瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 C:\WINDOWS\system32\drivers下有病毒文件【求助】

12   2  /  2  页   跳转

C:\WINDOWS\system32\drivers下有病毒文件【求助】

收藏
600000
头像
飘泊而立狮
  • 帖子:368
  • 注册: 2004-07-03
  • 来自:
发表于: 2008-02-04 22:32 | 只看楼主 短消息 资料
字号: 11楼

[PID: 1124 / homeuser][C:\WINDOWS\Explorer.EXE]  [N/A, ]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
[PID: 1256 / homeuser][C:\WINDOWS\system32\dllcache\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3157 (xpsp_sp2_gdr.070614-1242)]
    [C:\WINDOWS\system32\dllcache\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\ShimEng.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\MSACM32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\dllcache\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\dllcache\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\dllcache\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
    [C:\WINDOWS\system32\dllcache\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\ATL.DLL]  [Microsoft Corporation, 3.05.2284]
    [C:\WINDOWS\system32\dllcache\msi.dll]  [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\dllcache\WINSTA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\dllcache\midimap.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\rsaenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\dllcache\fxsst.dll]  [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\FXSAPI.dll]  [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\e2eSoft\VCam\MatroskaSplitter\mmfinfo.dll]  [N/A, ]
    [D:\Program Files\e2eSoft\VCam\MatroskaSplitter\mkunicode.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1517]
    [D:\Program Files\WinRAR(压缩软件)\rarext.dll]  [N/A, ]
    [D:\WinAVI Video Converter 7.6 汉化增强免安装版\新建文件夹\WinAVIVideoConverter\SimpleExt.dll]  [ZJMedia, 7, 6, 0, 0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Herosoft\Hero Video Convert\VCvtShell.dll]  [N/A, ]
    [D:\Program Files\Herosoft\Hero Video Convert\VCvtS936.dll]  [N/A, ]
    [C:\WINDOWS\system32\dllcache\RASDLG.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\MPRAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\ACTIVEDS.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\adsldpc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\RASAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\rasman.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dllcache\TAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / homeuser][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1640 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1736 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
[PID: 708 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
[PID: 1888 / homeuser][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.00]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 1936 / homeuser][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 2012 / homeuser][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 2284 / homeuser][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.11]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 23]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 2456 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\iqnauhc.dll]  [N/A, ]
[PID: 3256 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 2108 / homeuser][D:\新sreng2\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [D:\新sreng2\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
600000
头像
飘泊而立狮
  • 帖子:368
  • 注册: 2004-07-03
  • 来自:
发表于: 2008-02-04 22:32 | 只看楼主 短消息 资料
字号: 12楼

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1124, C:\WINDOWS\EXPLORER.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A
gototop
 
600000
头像
飘泊而立狮
  • 帖子:368
  • 注册: 2004-07-03
  • 来自:
发表于: 2008-02-04 22:33 | 只看楼主 短消息 资料
字号: 13楼

c:\windows\explorer.exe没敢删除
c:\windows\system32\iqnauhc.dll删除不了,受保护
c:\windows\system32\drivers\aliide.sys没敢删除
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT