瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 这个是另外扫的一个进程日志,眼泪多出来了。

1   1  /  1  页   跳转

这个是另外扫的一个进程日志,眼泪多出来了。

收藏
品位人生1
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2006-07-30
  • 来自:
发表于: 2006-07-31 13:50 | 只看楼主 短消息 资料
字号: 1楼

这个是另外扫的一个进程日志,眼泪多出来了。

正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 948][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 992][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1092][E:\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1108][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1312][E:\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [E:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [E:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [E:\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [E:\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [E:\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [E:\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [E:\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [E:\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [E:\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [E:\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [E:\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [E:\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [E:\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [E:\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [E:\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1540][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\mmfinfo.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\mkunicode.dll]  <N/A><N/A>
    [E:\pdf7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [C:\WINDOWS\fonts\msshapi.dll]  <><1, 0, 0, 1>
[PID: 1652][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1860][E:\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 200][E:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 264][C:\WINDOWS\VM_STI.EXE]  <VM.><4.2.610.4>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 292][E:\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [E:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [E:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 348][C:\Program Files\jmesoft\hotkey.exe]  <JME Co., Ltd.><1.0.0.0>
[PID: 396][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 412][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1064][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1348][C:\PROGRA~1\jmesoft\hkload.exe]  <N/A><N/A>
[PID: 2316][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3828][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
[PID: 3956][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.375\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
最后编辑2006-07-31 14:05:49
分享到:
gototop
 
品位人生1
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2006-07-30
  • 来自:
发表于: 2006-07-31 14:11 | 只看楼主 短消息 资料
字号: 2楼

:\WINDOWS\system32\dumprep.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNKernelFaultCheck2006-07-31 13:46删除 刚才重开机出现这个修改没同意
gototop
 
品位人生1
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2006-07-30
  • 来自:
发表于: 2006-07-31 14:13 | 只看楼主 短消息 资料
字号: 3楼

病毒名称处理结果扫描方式路径文件病毒来源
Trojan.Spy.KeySpy.ad清除成功手动扫描Rtvcan.exe>>C:\WINDOWS\system32\Rtvcan.exe本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\WINDOWS\system32cpap.dll本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\WINDOWS\system32rundll32.fwd本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\WINDOWS\system32command.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\WINDOWS\system32dxdiag.com>>VEUnpackFile本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.sys本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\WINDOWS\DebugDebugProgram.exe>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\WINDOWS1.fwc>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\WINDOWSExERoute.exe>>VEUnpackFile本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\L6P7ZKV3Rundl132[1].dll本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DW4F5XWTcacb[1].dll本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\M17K98NAa4[1].exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\M17K98NAa4[1].exe>>Rtvcan.sys本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\Program Files\Common Filesiexplore.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\Program Files\Internet Exploreriexplore.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027133.EXE>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027135.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027136.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027137.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027138.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027139.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027140.com>>VEUnpackFile本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027143.dll本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027145.com>>VEUnpackFile本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027702.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027707.sys本机
Trojan.Clicker.Agent.acd删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027721.dll本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027722.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027723.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027724.exe>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027725.exe>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027726.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027727.com>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027005.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027063.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027071.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027077.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027090.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027106.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027114.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP69A0027123.pif>>VEUnpackFile本机
Trojan.PSW.Misc.kah删除成功手动扫描D:pagefile.pif>>VEUnpackFile本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DW4F5XWTa4[1].exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\DW4F5XWTa4[1].exe>>Rtvcan.sys本机
Trojan.PSW.Misc.kah删除成功手动扫描D:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0027728.pif>>VEUnpackFile本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\XJ4F4FM7a4[1].exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\XJ4F4FM7a4[1].exe>>Rtvcan.sys本机
Trojan.PSW.QQPass.gen删除成功手动扫描C:\Program Files\Internet Explorer\HSPLUGINSsystem.sys本机
Trojan.PSW.QQPass.gen删除成功手动扫描C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP73A0030933.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.sys本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\FOUND.003FILE0011.CHK本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\WINDOWS\Tempalibaba2.exe>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad删除成功手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LYVWHARa4[1].exe>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf删除成功手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LYVWHARa4[1].exe>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0003.CHK>>Rtvcan.sys本机
Trojan.Spy.KeySpy.ad需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.exe>>VEUnpackFile本机
Trojan.Spy.Keylogger.vf需要解压缩后杀毒手动扫描C:\FOUND.003FILE0004.CHK>>Rtvcan.sys本机
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT