瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 机子中了厉害的毒...高手急救啊

1   1  /  1  页   跳转

机子中了厉害的毒...高手急救啊

收藏
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 16:04 | 显示全部 短消息 资料
字号: 1楼

机子中了厉害的毒...高手急救啊

不小心怎么就中了这个毒.就是一点盘里的一些程序 瑞星就会发现好多毒 然后就杀了.然后再点这些程序又会出现一样的这些毒..有时候哪个杀毒框就一直出现不段说发现某某毒在杀....汗是什么毒啊..
等下我把日志给大家看看 希望高手帮忙啊!!!
最后编辑2007-03-30 19:17:12
分享到:
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 16:06 | 显示全部 短消息 资料
字号: 2楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <333><C:\Syswm1i\svchost.exe>  [N/A]
    <4><C:\SysWsj7\svchost.exe>  [N/A]
    <66><C:\SysDayN6\svchost.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <联想标准功能键盘 Ver1.0.0.1><C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe>  [联想]
    <StateChange><C:\Program Files\lenovo\StateChange\QuakeII.exe>  [联想]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <RavTask><"E:\瑞星杀毒\Rising\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[星空极速]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
服务
[9EE248AC / 9EE248AC][Stopped/Auto Start]
  <C:\WINDOWS\system32\9EE248AC.EXE -service><Microsoft Corporation>
[DetectorSvc / DetectorSvc][Stopped/Manual Start]
  <><N/A>
[AMD PowerNow! (tm) Technology Service / GemServ][Stopped/Auto Start]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LexBce Server / LexBceS][Running/Auto Start]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Norton AntiVirus Auto Protect Service / navapsvc][Stopped/Manual Start]
  <""><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\瑞星杀毒\Rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\瑞星杀毒\Rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <><N/A>
[SymWMI Service / SymWSC][Stopped/Auto Start]
  <><N/A>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 16:08 | 显示全部 短消息 资料
字号: 3楼

正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\9EE248AC.DLL]  [Microsoft Corporation, ]
[PID: 660][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376][C:\WINDOWS\system32\LEXBCES.EXE]  [Lexmark International, Inc., 9.42]
    [C:\WINDOWS\system32\lexp2p32.dll]  [Lexmark International, Inc., 9.42]
    [C:\WINDOWS\system32\lex2kusb.dll]  [Lexmark International, Inc., 9.42]
[PID: 1412][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\LEXLMPM.DLL]  [Lexmark International, Inc., 96.9.42]
    [C:\WINDOWS\system32\LexBce.dll]  [Lexmark International, Inc., 9.42]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVCMPP5C.dll]  [Lenovo (Beijing) Ltd., 1.0.1.14]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\LVCMpwr.dll]  [Lenovo (Beijing) Ltd., 1, 0, 1, 0]
[PID: 1420][C:\WINDOWS\system32\LEXPPS.EXE]  [Lexmark International, Inc., 9.42]
    [C:\WINDOWS\system32\LEXBCE.DLL]  [Lexmark International, Inc., 9.42]
[PID: 1992][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7184]
[PID: 2032][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 180][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 504][C:\WINDOWS\system32\4DE07D56.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1828][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 264][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1628][C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe]  [联想, 1, 0, 0, 1]
    [C:\Program Files\联想\联想标准功能键盘\Ctrdev.dll]  [-, 1, 0, 0, 0]
    [C:\Program Files\联想\联想标准功能键盘\SKUtil.DLL]  [Silitek Corp., 1, 0, 7, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2428][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2664][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 6, 30, 11]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 7, 25, 15]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 6, 2, 14]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 2, 20, 1]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2005, 12, 22, 1]
    [C:\PROGRA~1\ChinaNet\PageFram.ocx]  [Workgroup, 2006, 9, 21, 21]
    [C:\PROGRA~1\ChinaNet\AccPage.ocx]  [, 6, 12, 6, 11]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 5, 26, 11]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 12, 5, 17]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 12, 5, 11]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 7, 19, 14]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 8, 23, 16]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [ , 2006, 5, 10, 14]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18,
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 16:08 | 显示全部 短消息 资料
字号: 4楼

[PID: 2608][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\DDTONG~1.DLL]  [北京新浪信息技术有限公司, 1, 2, 1, 5]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtinit.dll]  [北京新浪信息技术有限公司, 1, 2, 1, 7]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\DDTUpdate.dll]  [北京新浪信息技术有限公司, 1, 2, 1, 1]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtnews.ocx]  [北京新浪信息技术有限公司, 1, 1, 1, 5]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtcomm.dll]  [北京新浪信息技术有限公司, 1, 1, 0, 3]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtwea.ocx]  [北京新浪信息技术有限公司, 1, 1, 0, 7]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
    [C:\WINDOWS\system32\xunleibho_v5.dll]  [, 4, 3, 3, 30]
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [c:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtkillw.ocx]  [北京新浪信息技术有限公司, 1, 1, 0, 5]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.2937 (xpsp_sp2_gdr.060623-0002)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[PID: 4060][C:\WINDOWS\system32\4DE07D56.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2092][C:\WINDOWS\system32\4DE07D56.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3476][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3240][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\9EE248AC.DLL]  [Microsoft Corporation, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\system32\xunleibho_v5.dll]  [, 4, 3, 3, 30]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.50.5.0]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.24]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\Downloads\暴风播放器\Storm Codec\Codecs\TTL2Dec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\瑞星杀毒\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 2444][C:\WINDOWS\system32\4DE07D56.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1748][D:\Program Files\Thunder Network\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 5.1.5.189]
    [D:\Program Files\Thunder Network\Thunder\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Program Files\Thunder Network\Thunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 74]
    [D:\Program Files\Thunder Network\Thunder\log4cplus.dll]  [, 1, 0, 2, 1]
    [D:\Program Files\Thunder Network\Thunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Program Files\Thunder Network\Thunder\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [D:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [D:\Program Files\Thunder Network\Thunder\iEmbed.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 22]
    [D:\Program Files\Thunder Network\Thunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
    [D:\Program Files\Thunder Network\Thunder\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Thunder Network\Thunder\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 59]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[PID: 3548][D:\Program Files\BT\BitComet\Downloads\小电影\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 17:20 | 显示全部 短消息 资料
字号: 5楼

哎 机子过不久 瑞星就会发现这类的毒然后杀 过1个小时又一样..到底怎么办啊..怎么彻底删除掉啊....


病毒名称处理结果发现日期扫描方式路径文件
Trojan.PSW.RocOnline.bo删除成功2007-03-30 17:00文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\05CVKL8Zmoyu0328[1].exe
Trojan.PSW.WoWar.adi删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wow0328[1].exe
Trojan.PSW.WoWar.adi删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs2.exe
Trojan.PSW.OnlineGames.xz删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\05CVKL8Zjt0327[1].exe>>fsg2.0
Trojan.PSW.OnlineGames.xz删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs4.exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wm0328[1].exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs5.exe>>fsg2.0
Trojan.PSW.CabalOnLine.r删除成功2007-03-30 17:01文件监控C:\DOCUME~1\gogo\LOCALS~1\Tempupxdnd.dll
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wmsj0328[1].exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs9.exe>>fsg2.0
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 18:37 | 显示全部 短消息 资料
字号: 6楼

顶啊!高手指教啊!!!!!万分感谢!!
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 18:39 | 显示全部 短消息 资料
字号: 7楼

顶上去啊 希望有知道原因能解决的帮小弟啊.小弟我不会装系统也不会恢复系统 哎..能有不重装系统解决的办法吗
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 18:46 | 显示全部 短消息 资料
字号: 8楼

那你是怎么解决的啊.把系统还原一次吗?
可我系统还原是关闭的啊.还不起啊..怎么办!!
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 19:13 | 显示全部 短消息 资料
字号: 9楼

试了 还不起啊.我以前没设置还原点.没有还原点啊..怎么办 兄弟!!!
gototop
 
毒啊毒啊毒
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-03-30 19:24 | 显示全部 短消息 资料
字号: 10楼

先谢谢这位朋友了.不过我不会编辑注册表..晕死了.不晓得怎么办了..
瑞星咋就这么没用啊..一个病毒也杀不了..亏我用了几年了..今天碰到倒霉的毒了..
帮我啊....
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT