1   1  /  1  页   跳转

帮忙看看 这病毒删了又出来

收藏
成是一阵风
头像
初生襁褓狮
  • 帖子:5420
  • 注册: 2006-10-11
  • 来自:
发表于: 2007-04-22 10:29 | 只看楼主 短消息 资料
字号: 1楼

帮忙看看 这病毒删了又出来

[CODE]

2007-04-21,10:03:11

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <StormCodec_Helper><"F:\暴风影音\BaoFeng2007V7.02.01skycn\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RavTask><"D:\rising\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\瑞星防火墙\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <SoundMan><SOUNDMAN.EXE>  [Avance Logic, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\RISING\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Running/Auto Start]
  <C:\WINDOWS\System32\upnpsvc.exe><Microsoft Corporatio>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\瑞星防火墙\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <D:\瑞星防火墙\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\瑞星防火墙\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\瑞星防火墙\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ2007\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4][Stopped/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\瑞星防火墙\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\RISING\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Thunder Browser Helper]
  {39F7E361-828A-4B5A-BCAF-5B79BFDFEA60} <E:\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <H:\BitComet\比特彗星\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用BitComet下载]
  <res://H:\BitComet\比特彗星\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://H:\BitComet\比特彗星\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://H:\BitComet\比特彗星\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
  <E:\迅雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\迅雷\Program\getallurl.htm, N/A>
[使用Web迅雷下载]
  <F:\web迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <F:\web迅雷\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ2007\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ2007\AddEmotion.htm, N/A>
最后编辑2007-04-22 10:49:04
分享到:
gototop
 
成是一阵风
头像
初生襁褓狮
  • 帖子:5420
  • 注册: 2006-10-11
  • 来自:
发表于: 2007-04-22 10:30 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 896][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1296][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1328][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1476][D:\RISING\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\RISING\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\RISING\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1576][D:\瑞星防火墙\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [D:\瑞星防火墙\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\瑞星防火墙\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\瑞星防火墙\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\瑞星防火墙\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\瑞星防火墙\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2020][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.02]
[PID: 2028][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 348][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 360][C:\WINDOWS\System32\upnpsvc.exe]  [Microsoft Corporatio, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 420][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4109]
[PID: 476][E:\电脑\SREng\SREng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1          localhost
127.0.0.1          popwin.9983.com
219.129.239.223    www.npjxjy.com
219.129.239.223    quxiuu.com
219.129.239.223    www.23b.cn
219.129.239.223    www.baidulink.com
219.129.239.223    www.ookkw.com
219.129.239.223    www.97725.com
219.129.239.223    www.54699.com
219.129.239.223    www.wu7x.cn
219.129.239.223    d.qbbd.com
219.129.239.223    w.qbbd.com
219.129.239.223    web.77276.com
219.129.239.223    www.77276.com
219.129.239.223    www.npjxjy.com
219.129.239.223    www.baidulink.com
219.129.239.223    www.ookkw.com
219.129.239.223    www.wu7x.cn
219.129.239.223    www.wwwlm.net
219.129.239.223    dm1.yiall.com
219.129.239.223    www.my6688.cn
219.129.239.223    www.union123.com
219.129.239.223    www.ktan.cn
219.129.239.223    www.2t2t.cn
219.129.239.223    www.cq530.com
219.129.239.223    www.365tc.com
219.129.239.223    ad.qucha.net
219.129.239.223    www.tan8.cn
219.129.239.223    www.itjj.net
219.129.239.223    www.start188.com
219.129.239.223    www.at58.cn
219.129.239.223    union.yxad.com
219.129.239.223    www.iptan.com
219.129.239.223    www.ip2008.net
219.129.239.223    www.yqif.com
219.129.239.223    www.2t2t.cn
219.129.239.223    www.688ip.com
219.129.239.223    www.17tc.com
219.129.239.223    www1.6tan.com
219.129.239.223    www2.6tan.com
219.129.239.223    www.6tan.com
219.129.239.223    www.zztan.com
219.129.239.223    www.5tanip.com
219.129.239.223    www.16tc.com
219.129.239.223    www.163se.net
219.129.239.223    www.168080.com
219.129.239.223    www.baidu8.org
219.129.239.223    www.qqwei.com
219.129.239.223    qz.magforum.net
219.129.239.223    www.nze21.com
219.129.239.223    www.437799.com
219.129.239.223    www.168080.com
219.129.239.223    new2.jixie123.cn
219.129.239.223    www.18dmm.com
219.129.239.223    www.souxse.cn
219.129.239.223    x.vvcyin.com
219.129.239.223    dm1.yiall.com
219.129.239.223    www.168080.com
219.129.239.223    www.nze21.com
219.129.239.223    www.puma163.com
219.129.239.223    www.138505.com

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-22 10:31 | 短消息 资料
字号: 3楼

什么症状?
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-22 10:33 | 短消息 资料
字号: 4楼

加我QQ 463216947
gototop
 
成是一阵风
头像
初生襁褓狮
  • 帖子:5420
  • 注册: 2006-10-11
  • 来自:
发表于: 2007-04-22 10:38 | 只看楼主 短消息 资料
字号: 5楼

引用:
【newcenturymoon的贴子】什么症状?
………………

瑞星报有毒杀了又出来
卡卡助手里有个红色的启动项 WM win4.exe
在system32下边有system6里边有shuaiai.exe和ghook.dll删了又出来
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-22 10:39 | 短消息 资料
字号: 6楼

C:\WINDOWS\System32\upnpsvc.exe这个东西打包发到我邮箱
newcenturymoon1986@yahoo.com.cn
加密123
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-04-22 10:40 | 短消息 资料
字号: 7楼

瑞星提示哪个毒删不掉?
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-04-22 10:41 | 短消息 资料
字号: 8楼

最近很多有下载win1~win8 的下载器 找不到原因还
gototop
 
野人阿宽
头像
初生襁褓狮
  • 帖子:68
  • 注册: 2006-02-16
  • 来自:
发表于: 2007-04-22 10:58 | 短消息 资料
字号: 9楼

删除服务
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Running/Auto Start]
<C:\WINDOWS\System32\upnpsvc.exe><Microsoft Corporatio>
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT