瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 好多毒啊,杀不绝,老问题~~~~请明白人给指点下(附扫描,半夜在线等)

1   1  /  1  页   跳转

好多毒啊,杀不绝,老问题~~~~请明白人给指点下(附扫描,半夜在线等)

收藏
小R人物
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-02-06
  • 来自:
发表于: 2007-08-17 23:19 | 只看楼主 短消息 资料
字号: 1楼

好多毒啊,杀不绝,老问题~~~~请明白人给指点下(附扫描,半夜在线等)

我的机器只要上网就出现病毒,而且重起后自动关闭我的瑞星监控,但是我可以手动打开,
可瑞星监控杀掉毒,一会又再次出现,而且我的QQ还总是有外地人上号~~~
下面是我刚扫的日志和病毒名称路径,谢谢指点啦~~
[CODE]

2007-08-17,22:52:58

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <C-Media Mixer><Mixer.exe /startup>  [C-Media Electronic Inc. (www.cmedia.com.tw)]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RAVZTMON><C:\Program Files\Internet Explorer\RAVZTMON.exe>  []
    <RAVWDMON><C:\Program Files\Internet Explorer\RAVWDMON.exe>  []
    <RAV00A0><C:\WINDOWS\System32\RAV00A0.exe>  []
    <RAVWLMON><C:\Program Files\Internet Explorer\RAVWLMON.exe>  []
    <RAVJZMON><C:\Program Files\Internet Explorer\RAVJZMON.exe>  []
    <AVPDH><C:\WINDOWS\System32\AVPDH.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <WinSys><C:\WINDOWS\IG.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
    <twin><C:\WINDOWS\System32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><wlfpri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins>  []
    <{7A65498A-7653-9801-1647-987114AB7F47}><C:\WINDOWS\System32\zxgpri.dll>  []
    <{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys>  []
    <{42311A42-AC1B-158F-FD32-5674345F23A4}><C:\WINDOWS\System32\dhdpri.dll>  []
    <{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys>  []
    <{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win>  []
    <{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat>  []
    <{759AFD5B-159F-ACD8-954C-ACD545FA6587}><C:\WINDOWS\System32\jzgpri.dll>  []
    <{3182C1EB-375C-573D-1F5E-234552345213}><C:\WINDOWS\System32\wlfpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
最后编辑2007-08-17 23:19:16
分享到:
gototop
 
小R人物
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-02-06
  • 来自:
发表于: 2007-08-17 23:19 | 只看楼主 短消息 资料
字号: 2楼

启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
  <C:\Documents and Settings\user1\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\新建文~1\QQ.exe [TENCENT]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[1111111 / This web][Stopped/Auto Start]
  <C:\WINDOWS\System32\wnipsvr.exe><Microsoft Corporation>
[Windows Accounts Driver / WindowsRemote][Running/Auto Start]
  <C:\WINDOWS\System32\rising51.exe><N/A>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[IGALIVE / IGALIVE][Running/Auto Start]
  <\??\C:\Program Files\IGALIVE\IGALIVE.sys><N/A>
[LT Modem Driver / ltmodem5][Running/Manual Start]
  <System32\DRIVERS\ltmdmnt.sys><LT>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[NPPTNT2 / NPPTNT2][Running/Manual Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, ShenZhen Thunder Networking Technologies Ltd.>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <E:\新建文件夹\AddEmotion.htm, N/A>
[解霸实时播放]
  <C:\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>
gototop
 
小R人物
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-02-06
  • 来自:
发表于: 2007-08-17 23:20 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
[PID: 844 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 928 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
[PID: 1024 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 1264 / user1][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.win]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\System32\SHQMANGR.DLL]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 1344 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
[PID: 1440 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
[PID: 1744 / user1][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.46]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.8]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
[PID: 588 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 720 / user1][C:\WINDOWS\IG.exe]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
[PID: 760 / user1][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
[PID: 812 / SYSTEM][C:\WINDOWS\System32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
[PID: 1288 / SYSTEM][C:\WINDOWS\System32\rising51.exe]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 3956 / user1][C:\WINDOWS\winow.exe]  [N/A, ]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\winow.dll]  [N/A, ]
[PID: 2868 / user1][C:\WINDOWS\wmsj.exe]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\video.dll]  [N/A, ]
[PID: 3380 / user1][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
[PID: 576 / user1][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\System32\zxgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
[PID: 1952 / user1][C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.484\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\jzgpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVJZMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWLMON.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVWDMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\RAVZTMON.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\zxgpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlfpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\dhdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.484\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]

==================================
gototop
 
小R人物
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-02-06
  • 来自:
发表于: 2007-08-17 23:21 | 只看楼主 短消息 资料
字号: 4楼

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSSQL Tcpip [TCP/IP]
    C:\WINDOWS\System32\mssql.dll(, N/A)
MSSQL Tcpip [UDP/IP]
    C:\WINDOWS\System32\mssql.dll(, N/A)

==================================
Autorun.inf
[C:\]
[autorun]
open=Hide.exe
[E:\]
[AutoRun]
open=AutoRun.exe
shellexecute=AutoRun.exe
shell\打开(&O)\command=AutoRun.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1744, C:\WINDOWS\MIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1744, C:\WINDOWS\MIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 720, C:\WINDOWS\IG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3956, C:\WINDOWS\WINOW.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3956, C:\WINDOWS\WINOW.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2868, C:\WINDOWS\WMSJ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2868, C:\WINDOWS\WMSJ.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 576, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 576, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-08-17 23:27 | 短消息 资料
字号: 5楼

加我qq 帮你弄 qq通过悄悄话发给你
gototop
 
小R人物
头像
初生襁褓狮
  • 帖子:55
  • 注册: 2006-02-06
  • 来自:
发表于: 2007-08-17 23:29 | 只看楼主 短消息 资料
字号: 6楼

今天一天所出现的病毒名称:
Trojan.PSW.Win32.RBLand.z
Trojan.PSW.Win32.RBLand.y
Trojan.PSW.Win32.RBLand.y
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.DL.JS.Agent.lkq
Trojan.DL.JS.Small.lhe
Trojan.DL.VBS.Agent.ac
今天一天的病毒路径:
c:\docume~1\user1\locals~1\temp
c:\docume~1\user1\locals~1\temp
c:\docume~1\user1\locals~1\temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\KHM3QBK1
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\C5UVKDIZ
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\1455RHLV
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\BF15P9H2
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\UQAP95OI
c:\docume~1\user1\locals~1\temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\1455RHLV
C:\WINDOWS
c:\documents and settings\user1\local settings\temporary internet files\content.ie5\o9avo16f
c:\windows
c:\program files
C:\DOCUME~1\user1\LOCALS~1\Temp
c:\documents and settings\user1\local settings\temporary internet files\content.ie5\bf15p9h2
c:\program files
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\O9AVO16F
C:\WINDOWS
c:\documents and settings\user1\local settings\temporary internet files\content.ie5\o9avo16f
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
c:\docume~1\user1\locals~1\temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\W9MZO1U7
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\AFUJI9IB
C:\DOCUME~1\user1\LOCALS~1\Temp
c:\docume~1\user1\locals~1\temp
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\Content.IE5\AFUJI9IB
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
C:\DOCUME~1\user1\LOCALS~1\Temp
c:\docume~1\user1\locals~1\temp
c:\docume~1\user1\locals~1\temp
C:\DOCUME~1\user1\LOCALS~1\Temp
c:\docume~1\user1\locals~1\temp
c:\docume~1\user1\locals~1\temp
今天一天的病毒文件
7.exe>>upack0.39
20.exe>>upx_c
20.exe>>upx_c
5.exe
5.exe
ifuckhackerdewife[1].js
downloader1[1].htm
2209[1].htm
847[1].htm
sw3003[1].htm
20.exe>>upx_c
1[1].exe
sys332.exe
3[1].exe>>upack0.39
timhost.exe>>upack0.39
pro8.exe>>upx_c
370837722248.tmp
8[1].exe>>upx_c
pro14.exe>>nspack
370837722248.tmp
1[1].exe
sys332.exe
14[1].exe>>nspack
370837713992.tmp
370837705776.tmp
370837731984.tmp
5.exe
7.exe>>upack0.39
ga[1].exe
ga.exe
ga[1].exe
5.exe
7.exe>>upack0.39
ga[1].exe
ga.exe
ga.exe
ga.exe
5.exe
7.exe>>upack0.39
20.exe>>upx_c
5.exe
7.exe>>upack0.39
20.exe>>upx_c

Trojan.DL.VBS.Agent.ad
Trojan.DL.Agent.JS.ab
Trojan.PSW.Win32.RBLand.y
Worm.Viking.tl
Worm.Viking.tl
Trojan.PSW.Win32.RBLand.z
Trojan.PSW.Win32.RBLand.z
Trojan.PSW.Win32.SunOnline.ak
Trojan.DL.JS.Small.lhe
Trojan.PSW.Win32.SunOnline.ak
Trojan.PSW.Win32.QQPass.qpk
Trojan.DL.VBS.Agent.cgk
Worm.Viking.tl
Worm.Viking.tl
Trojan.PSW.Win32.QQPass.qpk
Trojan.DL.VBS.Agent.cgk
Trojan.DL.VBS.Agent.cgk
Trojan.DL.VBS.Agent.cgk
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.PSW.Win32.RBLand.z
Worm.Win32.Agent.ipe
Worm.Win32.Agent.ipe
Worm.Win32.Agent.ipe
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.PSW.Win32.RBLand.z
Worm.Win32.Agent.ipe
Worm.Win32.Agent.ipe
Worm.Win32.Agent.ipe
Worm.Win32.Agent.ipe
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.PSW.Win32.RBLand.z
Trojan.PSW.Win32.RBLand.y
Trojan.PSW.Win32.OnlineGames.xpj
Trojan.PSW.Win32.RBLand.z
Trojan.PSW.Win32.RBLand.y
愿意帮忙的哥们可以加我qq2047103等你到天亮
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT