msg711.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msgsm32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINNT\system32\tsd32.dll]  [, ]
    [C:\WINNT\system32\lhacm.acm]  [Microsoft Corporation, 4.4.3385]
    [C:\WINNT\system32\msg723.acm]  [Microsoft Corporation, 4.4.3385]
    [C:\WINNT\system32\iac25_32.ax]  [Intel Corporation, 2.05.53]
    [C:\WINNT\system32\msaud32.acm]  [Microsoft Corporation, 4.1.00.3927]
    [C:\WINNT\system32\vct3216.acm]  [Voxware, Inc., 1.6.0.17]
    [C:\WINNT\system32\vct3216.dll]  [Voxware, Inc., 1.6.0.12]
    [C:\WINNT\system32\msms001.vwp]  [Voxware, Inc., 2.0.2.61]
    [C:\WINNT\system32\mvoice.vwp]  [Voxware, Inc., 2.0.0.12.01]
    [C:\WINNT\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 2.80]
    [C:\WINNT\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 43]
    [C:\WINNT\system32\vorbis.acm]  [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[PID: 1684][C:\WINNT\system32\WINDOW~1\Server\nsum.exe]  [Microsoft Corporation, 4.1.00.3930]
    [C:\WINNT\system32\Windows Media\Server\accesscontrol.dll]  [Microsoft Corporation, 4.1.00.3917]
[PID: 1700][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\System32\SQLSRV32.dll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\WINNT\System32\sqlsrv32.rll]  [Microsoft Corporation,  2000.080.0380.00]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.080.0380.00]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1660][C:\WINNT\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 1964][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 496][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
[PID: 1952][C:\Program Files\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [C:\Program Files\rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 972][E:\Program Files\360safe\antiarp\antiarp.exe]  [奇虎网, 1, 0, 0, 2001]
[PID: 964][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 32 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 868][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 1920][E:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [E:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [E:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [E:\Program Files\Tencent\TT\TTNetFavor.dll]  [N/A, ]
    [C:\WINNT\system32\PYJJU.IME]  [北京六合源软件技术有限公司, 2, 2, 0, 4]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 132][C:\WINNT\system32\PYINTAU.EXE]  [北京六合源软件技术有限公司, 2, 2, 1, 4]
    [C:\WINNT\system32\PYCODEU.dll]  [北京六合源软件技术有限公司, 2, 2, 0, 4]
    [C:\WINNT\system32\PYJJCZU.dll]  [北京六合源软件技术有限公司, 2, 2, 0, 0]
[PID: 2280][C:\Program Files\rising\rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.7]
    [C:\WINNT\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\rising\rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\rising\rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[PID: 2296][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 2184][E:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:21 | 只看楼主 短消息 资料
字号: 5楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 776, C:\PROGRAM FILES\LENOVO\LENOVOCLIENT\SCHEDULER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 888, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 992, C:\PROGRAM FILES\ESET\NOD32KRN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1116, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1312, C:\WINNT\SYSTEM32\STISVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1364, C:\WINNT\SYSTEM32\U8SMSSRV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1376, C:\WINNT\SYSTEM32\SERVERNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1584, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1700, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 972, E:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 964, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1920, E:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 132, C:\WINNT\SYSTEM32\PYINTAU.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2007-11-14 11:33 | 短消息 资料
字号: 6楼

病毒路径..
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:44 | 只看楼主 短消息 资料
字号: 7楼

c:\winnt\system32\xifkkbgv.dll
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2007-11-14 11:52 | 短消息 资料
字号: 8楼

删除掉还会出现?

日志里没这个相关项.
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2007-11-14 11:55 | 短消息 资料
字号: 9楼

http://forum.ikaka.com/topic.asp?board=28&artid=8381032

用xdelbox 删除那个病毒文件看看还会报不..

要吃饭了..
gototop
 
吉祥财神
头像
健康舞勺狮
  • 帖子:206
  • 注册: 2006-07-12
  • 来自:
发表于: 2007-11-14 11:55 | 只看楼主 短消息 资料
字号: 10楼

我删不掉
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT