发表于: 2008-04-05 10:00 | 显示全部 短消息 资料
字号: 1楼

中多个Win32.Downloader.af及其他病毒 看下日志吧

几乎每个盘里的exe文件都被感染了 我还查到进程中有未知的网址活动着
帮忙看下日志吧
当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\rundll32.exe
E:\QQ2005\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\program files\internet explorer\iexplore.exe
E:\QQ2005\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
E:\程序\HijackThis1991zww.exe

O2 - BHO: (no name) - {00723EB0-3450-4D7B-8356-E3FD0E48E020} - C:\WINDOWS\system32\xllalobadf.dll (file missing)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\程序\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BT\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - (no file)
O2 - BHO: Thunder5下载辅助 - {EA2FCCA9-F44F-43DD-9724-9339950D103C} - C:\WINDOWS\ThunderHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\程序\getflash.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [HPDJ Taskbar Utility] ; C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - 启动项HKLM\\Run: [BigDogPath] ; C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [WangWang] ; "E:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"
O4 - 启动项HKLM\\Run: [Adobe Photo Downloader] "D:\mp3\3.0\Apps\apdproxy.exe"
O4 - 启动项HKLM\\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "E:\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunOnce: [repst] C:\WINDOWS\iprep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: QQ游戏启动加速程序.lnk = ?
O4 - Startup: 腾讯QQ.lnk = E:\QQ2005\QQ.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: msword.lnk = C:\WINDOWS\system32\ccwlae080331.exe
O8 - IE右键菜单中的新增项目: &使用BitComet下载 - res://E:\BT\BitComet\BitComet.exe/AddLink.htm
O8 - IE右键菜单中的新增项目: &使用BitComet下载全部链接 - res://E:\BT\BitComet\BitComet.exe/AddAllLink.htm
O8 - IE右键菜单中的新增项目: &使用BitComet下载本页视频 - res://E:\BT\BitComet\BitComet.exe/AddVideo.htm
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载 - E:\程序\jc_link.htm
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载全部链接 - E:\程序\jc_all.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ2005\AddEmotion.htm
O9 - 浏览器额外的按钮: BitComet 资源搜索 - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BT\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - 浏览器额外的按钮: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\程序\FlashGet.exe
O9 - 浏览器额外的“工具”菜单项: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\程序\FlashGet.exe
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://mybank.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBCNetSignG.dll
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.vnet.cn/VnetPluginIns.CAB
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://219.133.62.236/QQPlayer.cab
O16 - DPF: {DD713965-ECD7-407B-A886-FCF999BB6765} (SnSubmitControl Class) - http://jf.sdo.com/sndasec.cab
O16 - DPF: {E4CF9B52-A94E-4A27-AD90-904A81D0643A} (QPicControl Control) - http://www.paipai.com/activex/qpic.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {FABF66A6-9C3F-4FF4-9499-5B9F4AD6FD4B} (BigHead Control) - http://q-zone.qq.com/client/mall/BigheadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53548D7-E2DD-41D0-AF9F-687A97F422C0}: NameServer = 202.109.15.135 202.96.209.134
O17 - HKLM\Sys

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
最后编辑2008-04-05 10:00:36.640000000