Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛个人产品讨论区 瑞星杀毒软件 瑞星杀毒软件2011 Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

[已解决] Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！

freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	发表于： 2009-03-09 12:37 \| 只看楼主短消息资料字号：小中大 1楼 Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！附件: SREngLOG.log (2009-3-9 13:18:19, 44.55 K) 该附件被下载次数 233 附件: 1.rar (2009-3-9 12:36:53, 11.14 K) 该附件被下载次数 204 我用的瑞星2009，病毒库是2009-03-06 10:45的。每次都能查出并说清除成功，但第二次扫描仍有。而且智能升级总说网络连接失败。但明明可以上网。恳请朋友们赐教！！谢谢了！！：）第二个附件是查杀后的描述。第一个附件是SREng扫描日志。用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-IESharp)EmbeddedWB- 14.59 from: http://bsalsa.com/ ; .NET CLR 1.1.4322; CIBA) freshfishfish 最后编辑于 2009-03-09 14:34:02
freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	分享到：

帅哥阿福雄霸杖朝狮帖子:21071 注册: 2006-03-29 来自:米兰	发表于： 2009-03-09 12:42 \| 短消息资料字号：小中大 2楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！扫SRENG日志发这论坛来下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx ╭∩╮（︶︿︶）╭∩╮
帅哥阿福雄霸杖朝狮帖子:21071 注册: 2006-03-29 来自:米兰

水中蝌蚪叱咤花甲狮帖子:4582 注册: 2008-05-13 来自:	发表于： 2009-03-09 12:53 \| 短消息资料字号：小中大 3楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！ MS08-067补丁打好了吗楼主去使用狙剑 http://bbs.ikaka.com/attachment.aspx?attachmentid=447115 狙剑-基本功能-全面检查报告发上来觉得我回答的好，就给我评分吧！
水中蝌蚪叱咤花甲狮帖子:4582 注册: 2008-05-13 来自:

freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	发表于： 2009-03-09 12:56 \| 只看楼主短消息资料字号：小中大 4楼回复 2F 帅哥阿福的帖子这是我刚刚扫描过的日志： [CODE] 2009-03-09,12:56:39 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <RavTray><"D:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <360Safetray><D:\Program Files\360安全卫士4.0绿色免安装版\safemon\360Tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] <UIHost><C:\WINDOWS\拉xxx陆界面\LOGONUI.EXE> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher] <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher] <WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher] <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows XP Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <anistio><; > [N/A] <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [File is missing] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <bincdwsa><; > [N/A] <dionpis><; > [N/A] <EOUApp><; "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"> [Intel Corporation] <fewqickd><; > [N/A] <fmbiost><; > [N/A] <fmsbbqi><; > [N/A] <fmschif><; > [N/A] <hefcndy><; > [N/A] <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation] <IntelWireless><; "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation] <IntelZeroConfig><; "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation] <nmhgtce><; > [N/A] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <POCOMAKER><; > [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <ptshell><; > [N/A] <runeip><; > [N/A] <SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <ticisms><; > [N/A] <uslmhyxc><; > [N/A] <wipxcdec><; > [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <XDeskShow2><; > [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <ytewcxzsw><; > [N/A] <yuibbct><; > [N/A] ================================== 启动文件夹 N/A ================================== 服务 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Ati HotKey Poller / Ati HotKey Poller][Stopped/Manual Start] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [Contrl Center of Storm Media / ccosm][Stopped/Disabled] <D:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司> [Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start] <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation> [FLEXlm License Manager / FLEXlm License Manager][Stopped/Manual Start] <"D:\Program Files\Rational\common\lmgrd.exe"><N/A> [HuntmineSvr / HuntmineSvr][Stopped/Manual Start] <D:\Program Files\Huntmine\HuntmineSvr.exe><北京搜神网络有限责任公司> [Irmon / Irmon][Running/Auto Start] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\irmon32.dll><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] <D:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [NuTCRACKERService / NuTCRACKERService][Stopped/Manual Start] <C:\WINDOWS\system32\nutsrv4.exe><DataFocus, Inc.> [Rav Process Communication Center / RavCCenter][Stopped/Auto Start] <D:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.> [Rising RavTask Manager / RavTask][Running/Auto Start] <"D:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.> [Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start] <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <D:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.> [Rising Scan Service / RsScanSrv][Stopped/Auto Start] <D:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.> [Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start] <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation> [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] <D:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation> ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [360procmon / 360procmon][Running/Manual Start] <\??\D:\Program Files\360安全卫士4.0绿色免安装版\safemon\360procmon.sys><> [5rtci / 5rtci][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\5rtci.sys><N/A> [AEGIS Protocol (IEEE 802.1x) v3.4.9.0 / AegisP][Running/Auto Start] <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start] <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation> [hookcont / hookcont][Running/System Start] <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.> [hooksys / hooksys][Running/System Start] <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.> [HSFHWICH / HSFHWICH][Running/Manual Start] <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.> [HSF_DPV / HSF_DPV][Running/Manual Start] <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.> [mdmxsdk / mdmxsdk][Running/Auto Start] <system32\DRIVERS\mdmxsdk.sys><Conexant> [Ntdfdisk / Ntdfdisk][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ntrapi.sys><N/A> [DDK PACKET Protocol / Packet][Running/Manual Start] <system32\DRIVERS\ProtoDrv.sys><360安全中心> [PCAMp50 NDIS Protocol Driver / PCAMp50][Stopped/Manual Start] <System32\Drivers\PCAMp50.sys><N/A> [PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start] <System32\Drivers\PCASp50.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.> [WLAN 传输 / s24trans][Running/Auto Start] <system32\DRIVERS\s24trans.sys><Intel Corporation> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [TCP/IP Protocol Driver / Tcpip][Running/System Start] <system32\DRIVERS\tcpip.sys><Microsoft Corporation> [用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start] <system32\DRIVERS\w29n51.sys><Intel? Corporation> [winachsf / winachsf][Running/Manual Start] <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.> [PCANDIS5 Protocol Driver / PCANDIS5][Running/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)> ================================== 浏览器加载项 [Thunder Browser Helper] {00000000-12B8-4305-82F9-43058F20E8D2} <D:\Program Files\Thunder_No_AD\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD> [QQCycloneHelper Class] {00000000-12B9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司> [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder_No_AD\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll, (Signed) 360.CN> [Java Plug-in 1.6.0_01] {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.> [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.> [Java Plug-in 1.6.0_01] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, (Signed) Sun Microsystems, Inc.> [Thunder Browser Helper] {00000000-12B8-4305-82F9-43058F20E8D2} <D:\Program Files\Thunder_No_AD\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD> [QQCycloneHelper Class] {00000000-12B9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司> [] {00000000-12BA-4305-82F9-43058F20E8D2} <, > [] {00000000-12BB-4305-82F9-43058F20E8D2} <, > [] {00000000-12BC-4305-82F9-43058F20E8D2} <, > [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder_No_AD\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, (Signed) Microsoft Corporation> [] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, > [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder_No_AD\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation> [] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, > [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, (Signed) Sun Microsystems, Inc.> [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360安全卫士4.0绿色免安装版\live.dll, (Signed) 360.cn> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll, (Signed) 360.CN> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.> [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技> [&使用超级旋风下载] <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A> [&使用超级旋风下载全部链接] <D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A> [使用迅雷下载] <D:\Program Files\Thunder_No_AD\Program\geturl.htm, N/A> [使用迅雷下载全部链接] <D:\Program Files\Thunder_No_AD\Program\getallurl.htm, N/A> [导出到 Microsoft Office Excel(&X)] <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用维棠下载视频] <, > （字数太多了，4楼继续。）
freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:

freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	发表于： 2009-03-09 12:58 \| 只看楼主短消息资料字号：小中大 5楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！ ================================== 正在运行的进程 [PID: 488 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 920 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 948 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 992 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1004 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1156 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1220 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1308 / SYSTEM][D:\Program Files\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [D:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1316 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\irmon32.dll] [Microsoft Corporation, 5, 1, 2600, 2180] [PID: 1396 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 10, 1, 0, 1] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1460 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 10, 1, 0, 33] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ] [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1592 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1624 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1660 / SYSTEM][D:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [D:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [D:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [D:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29] [D:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [D:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [D:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [D:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [D:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [D:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19] [D:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [D:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [D:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [D:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [D:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [D:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [D:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [PID: 1732 / SYSTEM][D:\Program Files\Rising\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [D:\Program Files\Rising\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9] [D:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2016 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 536 / SYSTEM][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [D:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [PID: 664 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 10, 1, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 804 / SYSTEM][D:\Program Files\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [D:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [D:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23] [D:\Program Files\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [D:\Program Files\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.8] [D:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [D:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [D:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rav\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [D:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [D:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [D:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [PID: 1804 / 江底鱼][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Thunder_No_AD\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.0.7] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.62] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)] [D:\Program Files\Thunder_No_AD\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10] [D:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] （5楼继续）
freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:

freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	发表于： 2009-03-09 12:58 \| 只看楼主短消息资料字号：小中大 6楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！ [D:\Program Files\YouKu\iKu\YouKuDesktopShell.dll] [www.youku.com, 1.2.6.2046] [PID: 172 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 404 / 江底鱼][D:\Program Files\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rav\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12] [D:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.21] [D:\Program Files\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 26] [D:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [D:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.90] [D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19] [D:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [D:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [PID: 516 / 江底鱼][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3028 / 江底鱼][D:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 2, 43, 0, 0] [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.00.13.50] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 1560 / 江底鱼][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 3180 / 江底鱼][D:\Program Files\SogouInput\4.0.0.1959\PinyinUp.exe] [Sogou.com Inc., 4.0.0.1959] [D:\Program Files\SogouInput\4.0.0.1959\HWSignature.dll] [Sogou.com Inc., 4.0.0.1959] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 2868 / 江底鱼][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Thunder_No_AD\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10] [D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 9, 252, 252] [D:\Program Files\Thunder_No_AD\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.0.7] [D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.10.6] [D:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\urlproc.dll] [360.CN, 1, 0, 0, 1002] [D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.62] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.1959] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.573] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [PID: 2660 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3684 / 江底鱼][D:\Program Files\SREng\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 2024 / 江底鱼][D:\Program Files\SREng\SRE4ecd5cfa.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\360安全卫士4.0绿色免安装版\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\SREng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 www.qq3344.com 127.0.0.1 www.dj3344.com 127.0.0.1 www.yysky.net 127.0.0.1 www.qq168.net 127.0.0.1 www.777888.com 127.0.0.1 www.5dsoft.com 127.0.0.1 www.wokoo.net 127.0.0.1 www.coolcdrom.com 127.0.0.1 www.mtv51.com 127.0.0.1 www.yibinren.com 127.0.0.1 yeapple.com 127.0.0.1 movie.sx.zj.cn 127.0.0.1 www.cctv8.net 127.0.0.1 www.kuliao.com 127.0.0.1 www.yyqy.com 127.0.0.1 www.sunvod.com 127.0.0.1 www.t168.com 127.0.0.1 www.boliwo.com 127.0.0.1 www.zhengdian.com 127.0.0.1 girlchinese.com 127.0.0.1 www.37021.com 127.0.0.1 www.cnqb.net 127.0.0.1 www.58589.com 127.0.0.1 www.pixpox.com 127.0.0.1 www.k163.com 127.0.0.1 www.pk.com 127.0.0.1 www.xxx.com 127.0.0.1 www.ehomeday.com 127.0.0.1 www.jinpin.net 127.0.0.1 www.es158.com 127.0.0.1 www.aisa-girl.net 127.0.0.1 www.boliwu.com 127.0.0.1 www.cctv1.net 127.0.0.1 www.play.cn.gs 127.0.0.1 www.nnptt.com 127.0.0.1 vod.hengshui.com 127.0.0.1 tv.megajoy.com 127.0.0.1 www.my288.com 127.0.0.1 www.youmiss.com 127.0.0.1 www.laws-online.net 127.0.0.1 www.435000.com 127.0.0.1 www.eastedu.com.cn 127.0.0.1 www.ezhgc.com 127.0.0.1 www.mmgirls.com 127.0.0.1 www.qq520.com 127.0.0.1 www.love520.net 127.0.0.1 www.hj168.net 127.0.0.1 www.wwmmww.com 127.0.0.1 www.wo265.com 127.0.0.1 www.9911.com 127.0.0.1 36920.com 127.0.0.1 www.piaoxue.com 127.0.0.1 www.47555.net 127.0.0.1 www.511ring.com 127.0.0.1 www.coolseach.com 127.0.0.1 www.9p.cn ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1460, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3028, D:\PROGRAM FILES\锐捷网络\RUIJIE SUPPLICANT\8021X.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3684, D:\PROGRAM FILES\SRENG\SRENGLDR.EXE] ================================== 计划任务 [已启用] SogouImeMgr.job D:\PROGRA~1\SOGOUI~1\400~1.195\PinyinRepair.exe ================================== API HOOK GetVersion (危险等级: 一般, 被下面模块所HOOK: ) GetVersionExW (危险等级: 一般, 被下面模块所HOOK: ) DeleteFileW (危险等级: 高, 被下面模块所HOOK: ) FindFirstFileExW (危险等级: 高, 被下面模块所HOOK: ) TerminateThread (危险等级: 高, 被下面模块所HOOK: ) FindFirstChangeNotificationW (危险等级: 高, 被下面模块所HOOK: ) GetCurrentProcess (危险等级: 一般, 被下面模块所HOOK: ) GetCurrentProcessId (危险等级: 一般, 被下面模块所HOOK: ) GetCurrentThread (危险等级: 一般, 被下面模块所HOOK: ) GetCurrentThreadId (危险等级: 一般, 被下面模块所HOOK: ) GetFileSizeEx (危险等级: 一般, 被下面模块所HOOK: ) GetFileInformationByHandle (危险等级: 一般, 被下面模块所HOOK: ) GetFileAttributesW (危险等级: 一般, 被下面模块所HOOK: ) OpenProcess (危险等级: 高, 被下面模块所HOOK: ) OpenThread (危险等级: 高, 被下面模块所HOOK: ) ================================== 隐藏进程 N/A ================================== [/CODE]
freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:

帅哥阿福雄霸杖朝狮帖子:21071 注册: 2006-03-29 来自:米兰	发表于： 2009-03-09 13:02 \| 短消息资料字号：小中大 7楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！ c:\windows\System32\DRIVERS\5rtci.sys 这个文件的签名是什么？不太清楚，可提交到这里，或者提交给瑞星，地址如下：http://mailcenter.rising.com.cn/index.shtml 另外hosts文件被修改，建议使用卡卡助手-高级工具-系统修复来恢复。 ╭∩╮（︶︿︶）╭∩╮
帅哥阿福雄霸杖朝狮帖子:21071 注册: 2006-03-29 来自:米兰

天啊我是谁啊在线工程师帖子:492 注册: 2008-03-21 来自:	发表于： 2009-03-09 13:03 \| 短消息资料字号：小中大 8楼回复：Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！我晕，你怎么不做为附件发啊？这样看得人都晕死了。
天啊我是谁啊在线工程师帖子:492 注册: 2008-03-21 来自:

freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:	发表于： 2009-03-09 13:19 \| 只看楼主短消息资料字号：小中大 9楼回复 8F 天啊我是谁啊的帖子不好意思饿。日志我传上去了。
freshfishfish 初生襁褓狮帖子:7 注册: 2009-03-09 来自:

万事达社区嘉宾帖子:23068 注册: 2007-08-17 来自:123	发表于： 2009-03-09 13:42 \| 短消息资料字号：小中大 10楼回复: Hack.Exploit.Win32.MS08-067.eu病毒，瑞星2009查杀不掉啊！！运行附件里工具结束后，再用瑞星全盘杀毒。附件: 文件名:12007.rar 下载次数:720 文件类型:application/x-rar-compressed 文件大小: 上传时间:2009-3-9 13:42:15 描述:rar
万事达社区嘉宾帖子:23068 注册: 2007-08-17 来自:123

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT