瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】好猛的病毒。快来救命呀!!!

12   1  /  2  页   跳转

【求助】好猛的病毒。快来救命呀!!!

收藏
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:47 | 只看楼主 短消息 资料
字号: 1楼

【求助】好猛的病毒。快来救命呀!!!

========Title========
【求助】这个病毒好毒!!!搞了我一个星期了,快救命呀!!!
========Content========
这个病毒Worm.DlOnlineGames.g已经折磨我一个星期了,导致我的电脑很多.exe文件不能执行,我用是瑞星杀软,今天已升级到最新版本,杀出NOTEPAD.EXE和EXPLORER.EXE很多个,杀完后重启电脑还有,大到游戏小到播放器都运行不了,下面贴出日志,大家来看看。
2007-04-20,00:17:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

[CODE]

2007-04-20,00:17:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <EXPLORER><C:\Program Files\Common Files\System\wab32res.exe>  []
    <sv690kmdejb><C:\DOCUME~1\zjk\LOCALS~1\Temp\iexpl0re.exe>  []
    <5e><C:\DOCUME~1\zjk\LOCALS~1\Temp\crasos.exe>  []
    <ldj70><C:\DOCUME~1\zjk\LOCALS~1\Temp\1explore.exe>  []
    <flcimyv5w><C:\DOCUME~1\zjk\LOCALS~1\Temp\c0nime.exe>  []
    <lyv0big><C:\DOCUME~1\zjk\LOCALS~1\Temp\winlog0n.exe>  []
    <umijjmtf><C:\DOCUME~1\zjk\LOCALS~1\Temp\rundl132.exe>  []
    <2c><C:\DOCUME~1\zjk\LOCALS~1\Temp\cftmon.exe>  []
    <b2854><C:\DOCUME~1\zjk\LOCALS~1\Temp\Servere.exe>  []
    <wekewx><C:\DOCUME~1\zjk\LOCALS~1\Temp\Servera.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <EasyTuneV><C:\Program Files\Gigabyte\ET5\GUI.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <shualai><C:\WINDOWS\shualai.exe /i>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <WebThunder><E:\web 迅雷\WebThunder.exe>  []
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\瑞星\新建文件夹\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <SKYNET Personal FireWall><E:\防火墙\天网防火墙v2.60破解版\PFW.exe>  [crsky[BCG]]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================


是这样贴的吗?第一次贴
不对的饿话我再弄
最后编辑2007-04-20 14:42:37
分享到:
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:49 | 只看楼主 短消息 资料
字号: 2楼

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\zjk\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\QQ2007\QQ.exe [TENCENT]><N>

==================================
服务
[TCP/IP Check / Hello Download][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\瑞星\新建文件夹\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\瑞星\新建文件夹\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技(深圳)有限公司>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ET5Drv / ET5Drv][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\ET5Drv.sys><Microsoft Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\QQ2007\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\瑞星\新建文件夹\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
  <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[sloenhc / sloenhc][Running/Boot Start]
  <\SystemRoot\system32\drivers\sloenhc.sys><>

==================================
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:49 | 只看楼主 短消息 资料
字号: 3楼


[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\web 迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\QQ2007\QQ.EXE, TENCENT>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\web 迅雷\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <E:\QQ2007\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <E:\web 迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <E:\web 迅雷\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ2007\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ2007\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ2007\SendMMS.htm, N/A>

==================================
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:52 | 只看楼主 短消息 资料
字号: 4楼


正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1332][E:\瑞星\新建文件夹\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [E:\瑞星\新建文件夹\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星\新建文件夹\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1552][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1936][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Wmzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [E:\WINRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [E:\瑞星\新建文件夹\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
[PID: 980][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 960][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 1172][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.38]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 640][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 1660][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
[PID: 1912][E:\防火墙\天网防火墙v2.60破解版\PFW.exe]  [crsky[BCG], 2.6.0.123]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Wmzo0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
[PID: 2032][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3208][E:\QQ2007\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\QQ2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 1604][E:\QQ2007\BugReport.exe]  [Tencent, 0, 2, 2, 4]
    [E:\QQ2007\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [E:\QQ2007\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\QQ2007\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1952][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Wmzo0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
[PID: 1780][E:\QQ2007\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\QQ2007\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\QQ2007\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [E:\QQ2007\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\QQ2007\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\QQ2007\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\QQ2007\LoginCtrl.dll]  [N/A, ]
    [E:\QQ2007\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\QQ2007\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\QQ2007\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\QQ2007\QQMainFrame.dll]  [N/A, ]
    [E:\QQ2007\CQQApplication.dll]  [N/A, ]
    [E:\QQ2007\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQAllInOne.dll]  [N/A, ]
    [E:\QQ2007\GroupLive.dll]  [N/A, ]
    [E:\QQ2007\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\QQ2007\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\QQ2007\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\QQ2007\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQSysMsgMng.dll]  [N/A, ]
    [E:\QQ2007\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQPlugin.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Wmzo0.dll]  [N/A, ]
    [E:\QQ2007\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\QQ2007\QRingMng.dll]  [N/A, ]
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:53 | 只看楼主 短消息 资料
字号: 5楼

[C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\QQ2007\OEMApplication.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\QQAvatar.dll]  [N/A, ]
    [E:\QQ2007\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\QQ2007\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\QQ2007\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\QQ2007\QQPet.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\BQQApplication.dll]  [N/A, ]
    [E:\QQ2007\QQCustomFace.dll]  [N/A, ]
    [E:\QQ2007\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [E:\QQ2007\QQSceneMng.dll]  [N/A, ]
    [E:\QQ2007\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [E:\QQ2007\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\QQ2007\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\QQ2007\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [E:\QQ2007\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 6, 60]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [E:\QQ2007\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [E:\QQ2007\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [E:\QQ2007\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
[PID: 1608][C:\WINDOWS\system32\ping.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3176][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 988][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ssup.dll]  [TENCENT, 4, 4, 4, 41]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星\新建文件夹\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3020][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 400][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ssup.dll]  [TENCENT, 4, 4, 4, 41]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星\新建文件夹\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1820][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ssup.dll]  [TENCENT, 4, 4, 4, 41]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星\新建文件夹\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1864][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ssup.dll]  [TENCENT, 4, 4, 4, 41]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星\新建文件夹\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1668][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [E:\web 迅雷\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ssup.dll]  [TENCENT, 4, 4, 4, 41]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星\新建文件夹\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2076][E:\新建文件夹\sreng2_zip~\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Msxo1.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\zjk\LOCALS~1\Temp\Wmzo0.dll]  [N/A, ]
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 00:53 | 只看楼主 短消息 资料
字号: 6楼


文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[E:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
我是来来
头像
初生襁褓狮
  • 帖子:1058
  • 注册: 2006-09-13
  • 来自:
发表于: 2007-04-20 07:23 | 短消息 资料
字号: 7楼

在注册表删除这些
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<sv690kmdejb><C:\DOCUME~1\zjk\LOCALS~1\Temp\iexpl0re.exe> []
<5e><C:\DOCUME~1\zjk\LOCALS~1\Temp\crasos.exe> []
<ldj70><C:\DOCUME~1\zjk\LOCALS~1\Temp\1explore.exe> []
<flcimyv5w><C:\DOCUME~1\zjk\LOCALS~1\Temp\c0nime.exe> []
<lyv0big><C:\DOCUME~1\zjk\LOCALS~1\Temp\winlog0n.exe> []
<umijjmtf><C:\DOCUME~1\zjk\LOCALS~1\Temp\rundl132.exe> []
<2c><C:\DOCUME~1\zjk\LOCALS~1\Temp\cftmon.exe> []
<b2854><C:\DOCUME~1\zjk\LOCALS~1\Temp\Servere.exe> []
<wekewx><C:\DOCUME~1\zjk\LOCALS~1\Temp\Servera.exe> []
重启计算机删除这些文件。
gototop
 
730726
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-12-05
  • 来自:
发表于: 2007-04-20 08:02 | 短消息 资料
字号: 8楼

看得有些头晕了,狂顶。
gototop
 
zjk999520
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2007-04-20
  • 来自:
发表于: 2007-04-20 11:37 | 只看楼主 短消息 资料
字号: 9楼

我照你说的做了,还是杀不了啊,怎么办???帮帮我。
gototop
 
星10000
头像
快乐黄口狮
  • 帖子:216
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-04-20 11:56 | 短消息 资料
字号: 10楼


用这个试下
--------------------------------------------------------------------------------
[凝逸反毒]
[扫描病毒]
    功能:清除灰鸽子,威金,熊猫,金猪,木马,终结者,U盘病毒等
[凝逸.修复EXE引擎]
    功能:修复威金,熊猫,金猪,Logo1_.exe,U盘病毒(各种未知变种)等所感染的EXE
下在:
天空软件站 http://www.skycn.com/soft/32883.html
[503165656.ys168.com]
--------------------------------------------------------------------------------
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT