瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.DL.HTML.Ieframe.c这个家伙害人吗附日志?

12   2  /  2  页   跳转

Trojan.DL.HTML.Ieframe.c这个家伙害人吗附日志?

收藏
溶溶小月
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2006-05-09
  • 来自:
发表于: 2007-07-24 09:07 | 显示全部 短消息 资料
字号: 11楼

[PID: 2096 / wfr][C:\Program Files\AutoCAD 2004\acad.exe]  [Autodesk, Inc., R16.00.086]
    [C:\WINDOWS\SYSTEM32\SYSFER.DLL]  [Sygate Technologies, Inc., 1.0.0]
    [C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\ac1st16.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\AutoCAD 2004\MSVCP70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\acdb16.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\AcGe16.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\MFC70.DLL]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\AutoCAD 2004\acui16.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\ANav.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\adui16.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\dswhip.dll]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\heidi8.dll]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\dlint8.dll]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\SFTTABAC.dll]  [Softel vdm, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\UserData.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\adlmdll.dll]  [Autodesk, Inc., 4.0.0.2]
    [C:\Program Files\AutoCAD 2004\adctrls.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\WINDOWS\system32\MFC70CHS.DLL]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\AutoCAD 2004\adui16res.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AnavRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acui16res.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\DsWhipRes.dll]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\sfttabacRes.dll]  [Softel vdm, 16.0.0.86]
    [C:\DOCUME~1\wfr\LOCALS~1\Temp\~effbdf\~df394b.tmp]  [N/A, ]
    [C:\DOCUME~1\wfr\LOCALS~1\Temp\~effbdf\~de8c3a.tmp]  [, 2.20.020]
    [C:\Program Files\AutoCAD 2004\ADCtrlsRes.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acadbtn.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acadres.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\adlmres.dll]  [Autodesk, Inc., 4.0.0.2]
    [C:\Program Files\AutoCAD 2004\PrxyInet.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\PrxyInetRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\oleaprot.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\colorRes.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\drv\gdi8.hdi]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\drv\gdi8Res.dll]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\drv\szb8.hdi]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\drv\rblast8.hdi]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\drv\gdifont8.hdi]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\acgs.dll]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acgsRes.dll]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
    [C:\Program Files\AutoCAD 2004\hcreg8.dll]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\hcreg8Res.dll]  [Autodesk, Inc., 8.0.16.86]
    [C:\Program Files\AutoCAD 2004\vl.arx]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\VLMSG.DLL]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\VLLIB.DLL]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcApp.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcDblClkEdit.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcDblClkEditPE.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcDblClkEditRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acdim.arx]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\ShareAC.dll]  [Autodesk, Inc, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\ShareMFC.dll]  [Autodesk, Inc, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcDimRes.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\aceplotx.arx]  [Autodesk, 16.0.0.86]
    [c:\program files\common files\autodesk shared\achapi16.dbx]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcEplotXRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\achlnkui.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\achlnkuiRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcIDropMgr.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcIDropMgrRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcLayerP.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcLayerPRes.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcSign.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcSignRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcSpaceTrans.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcSpaceTransRes.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcStd.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcStStdRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcTp.arx]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcTc.DLL]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcTcUi.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcTcRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\AcTcUiRes.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\whohas.arx]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\whohasRes.dll]  [, 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\acetlodr.arx]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\WSCommCntrAcCon.arx]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\WSCommCntrAcConRes.dll]  [Autodesk, 16.0.0.86]
    [C:\THSOFT\PCCAD2004\TH_ARXBase.arx]  [N/A, ]
    [C:\THSOFT\PCCAD2004\pccadbas.arx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\NSLMS324.DLL]  [Rainbow Technologies, Inc., 5,31,0,0]
    [C:\Program Files\AutoCAD 2004\MSVCI70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\THSOFT\PCCAD2004\thpaperset.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\TH_PowerPara.arx]  [, 1, 0, 0, 1]
    [c:\program files\common files\thsoft shared\CalculateExpressValue30n.DLL]  [TianHe Software Company Beijing P.R.CHINA, 3, 0, 0, 2]
    [C:\THSOFT\PCCAD2004\TH_ParaFace.dll]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\para3.dll]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\pchide.arx]  [N/A, ]
    [C:\WINDOWS\system32\DAO360.DLL]  [Microsoft Corporation, 03.60.3714.5]
    [C:\THSOFT\PCCAD2004\pccaddim.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\THDimTolerance.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\THsPartDraw.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\RclickMenu.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\TH_const.arx]  [N/A, ]
    [C:\THSOFT\PCCAD2004\THCurvetext.arx]  [Autodesk, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\THCadToolKit.arx]  [, 2, 0, 0, 1]
    [C:\Program Files\AutoCAD 2004\axdb16.dll]  [, ]
    [C:\THSOFT\PCCAD2004\SuperTable.arx]  [, 1, 0, 0, 1]
    [C:\THSOFT\PCCAD2004\PcCreateView.arx]  [, 1, 0, 0, 1]
    [C:\Program Files\AutoCAD 2004\vlcom.dll]  [Autodesk Inc., 16.0.0.86]
    [C:\Program Files\AutoCAD 2004\vlreac.dll]  [Autodesk, Inc., 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
[PID: 2240 / wfr][C:\DOCUME~1\wfr\LOCALS~1\Temp\~e5d141.tmp]  [Macrovision Europe Ltd., 1, 0, 0, 1]
    [C:\WINDOWS\SYSTEM32\SYSFER.DLL]  [Sygate Technologies, Inc., 1.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 2864 / wfr][C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe]  [Autodesk, Inc., 1.0.0.1]
    [C:\WINDOWS\SYSTEM32\SYSFER.DLL]  [Sygate Technologies, Inc., 1.0.0]
    [C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll]  [Autodesk, Inc., 1.0.0.1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 3880 / wfr][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\SYSFER.DLL]  [Sygate Technologies, Inc., 1.0.0]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4072 / wfr][E:\movie\流水\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\SYSTEM32\SYSFER.DLL]  [Sygate Technologies, Inc., 1.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
    [E:\movie\流水\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
溶溶小月
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2006-05-09
  • 来自:
发表于: 2007-07-24 09:08 | 显示全部 短消息 资料
字号: 12楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1648, C:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1672, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1520, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1836, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2240, C:\DOCUME~1\WFR\LOCALS~1\TEMP\~E5D141.TMP]

==================================
API HOOK
入口点错误:NtCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtCreateKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtCreateThread (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtDeleteFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtOpenKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtRenameKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtSetInformationFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtSetValueKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwCreateKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwCreateThread (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwDeleteFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwOpenFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwRenameKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwSetInformationFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)
入口点错误:ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\SYSTEM32\SYSFER.DLL)

==================================
隐藏进程
N/A

==================================
gototop
 
溶溶小月
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2006-05-09
  • 来自:
发表于: 2007-07-24 09:09 | 显示全部 短消息 资料
字号: 13楼

以上是我的日志啊,拜托各位来指点下啊!
gototop
 
溶溶小月
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2006-05-09
  • 来自:
发表于: 2007-07-24 09:11 | 显示全部 短消息 资料
字号: 14楼

一个版主也不在?5555555555,我哭了
gototop
 
溶溶小月
头像
初生襁褓狮
  • 帖子:47
  • 注册: 2006-05-09
  • 来自:
发表于: 2007-07-24 10:46 | 显示全部 短消息 资料
字号: 15楼

顶上去!好心的高手快来帮忙啊!
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT