1   1  /  1  页   跳转

[求助] 求救,请问是什么病毒啊!

收藏
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 01:17 | 显示全部 短消息 资料
字号: 1楼

求救,请问是什么病毒啊!

内网服务器所有EXE文件都变成图片那个人头,重启后又没了!本机的杀毒软件已禁用!重装杀毒软件又杀不出毒,双击EXE文件提示Windows无法访问指定设备路径或文件,您可能没有合适的权限访问这个项目,请问有什么解决方法!多谢。


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
分享到:
gototop
 
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 01:18 | 显示全部 短消息 资料
字号: 2楼

回复:求救,请问是什么病毒啊!

请高手帮忙!2003操作系统
gototop
 
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 11:35 | 显示全部 短消息 资料
字号: 3楼

回复 4F networkedition 的帖子

[CODE]

2011-04-22,11:35:33

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Explorer><; C:\WINDOWS\system32\drivers\TXPlatform.exe>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTRAY><"C:\Program Files\Rising\RAV\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <UnlockerAssistant><; "D:\Program Files\Unlocker\UnlockerAssistant.exe">  []
    <ms08_067_patch><; "C:\WINDOWS\system32\nap32.exe" /run>  [Beijing Rising Information Technology Co., Ltd.]
    <nod32kui><; "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <lsc><C:\Program Files\louyue\LSC\lsc.exe>  [搂月工作室]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser>  [(Verified)Microsoft Windows Publisher]

==================================
gototop
 
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 11:35 | 显示全部 短消息 资料
字号: 4楼

回复 4F networkedition 的帖子

启动文件夹
[Cool_GameSetup]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Cool_GameSetup.exe -->  [File is missing]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM Automatic Server Restart Service for IPMI / ibmiasrw][Running/Auto Start]
  <C:\WINDOWS\system32\IBMIASRW.EXE -s><IBM Corporation>
[Kingdee iMTS Event Server / ImtsEventSvr][Stopped/Manual Start]
  <C:\Program Files\Kingdee\K3ERP\k3Standard\KDIMTS\BIN\ImtsEventSvr.exe><Kingdee>
[Kingdee iMTS Service / iMTSService][Stopped/Auto Start]
  <C:\Program Files\Kingdee\K3ERP\k3Standard\KDIMTS\iMTSService.exe><Kingdee>
[Kingdee K/3 Background Task Service for .NET / KDBackgroundService][Stopped/Auto Start]
  <"C:\Program Files\Kingdee\K3ERP\k3Standard\K3NetSite\BIN\Kingdee.K3.PUBLIC.BkgSvcHost.exe"><金蝶软件(中国)研发中心>
[KDDelegateService / KDDelegateService][Stopped/Manual Start]
  <C:\Program Files\Kingdee\K3ERP\k3Standard\KDDelegateService.exe><(File is missing)>
[Kingdee K/3 service manager for .NET / KDSvrMgr][Stopped/Auto Start]
  <"C:\Program Files\Kingdee\K3ERP\k3Standard\K3NetSite\App_Data\Kingdee.K3.PUBLIC.KDSvrMgrHost.exe"><金蝶软件(中国)研发中心>
[KDSvrMgrService / KDSvrMgrService][Stopped/Auto Start]
  <C:\Program Files\Kingdee\K3ERP\k3Standard\KDSYSTEM\KDCOM\KDSvrMgrService.exe><KINGDEE>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\RAV\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>

==================================
驱动程序
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[Adaptec SAS/SATA-II RAID Storport's Miniport Driver / arcsas][Running/Boot Start]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Stopped/Manual Start]
  <system32\DRIVERS\e1000325.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[EfiSystemMon / EfiMon][Stopped/System Start]
  <System32\Drivers\Efimon.sys><N/A>
[HookPort / HookPort][Stopped/Boot Start]
  <\SystemRoot\\??\C:\WINDOWS\system32\drivers\hookport.sys><N/A>
[hooksys / hooksys][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Hooksys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookTdi / HookTdi][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\HookTdi.sys><Beijing Rising Information Technology Co., Ltd.>
[HyperVM / HyperVM][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\hvm.sys><Beijing Rising Information Technology Co., Ltd.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[IPMI / IPMI][Running/Manual Start]
  <system32\DRIVERS\IPMI.sys><Avocent Corporation.>
[ksapi / ksapi][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ksapi.sys><Kingsoft Corporation>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
gototop
 
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 11:36 | 显示全部 短消息 资料
字号: 5楼

回复 4F networkedition 的帖子

==================================
浏览器加载项
N/A

==================================
正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 768 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 908 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.26]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1096 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1404 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1436 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe]  [(Verified) Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1792 / SYSTEM][C:\WINDOWS\system32\IBMIASRW.EXE]  [IBM Corporation, 1.07]
    [C:\WINDOWS\system32\ibmsp6w.dll]  [IBM Corporation, 1.15]
    [C:\WINDOWS\system32\raw.dll]  [Avocent Corporation, 2.2.1.2]
[PID: 1812 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)]
[PID: 2004 / pos][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [D:\Program Files\360\360Safe\Utils\shell360ext.dll]  [360.cn, 7, 5, 0, 1005]
    [C:\WINDOWS\system32\ravext.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6]
    [C:\Program Files\Rising\RAV\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\360\360Safe\360Common.dll]  [360.cn, 7, 3, 0, 1021]
[PID: 500 / pos][C:\Program Files\Rising\RAV\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\Program Files\Rising\RAV\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.13]
    [C:\Program Files\Rising\RAV\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RAV\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RAV\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [C:\Program Files\Rising\RAV\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\Program Files\Rising\RAV\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.11]
    [C:\Program Files\Rising\RAV\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RAV\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RAV\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\Rising\RAV\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.88]
    [C:\Program Files\Rising\RAV\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.6]
    [C:\Program Files\Rising\RAV\UsbServ.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RAV\ScanTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.54]
    [C:\Program Files\Rising\RAV\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RAV\dfw.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.66]
    [C:\Program Files\Rising\RAV\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.30]
    [C:\Program Files\Rising\RAV\GCompt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.49]
    [C:\Program Files\Rising\RAV\Isol.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [C:\Program Files\Rising\RAV\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RAV\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 288 / pos][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1040 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\xpsqlbot.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\xputility.dll]  [N/A, ]
[PID: 2116 / SYSTEM][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
gototop
 
fenccn
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2011-04-22
  • 来自:
发表于: 2011-04-22 11:36 | 显示全部 短消息 资料
字号: 6楼

回复 4F networkedition 的帖子

[PID: 2144 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2196 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2344 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2604 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SEMMAP.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\SEMMAP.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlagent.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLAGENT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\DBmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 2704 / pos][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 3276 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3980 / SYSTEM][C:\Program Files\Rising\RAV\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [C:\Program Files\Rising\RAV\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16]
    [C:\Program Files\Rising\RAV\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RAV\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RAV\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RAV\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [C:\Program Files\Rising\RAV\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RAV\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.23]
    [C:\Program Files\Rising\RAV\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RAV\mondrvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\RAV\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 61]
    [C:\Program Files\Rising\RAV\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RAV\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RAV\mondrvm.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 32]
    [C:\Program Files\Rising\RAV\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 33]
    [C:\Program Files\Rising\RAV\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 55]
    [C:\Program Files\Rising\RAV\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [C:\Program Files\Rising\RAV\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RAV\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RAV\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8]
    [C:\Program Files\Rising\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\RAV\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RAV\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RAV\hookTdi.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9]
    [C:\Program Files\Rising\RAV\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 50]
    [C:\Program Files\Rising\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RAV\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RAV\bawhite.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RAV\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.31]
    [C:\Program Files\Rising\RAV\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68]
    [C:\Program Files\Rising\RAV\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17]
    [C:\Program Files\Rising\RAV\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 28]
    [C:\Program Files\Rising\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [C:\Program Files\Rising\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RAV\scantj.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9]
    [C:\Program Files\Rising\RAV\extsfx.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [C:\Program Files\Rising\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RAV\extarch.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [C:\Program Files\Rising\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RAV\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.64]
    [C:\Program Files\Rising\RAV\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 96]
    [C:\Program Files\Rising\RAV\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26]
    [C:\Program Files\Rising\RAV\extcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4]
    [C:\Program Files\Rising\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [C:\Program Files\Rising\RAV\scanmac.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
[PID: 3988 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3556 / pos][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1976 / pos][\\xsj-jimmy\2\sreng2\SREngLdr.EXE]  [N/A, ]
[PID: 1504 / pos][\\xsj-jimmy\2\sreng2\SRE71605a11.EXE]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1504, C:\WINDOWS\\XSJ-JIMMY\2\SRENG2\SRE71605A11.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT