【求助】多次格式化硬盘后病毒还在（在线等待高手解决） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】多次格式化硬盘后病毒还在（在线等待高手解决）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

【求助】多次格式化硬盘后病毒还在（在线等待高手解决）

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 15:04 \| 显示全部短消息资料字号：小中大 1楼【求助】多次格式化硬盘后病毒还在（在线等待高手解决）系统时间被改为2003年，我用PQ格式化C盘N次，再重装系统N次，瑞星杀毒软件的监控系统依旧被关闭，用冰刃查看却没有任何隐藏进程，请问哪位高手又碰到这种问题， 2007-05-10 21:36:24
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	分享到：

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 15:07 \| 显示全部短消息资料字号：小中大 2楼是呀
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 15:12 \| 显示全部短消息资料字号：小中大 3楼中文版的冰刃现在打不开了，郁闷
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 19:05 \| 显示全部短消息资料字号：小中大 4楼在线等待，求救呀
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:03 \| 显示全部短消息资料字号：小中大 5楼没有呀，所以我很郁闷，在线等待，哪位高手能指点下。一开IE或者EXE文件，瑞星监控系统就自动被关闭。我自己编写的程序也会
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:06 \| 显示全部短消息资料字号：小中大 6楼进程名称路径数值名称数值数据操作日期操作方式操作结果 C:\Documents and Settings\Administrator.ZND44IGLM5M1VNE\「开始」菜单\程序\启动\Reboot.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Execute C:\WINDOWS\System32\Tools\DelFolders.exe 2007-05-09 11:59 修改拒绝修改 D:\装机必备工具\powershadow_ch_2.8.2.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN RunShadowTip C:\WINDOWS\system32\shadow\ShadowTip.exe 2007-05-09 12:03 修改同意修改 C:\WINDOWS\system32\Rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN CTFMON.EXE C:\WINDOWS\system32\CTFMON.EXE 2007-05-09 12:04 修改同意修改 C:\Program Files\Internet Explorer\iexplore.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.baidu.com/ 2007-05-09 12:21 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\csrss.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wosa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\woso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\svchost32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN ztsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\ztso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\smss.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN mhsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\mhso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\services.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN fysa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\fyso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN jtsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\jtso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\conime.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wlsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\wlso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\ctfmon.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wgsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\wgso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\mmc.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wmsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\wmso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\IEXPLORE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN qjsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\qjso.exe 2007-05-09 12:32 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\stpgldk.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN rxsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\rxso.exe 2007-05-09 12:33 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\srogm.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wdsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\wdso.exe 2007-05-09 12:33 修改同意修改 C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\spglsdr.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN tlsa C:\DOCUME~1\ADMINI~1.ZND\LOCALS~1\Temp\tlso.exe 2007-05-09 12:33 修改同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN rxsa 2007-05-09 12:36 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wosa 2007-05-09 12:43 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN mhsa 2007-05-09 12:43 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wlsa 2007-05-09 12:43 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN jtsa 2007-05-09 12:44 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN tlsa 2007-05-09 12:44 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wdsa 2007-05-09 12:44 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN qjsa 2007-05-09 12:44 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wgsa 2007-05-09 12:44 删除同意修改 C:\ftc\Trojanwall.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN fysa 2007-05-09 12:44 删除同意修改 C:\WINDOWS\System32\WScript.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN wmsa 2007-05-09 12:46 删除同意修改 C:\windows\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Windows木马防 2007-05-09 19:50 删除同意修改 C:\windows\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN dsa 2007-05-09 19:50 修改同意修改大家复制到TXT文本就可以看清楚了，就不会乱乱的。我自己也是学电脑的，很郁闷呀，都没见过这是啥病毒。
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:07 \| 显示全部短消息资料字号：小中大 7楼我连打开文本TXT文件都会自动关闭瑞星监控，哭呀
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:27 \| 显示全部短消息资料字号：小中大 8楼我都和你说了没有autorun.inf
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:34 \| 显示全部短消息资料字号：小中大 9楼高手等等，马上发
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:	发表于： 2007-05-09 20:38 \| 显示全部短消息资料字号：小中大 10楼 [CODE] 2007-05-09,20:26:30 System Repair Engineer 2.4.12.806 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Windows木马防火墙><C:\ftc\Trojanwall.exe> [风云谷] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe> [PowerShadow] <Windows木马防><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] <{03F6E661-0D5F-3FAD-3E2B-E261E3CB6CD2}><C:\Program Files\Internet Explorer\PLUGINS\HiJack.dll> [Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Shadow System Service / ShadowSystemService][Running/Auto Start] <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [BaseTDI / BaseTDI][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] <system32\DRIVERS\ipinip.sys><N/A> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司> [NetGroup Packet Filter Driver / NPF][Running/Manual Start] <system32\drivers\npf.sys><CACE Technologies> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising> [Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start] <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [SiS AGP Filter / SISAGP][Running/Boot Start] <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation> [SiSide / SiSide][Running/Boot Start] <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.> [sisidex / sisidex][Running/Boot Start] <\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider> [Add Performance Filter Driver / sisperf][Running/Boot Start] <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.> ================================== 浏览器加载项 [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.> [Bootstrapper Class] {FC7D9E02-3F9E-11D3-93C0-00C04F72DAF7} <C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe, Microsoft Corporation> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_007.dll, Thunder Networking Technologies,LTD> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [&使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A> [&使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
hellop 初生襁褓狮帖子:18 注册: 2007-05-09 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT