瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 今天下午2点35分,中个该死的病毒

12   1  /  2  页   跳转

今天下午2点35分,中个该死的病毒

收藏
本主题由 版主 天月来了 于 2009-4-17 12:58:55 执行 合并主题 操作
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-16 20:52 | 只看楼主 短消息 资料
字号: 1楼

今天下午2点35分,中个该死的病毒

一开始小伞和KAKA自动全部关闭,然后主页被篡改,打开网站自动关闭,,,见鬼了。试了N次没办法,只要重新还原,一次,不行,2次,不行。。。N次。。。。
然后下了360顽固大全。。。。一检查。。。N多木马啊 首先是那啥 GRIL木马。中华吸血鬼。。。N多呀。不停的杀,不停的重新启动,安全模式进不去。。。也不知道搞了多久了,,,直到晚上8点,,我又还原了次系统,突然病毒没了。现在开心中,又恐怖中。

为什么我们的小伞检查不出来呢???????????

我现在开始对自己当初的选择犹豫了

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-16 20:56 | 只看楼主 短消息 资料
字号: 2楼

回复:今天下午2点35分,中个该死的病毒

对了,主页被改成了个和百度一模一样的网页,就是上面改成了个丑陋的大狗图象了。见鬼了,那到底是什么毒啊
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-16 21:07 | 只看楼主 短消息 资料
字号: 3楼

回复:今天下午2点35分,中个该死的病毒

哪个高手出来解释下啊,我现在还在不停的杀毒,还是害怕有残余的毒,要做噩梦啦
gototop
 
Fabregas
头像
叱咤花甲狮
  • 帖子:2863
  • 注册: 2008-03-01
  • 来自:
发表于: 2009-04-16 21:11 | 短消息 资料
字号: 4楼

回复:今天下午2点35分,中个该死的病毒

楼主的杀毒软件是什么版本?是否现在还能查到病毒?系统还有其它异常吗?
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-16 21:14 | 只看楼主 短消息 资料
字号: 5楼

回复:今天下午2点35分,中个该死的病毒

现在恢复正常了,但是怕呀。。。一想到那大尾巴狼我就怕,我现在是最新的版本,还是在不停的一便一便的杀,而且我的小伞不停在报ARP欺骗
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-17 12:50 | 只看楼主 短消息 资料
字号: 6楼

昨天杀了的病毒,今天我再次中了

还是那样,上午10.35分,我突然感觉机器有点卡,接着瑞星和卡卡自动下班了。。。我有点恐惧,那毒又回来了?????打开主页一看,娘的,果然,主页又变成了那大尾巴狼了。日我什么都没做就又被毒了。。。。
今天比昨天熟练了点,用360顽固杀(米办法,卡卡和小伞都下班了)。然后重新启动,继续杀,继续重新启动,,,来回3,4次。好象没了,不过机器还是慢,我就不明白这个是什么毒,怎么老中啊

那个大尾巴狼的网制是http://www3.07129.com/

今天我把查出来的毒记录了一下,各位高手看看我电脑到底怎么了,我什么都没搞 就中了
Scan @3686 No.1
Kill @4359 No.1
Scan by killers lpKiller->GetDescript(4) = zhxxg
szFilePath = C:\WINDOWS\tasks\alg.exe
KillFile szFilePath = C:\WINDOWS\tasks\alg.exe
KillFile nFlag      = 1
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = C:\GRIL.PIF
szFilePath      = C:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = D:\GRIL.PIF
szFilePath      = D:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = E:\GRIL.PIF
szFilePath      = E:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = F:\GRIL.PIF
szFilePath      = F:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = H:\GRIL.PIF
szFilePath      = H:\GRIL.PIF
nFlag          = 107
Fix important start registry @97!
m_szFilePath = D:\GRIL.PIF
m_dwCount= 0
m_szFilePath = H:\GRIL.PIF
m_dwCount= 0
m_szFilePath = C:\GRIL.PIF
m_dwCount= 0
m_szFilePath = F:\GRIL.PIF
m_dwCount= 0
m_szFilePath = E:\GRIL.PIF
m_dwCount= 0
m_szFilePath = C:\WINDOWS\tasks\alg.exe
m_dwCount= 0
Devastate File:C:\GRIL.PIF Flag:2Devastate File:D:\GRIL.PIF Flag:2Devastate File:E:\GRIL.PIF Flag:2Devastate File:F:\GRIL.PIF Flag:2Scan @3686 No.2
Kill @4359 No.2
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = C:\GRIL.PIF
szFilePath      = C:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = D:\GRIL.PIF
szFilePath      = D:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = E:\GRIL.PIF
szFilePath      = E:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = F:\GRIL.PIF
szFilePath      = F:\GRIL.PIF
nFlag          = 107
Scan by killers lpKiller->GetDescript(4) = TRJ.Win32.DL
szFilePath = H:\GRIL.PIF
szFilePath      = H:\GRIL.PIF
nFlag          = 107
Fix important start registry @97!
m_szFilePath = D:\GRIL.PIF
m_dwCount= 0
m_szFilePath = H:\GRIL.PIF
m_dwCount= 0
m_szFilePath = C:\GRIL.PIF
m_dwCount= 0
m_szFilePath = F:\GRIL.PIF
m_dwCount= 0
m_szFilePath = E:\GRIL.PIF
m_dwCount= 0
Devastate File:C:\GRIL.PIF Flag:2Devastate File:D:\GRIL.PIF Flag:2Devastate File:E:\GRIL.PIF Flag:2Devastate File:F:\GRIL.PIF Flag:2

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-17 12:55 | 只看楼主 短消息 资料
字号: 7楼

回复:昨天杀了的病毒,今天我再次中了

http://bbs.ikaka.com//showtopic-8616428.aspx

这个是我昨天发的帖子,谢谢了,大家帮帮我
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-17 13:02 | 只看楼主 短消息 资料
字号: 8楼

回复:今天下午2点35分,中个该死的病毒

斑竹你快来帮帮我啊。。。。

别老合并啊,也米人帮我。。。昏迷了
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-17 18:37 | 只看楼主 短消息 资料
字号: 9楼

回复:今天下午2点35分,中个该死的病毒

怎么米人帮我啊????在线等,我就想知道这个到底是什么毒。PS我刚用病毒防御者扫描的日子
这份系统诊断报告是由 [Autorun病毒防御者 2.3.3.180] 生成的。
病毒库日期:2009.04.17 00:51:10
======================================================
操作系统:Windows XP Professional (5.10.2600 [Service Pack 3])
系统语言:简体中文 (zh-cn)
物理内存:总量 2096492 KB,可用 1573636 KB。
IE浏览器版本:6.0.2900.5512

注册表启动项
======================================================
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>[8.1.4202.0, Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>[5.2.2801, Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>[6.14.11.7813, NVIDIA Corporation]
<nwiz><nwiz.exe /install>[, ]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>[6.14.11.7813, NVIDIA Corporation]
<RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>[21.0.0.22, Beijing Rising Information Technology Co., Ltd.]
<runeip><"D:\Program Files\kaka\rstray.exe" /startup>[21.0.0.16, Beijing Rising Information Technology Co., Ltd.]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Shell><Explorer.exe>
<Userinit><C:\WINDOWS\system32\Userinit.exe>
<UIHost><logonui.exe>

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

启动文件夹
======================================================
<N/A>

系统服务及驱动程序
======================================================
[ACPIEC][自动启动]
<System32\DRIVERS\ACPIEC.sys>[5.1.2600.0 (xpclient.010817-1148), Microsoft Corporation]
[CCDECODE][手动启动]
<system32\DRIVERS\CCDECODE.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[Dot3svc][手动启动]
<C:\WINDOWS\System32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
[EapHost][手动启动]
<C:\WINDOWS\System32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
[HDAudBus][手动启动]
<system32\DRIVERS\HDAudBus.sys>[5.10.01.5013 built by: WinDDK, Windows (R) Server 2003 DDK provider]
[HidUsb][自动启动]
<system32\DRIVERS\hidusb.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[hkmsvc][手动启动]
<C:\WINDOWS\System32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
[hookcont][自动启动]
<system32\drivers\HookCont.sys>[23, 0, 0, 6, Beijing Rising Information Technology Co., Ltd.]
[hooksys][自动启动]
<system32\drivers\HookSys.sys>[23, 0, 0, 53, Beijing Rising Information Technology Co., Ltd.]
[IntcAzAudAddService][手动启动]
<system32\drivers\RtkHDAud.sys>[5.10.0.5506 built by: WinDDK, Realtek Semiconductor Corp.]
[intelppm][自动启动]
<system32\DRIVERS\intelppm.sys>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
[kbdhid][自动启动]
<system32\DRIVERS\kbdhid.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[mouhid][自动启动]
<system32\DRIVERS\mouhid.sys>[5.1.2600.0 (XPClient.010817-1148), Microsoft Corporation]
[MSTEE][手动启动]
<system32\drivers\MSTEE.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[NABTSFEC][手动启动]
<system32\DRIVERS\NABTSFEC.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[napagent][手动启动]
<C:\WINDOWS\System32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
[NdisIP][手动启动]
<system32\DRIVERS\NdisIP.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[nv][手动启动]
<system32\DRIVERS\nv4_mini.sys>[6.14.11.7813, NVIDIA Corporation]
[nvrd32][自动启动]
<system32\DRIVERS\nvrd32.sys>[10.3.0.21 built by: WinDDK, NVIDIA Corporation]
[NVSvc][自动启动]
<C:\WINDOWS\system32\nvsvc32.exe>[6.14.11.7813, NVIDIA Corporation]
[ose][手动启动]
<C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE>[11.0.5525, Microsoft Corporation]
[PCIIde][自动启动]
<system32\DRIVERS\pciide.sys>[5.1.2600.0 (XPClient.010817-1148), Microsoft Corporation]
[RfwBase9][手动启动]
<system32\DRIVERS\rfwbase.sys>[21.0.0.2, Beijing Rising Information Technology Co., Ltd.]
[rfwtdi][自动启动]
<C:\Program Files\Rising\Ris\rfwtdi.sys>[21.0.0.7, Beijing Rising Information Technology Co., Ltd.]
[RisCCenter][自动启动]
<C:\Program Files\Rising\Ris\CCENTER.EXE>[21, 0, 0, 2, Beijing Rising Information Technology Co., Ltd.]
[RisTask][自动启动]
<C:\Program Files\Rising\Ris\RavTask.exe>[21, 0, 0, 24, Beijing Rising Information Technology Co., Ltd.]
[rsfwdrv][自动启动]
<C:\Program Files\Rising\Ris\rsfwdrv.sys>[21.0.0.46, Beijing Rising Information Technology Co., Ltd.]
[RsNTGDI][自动启动]
<system32\Drivers\RsNTGdi.sys>[21, 0, 0, 2, Beijing Rising Information Technology Co., Ltd.]
[RsRavMon][自动启动]
<C:\Program Files\Rising\Ris\RavMonD.exe>[21, 0, 0, 1, Beijing Rising Information Technology Co., Ltd.]
[RsScanSrv][自动启动]
<C:\Program Files\Rising\Ris\ScanFrm.exe>[21.0.0.11, Beijing Rising Information Technology Co., Ltd.]
[rtl8139][手动启动]
<system32\DRIVERS\RTL8139.SYS>[5.398.613.2003 built by: WinDDK, Realtek Semiconductor Corporation]
[SiFilter][已禁用]
<C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys>[1.0.0.11, Silicon Image, Inc.]
[SLIP][手动启动]
<system32\DRIVERS\SLIP.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[streamip][手动启动]
<system32\DRIVERS\StreamIP.sys>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[UMWdf][手动启动]
<C:\WINDOWS\system32\wdfmgr.exe>[5.2.3790.1230 built by: dnsrv(bld4act), Microsoft Corporation]
[usbaudio][手动启动]
<system32\drivers\usbaudio.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[usbccgp][手动启动]
<system32\DRIVERS\usbccgp.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[usbehci][手动启动]
<system32\DRIVERS\usbehci.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[usbohci][自动启动]
<system32\DRIVERS\usbohci.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[USBSTOR][手动启动]
<system32\DRIVERS\USBSTOR.SYS>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[usbvideo][手动启动]
<System32\Drivers\usbvideo.sys>[5.1.2600.5512 (xpsp.080413-2108), Microsoft Corporation]
[viamraid][自动启动]
<system32\DRIVERS\viamraid.sys>[5.1.6000.574, VIA Technologies inc,.ltd]
[WSTCODEC][手动启动]
<system32\DRIVERS\WSTCODEC.SYS>[5.3.2600.5512 (xpsp.080413-2108), Microsoft Corporation]

当前系统进程
======================================================
* [PID:716]<smss.exe><C:\WINDOWS\System32\smss.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:788]<csrss.exe><C:\WINDOWS\system32\csrss.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:812]<winlogon.exe><C:\WINDOWS\system32\winlogon.exe>[5.1.2600.5512 (xpsp.080413-2113), Microsoft Corporation]
* [PID:856]<services.exe><C:\WINDOWS\system32\services.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:868]<lsass.exe><C:\WINDOWS\system32\lsass.exe>[5.1.2600.5512 (xpsp.080413-2113), Microsoft Corporation]
* [PID:1024]<svchost.exe><C:\WINDOWS\system32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:1072]<svchost.exe><C:\WINDOWS\system32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:1188]<svchost.exe><C:\WINDOWS\System32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:1368]<svchost.exe><C:\WINDOWS\system32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:1396]<svchost.exe><C:\WINDOWS\system32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:1544]<spoolsv.exe><C:\WINDOWS\system32\spoolsv.exe>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
gototop
 
大尾巴小羊
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2009-04-16
  • 来自:
发表于: 2009-04-17 18:37 | 只看楼主 短消息 资料
字号: 10楼

回复:今天下午2点35分,中个该死的病毒

- <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\system32\mdimon.dll>[11.3.8166.2, Microsoft Corporation]
    - <C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll>[11.3.8166.2, Microsoft Corporation]
* [PID:520]<nvsvc32.exe><C:\WINDOWS\system32\nvsvc32.exe>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\kmon.dll>[1, 0, 0, 33, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\comx3.dll>[21.0.0.37, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\Syslay.dll>[21.0.0.6, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\system32\nvapi.dll>[6.14.11.7813, NVIDIA Corporation]
* [PID:600]<svchost.exe><C:\WINDOWS\system32\svchost.exe>[5.1.2600.5512 (xpsp.080413-2111), Microsoft Corporation]
* [PID:704]<alg.exe><C:\WINDOWS\System32\alg.exe>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\System32\kmon.dll>[1, 0, 0, 33, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <D:\Program Files\kaka\comx3.dll>[21.0.0.37, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\Syslay.dll>[21.0.0.6, Beijing Rising Information Technology Co., Ltd.]
* [PID:2020]<Explorer.EXE><C:\WINDOWS\Explorer.EXE>[6.00.2900.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\Program Files\FreeLaunchBar\flb.dll>[1.0.0.0, TrueSoft]
    - <C:\WINDOWS\system32\dot3api.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\dot3dlg.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\OneX.DLL>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\eappcfg.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\eappprxy.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\nvcpl.dll>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\NVRSZHC.DLL>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\nvapi.dll>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\nvshell.dll>[, ]
    - <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>[1.0.5.29, Thunder Networking Technologies,LTD]
    - <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>[5, 0, 8, 96, Thunder Networking Technologies,LTD]
    - <C:\WINDOWS\system32\sti.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\Program Files\Rising\Ris\RavScrCh.dll>[21.0.0.69, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\system32\vbscript.dll>[5.7.0.18066, Microsoft Corporation]
    - <C:\WINDOWS\system32\PRINTUI.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\wmdmlog.dll>[10.0.3790.3802, Microsoft Corporation]
* [PID:3004]<RUNDLL32.EXE><C:\WINDOWS\system32\RUNDLL32.EXE>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\system32\NvMcTray.dll>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\nvapi.dll>[6.14.11.7813, NVIDIA Corporation]
    - <C:\WINDOWS\system32\NVRSZHC.DLL>[6.14.11.7813, NVIDIA Corporation]
* [PID:3736]<RSTray.exe><D:\Program Files\kaka\rstray.exe>[21.0.0.16, Beijing Rising Information Technology Co., Ltd.]
* [PID:3672]<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
* [PID:476]<knownsvr.exe><D:\Program Files\kaka\knownsvr.exe>[6.0.0.14, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\NComm.dll>[6.0.0.11, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <D:\Program Files\kaka\comx3.dll>[21.0.0.37, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\Syslay.dll>[21.0.0.6, Beijing Rising Information Technology Co., Ltd.]
* [PID:3220]<CCenter.exe><C:\Program Files\Rising\Ris\CCENTER.EXE>[21, 0, 0, 2, Beijing Rising Information Technology Co., Ltd.]
* [PID:1888]<RavTask.exe><C:\Program Files\Rising\Ris\RavTask.exe>[21, 0, 0, 24, Beijing Rising Information Technology Co., Ltd.]
* [PID:2972]<ScanFrm.exe><C:\Program Files\Rising\Ris\ScanFrm.exe>[21.0.0.11, Beijing Rising Information Technology Co., Ltd.]
* [PID:4024]<conime.exe><C:\WINDOWS\system32\conime.exe>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\AppPatch\AcGenral.DLL>[5.1.2600.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
* [PID:3612]<RsTray.exe><C:\PROGRAM FILES\RISING\RIS\RSTRAY.EXE>[21.0.0.22, Beijing Rising Information Technology Co., Ltd.]
* [PID:436]<rsnetsvr.exe><C:\PROGRAM FILES\RISING\RIS\RSNETSVR.EXE>[21, 0, 0, 15, Beijing Rising Information Technology Co., Ltd.]
* [PID:332]<RavMonD.exe><C:\Program Files\Rising\Ris\RavMonD.exe>[21, 0, 0, 1, Beijing Rising Information Technology Co., Ltd.]
* [PID:3384]<RegGuide.exe><C:\Program Files\Rising\Ris\RegGuide.exe>[21.0.0.12, Beijing Rising Information Technology Co., Ltd.]
* [PID:2712]<QQ.exe><D:\Program Files\新建文件夹\QQ.exe>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQBaseClassInDll.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQHelperDll.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\BasicCtrlDll.dll>[8,0,1248,1851, TENCENT]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <D:\Program Files\新建文件夹\MFC42.DLL>[6.00.8665.0, Microsoft Corporation]
    - <D:\Program Files\新建文件夹\RICHED32.DLL>[5.00.2134.1, Microsoft Corporation]
    - <D:\Program Files\新建文件夹\RICHED20.dll>[5.31.23.1218, Microsoft Corporation]
    - <D:\Program Files\新建文件夹\QQAPI.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\LoginCtrl.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\LoginCtrlRes.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQRes.dll>[8,0,978,1833, TENCENT]
    - <D:\Program Files\新建文件夹\QQMainFrame.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\gdiplus.dll>[5.1.3102.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation]
    - <D:\Program Files\新建文件夹\UnReadMsgMgr.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQAllInOne.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\SCCore.dll>[1, 6, 0, 2, TENCENT]
    - <D:\Program Files\新建文件夹\CameraDll.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\CQQApplication.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\FlashAvatarDll.dll>[1, 0, 0, 1, ]
    - <D:\Program Files\新建文件夹\NewSkin.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\MailSummary.dll>[8,0,1234,1851, TENCENT]
    - <D:\Program Files\新建文件夹\QQSpace.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\UserDefinedHead.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQPlugin.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\vbscript.dll>[5.6.0.7426, Microsoft Corporation]
    - <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>[9,0,124,0, Adobe Systems, Inc.]
    - <C:\WINDOWS\system32\msdmo.dll>[, ]
    - <D:\Program Files\新建文件夹\QQAvatar.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\OEMApplication.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQKnowledgeSearch.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQGroupMng.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQPet.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQCustomFace.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\LongConnection.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQConfigPlugin.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQMagicFace.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\ImageOle.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QRingMng.dll>[8,0,1300,1881, TENCENT]
    - <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL>[11.0.8164, Microsoft Corporation]
    - <D:\Program Files\新建文件夹\QQLiveQMng.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\PhoneAPI.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\DialerAllinOne.dll>[1, 4, 0, 0, tencent]
    - <D:\Program Files\新建文件夹\GroupConnection.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\BQQApplication.dll>[8,0,1300,1881, TENCENT]
    - <C:\WINDOWS\system32\winabc.ime>[5.1.2600.5512, Microsoft Corporation]
    - <D:\Program Files\新建文件夹\CommercesMng.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\PersonalDesktop.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\QQAddr.dll>[5, 0, 101, 330, 深圳市腾讯计算机系统有限公司]
    - <D:\Program Files\新建文件夹\QQSceneMng.dll>[8,0,1300,1881, TENCENT]
    - <D:\Program Files\新建文件夹\AddrSearch.dll>[2, 3, 10, 12, Tencent]
    - <D:\Program Files\新建文件夹\QQSysMsgMng.dll>[8,0,1300,1881, TENCENT]
    - <C:\WINDOWS\system32\dot3api.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\dot3dlg.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\OneX.DLL>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\eappcfg.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\eappprxy.dll>[5.1.2600.5512 (xpsp.080413-0852), Microsoft Corporation]
    - <C:\WINDOWS\system32\WINWB86.IME>[4.00.950, Microsoft Corporation]
    - <C:\Program Files\Rising\Ris\RavScrCh.dll>[21.0.0.69, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\system32\vbscript.dll>[5.7.0.18066, Microsoft Corporation]
* [PID:452]<TXPlatform.exe><D:\Program Files\新建文件夹\TXPlatform.exe>[1, 5, 225, 0, Tencent]
* [PID:2396]<arvmon.exe><D:\TDDOWNLOAD\新建文件夹 (3)\arvmon.exe>[2.3.3.180, 任软工作室]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <D:\TDDOWNLOAD\新建文件夹 (3)\Vdata.dll>[2, 4, 0, 138, 任软工作室]
* [PID:272]<AutoGuarder.exe><D:\TDDOWNLOAD\新建文件夹 (3)\AutoGuarder.exe>[2.3.3.180, 任软工作室]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\Program Files\Rising\Ris\RavScrCh.dll>[21.0.0.69, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\system32\vbscript.dll>[5.7.0.18066, Microsoft Corporation]
    - <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>[9,0,124,0, Adobe Systems, Inc.]
* [PID:3356]<iexplore.exe><C:\Program Files\Internet Explorer\iexplore.exe>[6.00.2900.5512 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll>[6.0 (xpsp.080413-2105), Microsoft Corporation]
    - <C:\WINDOWS\system32\KakaTool.dll>[6, 0, 0, 3, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\syslay.dll>[21.0.0.6, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\comx3.dll>[21.0.0.37, Beijing Rising Information Technology Co., Ltd.]
    - <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>[1.0.5.29, Thunder Networking Technologies,LTD]
    - <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>[5, 0, 8, 96, Thunder Networking Technologies,LTD]
    - <C:\WINDOWS\system32\UrlFilter.dll>[6, 0, 0, 15, Beijing Rising Information Technology Co., Ltd.]
    - <D:\Program Files\kaka\UrlRule.dll>[1.0.0.15, Beijing Rising Information Technology Co., Ltd.]
    - <C:\Program Files\Microsoft Office\OFFICE11\msohev.dll>[11.0.5510, Microsoft Corporation]
    - <C:\Program Files\Rising\Ris\RavScrCh.dll>[21.0.0.69, Beijing Rising Information Technology Co., Ltd.]
    - <C:\WINDOWS\system32\vbscript.dll>[5.7.0.18066, Microsoft Corporation]
    - <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>[9,0,124,0, Adobe Systems, Inc.]
文件类型关联
======================================================
.exe文件:正常。["%1" %*]
.com文件:正常。["%1" %*]
.pif文件:正常。["%1" %*]
.bat文件:正常。["%1" %*]
.scr文件:正常。["%1" /S]
.vbs文件:正常。[%SystemRoot%\System32\WScript.exe "%1" %*]
.txt文件:正常。[C:\WINDOWS\notepad.exe %1]
.ini文件:正常。[C:\WINDOWS\System32\NOTEPAD.EXE %1]
.inf文件:正常。[%SystemRoot%\system32\NOTEPAD.EXE %1]
.hlp文件:正常。[%SystemRoot%\System32\winhlp32.exe %1]
.chm文件:正常。["hh.exe" %1]
.reg文件:正常。[regedit.exe "%1"]
.lnk文件:正常。[{00021401-0000-0000-C000-000000000046}]

IE浏览器相关设置
======================================================
当前IE主页:http://www.baidu.com/
当前IE搜索页:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
禁止IE主页修改:否

浏览器BHO
======================================================
[ThunderAtOnce Class]
<{01443AEC-0FD1-40fd-9C87-E93D1494C233}><C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>[1.0.5.29, Thunder Networking Technologies,LTD]

[Thunder Browser Helper]
<{889D2FEB-5411-4565-8998-1DD2C5261283}><C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>[5, 0, 8, 96, Thunder Networking Technologies,LTD]

[卡卡上网安全助手]
<{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}><C:\WINDOWS\system32\UrlFilter.dll>[6, 0, 0, 15, Beijing Rising Information Technology Co., Ltd.]


资源管理器HOOK项
======================================================
[URL 执行挂钩]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>[6.00.2900.5512 (xpsp.080413-2105), Microsoft Corporation]


IFEO映像劫持
======================================================
<N/A>

Hosts文件
======================================================
127.0.0.1      localhost

Autorun.inf文件及指向文件
======================================================
本地磁盘C: - 没有发现
本地磁盘D: - 没有发现
本地磁盘E: - 没有发现
本地磁盘F: - 没有发现
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT