瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 worm.viking.gg病毒屡杀不尽,每天杀每天有。

1   1  /  1  页   跳转

worm.viking.gg病毒屡杀不尽,每天杀每天有。

收藏
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 16:09 | 显示全部 短消息 资料
字号: 1楼

worm.viking.gg病毒屡杀不尽,每天杀每天有。

这个病毒不知道什么原因,每天杀每天都有,头一次杀完后,再杀还有,郁闷,请高手帮忙,杀尽此毒。

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件附件:

下载次数:253
文件类型:application/octet-stream
文件大小:
上传时间:2007-9-18 16:09:59
描述:

最后编辑2007-09-19 14:58:04
分享到:
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 17:18 | 显示全部 短消息 资料
字号: 2楼

本机是单位里的服务器,每天都开着,此病毒也是从局域网内其他机子上传来的,其他机子重装后,基本搞定,但服务器就不敢下手了,还有其他手工清除的方法吗?谢谢!
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 17:22 | 显示全部 短消息 资料
字号: 3楼

[CODE]

2007-09-18,15:48:52

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <tpimis><c:\auto_z.bat>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINNT\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\3E00~1.SCR>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[pcAnywhere Host Service / awhost32][Stopped/Manual Start]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[java DataTrans / DataTrans][Stopped/Auto Start]
  <E:\lcm\wrapper.exe -s E:\lcm\\wrapper.conf><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\mssql\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MSSQLServerOLAPService / MSSQLServerOLAPService][Running/Auto Start]
  <d:\sql\as\Bin\msmdsrv.exe><Microsoft Corporation>
[Rav Net Agent / RavAgent][Running/Auto Start]
  <C:\Program Files\Rising\Rav\RavAgent.exe><北京瑞星科技股份有限公司>
[Rav Net Alert / RavAlert][Running/Auto Start]
  <C:\Program Files\Rising\Rav\RavAlert.exe><瑞星科技股份发展有限公司>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[RavUpdate / RavUpdate][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavUpdate.exe" ><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[RNReport / RNReport][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RNReport.exe"><瑞星科技股份发展有限公司>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <C:\Program Files\Rising\Rav\CCenter.exe><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <d:\mssql\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[atirage3 / atirage3][Running/Manual Start]
  <system32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[awlegacy / awlegacy][Running/System Start]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST][Stopped/Disabled]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
  <system32\DRIVERS\e1000nt5.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINNT\system32\new.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ramhshojn / ramhshojn][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ramhshojn.sys><N/A>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Java Plug-in 1.4.2]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2]
  {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 17:31 | 显示全部 短消息 资料
字号: 4楼


==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Java Plug-in 1.4.2]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2]
  {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 224][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\system32\PCANotify.dll]  [Symantec Corporation, 10.5.0.477]
[PID: 252][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 264][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 448][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Corporation Limited, 3, 1, 0, 36]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Corporation Limited, 3, 0, 1, 5]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\rfwrule.dll]  [Beijing Rising Technology Corporation Limited, 3, 1, 0, 0]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Corporation Limited, 3, 1, 0, 2]
[PID: 504][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 536][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
[PID: 676][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 704][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.6697]
[PID: 776][d:\mssql\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\mssql\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
    [d:\mssql\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.081.9031.018]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9031.4 built by: Lab06_N(dagbuild)]
    [d:\mssql\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\mssql\MSSQL\binn\xpstar.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [d:\mssql\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9031.014]
    [d:\mssql\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [d:\mssql\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\mssql\MSSQL\binn\Resources\2052\xpstar.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\sqlmap70.dll]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 804][d:\sql\as\Bin\msmdsrv.exe]  [Microsoft Corporation, 8.00.194]
    [d:\sql\as\Bin\msmdad.dll]  [Microsoft Corporation, 8.00.194]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9031.4 built by: Lab06_N(dagbuild)]
[PID: 924][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1024][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 17:32 | 显示全部 短消息 资料
字号: 5楼


[PID: 1024][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 1180][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1280][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 1376][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.0]
[PID: 1596][d:\mssql\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [d:\mssql\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9031.014]
    [d:\mssql\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [d:\mssql\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\mssql\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\mssql\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [d:\mssql\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\SQLSRV32.dll]  [Microsoft Corporation, 2000.081.9031.014]
    [C:\WINNT\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.081.9031]
    [C:\WINNT\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
[PID: 1632][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\ravext.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINNT\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1976][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9031.014]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2004][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1960][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2276][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 592][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 2284][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\BDEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\BDEX.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\BDLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
[PID: 1404][C:\Program Files\Rising\Rav\RavAlert.exe]  [瑞星科技股份发展有限公司, 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PlugIn\RptMC.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2]
    [C:\Program Files\Rising\Rav\PlugIn\AltP936.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 5]
    [C:\Program Files\Rising\Rav\PlugIn\MalAlrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2]
    [C:\Program Files\Rising\Rav\PlugIn\TrpPlgIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 6]
    [C:\Program Files\Rising\Rav\RsSnmp.dll]  [, 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\MBPlgIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2]
    [C:\Program Files\Rising\Rav\PlugIn\NLPlgIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2]
[PID: 2540][C:\Program Files\Rising\Rav\RavUpdate.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 2488][C:\Program Files\Rising\Rav\RNReport.exe]  [瑞星科技股份发展有限公司, 19, 0, 0, 15]
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-18 17:33 | 显示全部 短消息 资料
字号: 6楼


[PID: 2488][C:\Program Files\Rising\Rav\RNReport.exe]  [瑞星科技股份发展有限公司, 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
[PID: 2508][C:\Program Files\Rising\Rav\RavAgent.exe]  [北京瑞星科技股份有限公司, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Strategy.dll]  [Rising, 19, 0, 0, 14]
[PID: 1780][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 936][C:\WINNT\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1236][C:\Program Files\Rising\Rav\RAVTASK.EXE]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1724][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Corporation Limited, 3, 1, 0, 18]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 17, 0, 0, 40]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 17, 0, 0, 17]
    [c:\program files\rising\rfw\PngDll.dll]  [Rising, 17, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\program files\rising\rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
[PID: 976][C:\Program Files\Rising\Rav\RAVMON.EXE]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1336][C:\Program Files\Rising\Rav\RavService.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1120][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1952][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 9148][C:\Program Files\Rising\Rav\RavControl.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 57]
    [C:\Program Files\Rising\Rav\Comm.dll]  [北京瑞星科技股份有限公司, 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\Rav\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RavControl936.dll]  [瑞星科技股份发展有限公司, 19, 0, 0, 57]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 11276][C:\WINNT\system32\mdm.exe]  [Microsoft Corporation, 6.00.8424]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 10636][E:\share\装机必备\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\share\装机必备\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 804, D:\SQL\AS\BIN\MSMDSRV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1376, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1976, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 592, C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2284, C:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1404, C:\PROGRAM FILES\RISING\RAV\RAVALERT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2540, C:\PROGRAM FILES\RISING\RAV\RAVUPDATE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2488, C:\PROGRAM FILES\RISING\RAV\RNREPORT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2508, C:\PROGRAM FILES\RISING\RAV\RAVAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1780, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1236, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1724, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 976, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1336, C:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1120, C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1952, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1952, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 9148, C:\PROGRAM FILES\RISING\RAV\RAVCONTROL.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-19 08:16 | 显示全部 短消息 资料
字号: 7楼

【回复“Andy1977”的帖子】

本机是服务器,我想问一下,这几个可疑的文件能删吗?
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-19 15:05 | 显示全部 短消息 资料
字号: 8楼

【回复“日不懂啊”的帖子】
超级巡警,瑞星,江民,还有金山的都试过了,杀完了当时没有,过几天就又会出现上百个。很是郁闷。
gototop
 
生命之水
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2007-02-14
  • 来自:
发表于: 2007-09-19 15:08 | 显示全部 短消息 资料
字号: 9楼

【回复“日不懂啊”的帖子】
前两天还下了个农夫维金专杀试了试,也是不行。请高手再支招。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT