瑞星卡卡安全论坛
闪电风暴 - 2006-8-27 16:01:00
| 引用: |
【baohe的贴子】
使IceSword失灵的木马——不是没有!
……………… |
如果IceSword的驱动能正常加载,估计不太好搞.
同理,木马要利用这个技术,也得正常加载驱动.这一点是瞒不过SSM的.
唉,防患于未然啊..
闪电风暴 - 2006-8-27 16:04:00
引用 PJF话语:
驱动被拦截是很正常的,本来加载驱动就是初始化的步骤,一个程序还没运行,你想指望他保护自己或是做别的事可能吗?一些恶意代码的确使IS加载失败,采用随机驱动名就可以避免,不过到时又会有新招出来破坏的,呵呵。很忙所以没去管它。出现初始化失败[1],[2]是很明显有恶意代码,它们这么做也就暴露了自身,你可以使用别的工具,或是干脆重装系统。
lvxin - 2006-8-27 17:10:00
各位大哥谁告诉我,瑞星的A盘进病毒了怎么办呀
lvxin - 2006-8-27 17:12:00
各位大哥谁告诉我,瑞星的A盘进病毒了怎么办呀,我刚做好系统,装杀毒时,把瑞星A盘放到软区里系统就蹦了,该怎么办呀?
闪电风暴 - 2006-8-27 17:24:00
软盘有问题
baohe - 2006-8-27 18:36:00
| 引用: |
【doublel4529的贴子】Logfile of HijackThis v1.99.1
Scan saved at 15:17:18, on 2006-8-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
d:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.752\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "d:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra ''Tools'' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra ''Tools'' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120026452035
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4CBBE0-D5BA-4F13-A8CE-B95D1D00E011}: NameServer = 202.102.128.68 202.102.134.68
O20 - AppInit_DLLs: KB371662M.LOG
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Aication (tographicServices) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe (file missing)
版主,拜托你了,请把处理方法详细的告诉我,我太菜,太专业看不懂的啦!!!
……………… |
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: Aication (tographicServices) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe (file missing)
修复这两项。重扫日志看看。
注意安全 - 2006-8-27 20:06:00
学习了,给个SSM的下载地址吧
baohe - 2006-8-27 20:44:00
| 引用: |
【注意安全的贴子】学习了,给个SSM的下载地址吧
……………… |
http://www.syssafety.com/files.html
volit - 2006-8-27 21:23:00
为什么我这下载地址打不开呢,哭
baohe - 2006-8-27 21:25:00
| 引用: |
【volit的贴子】为什么我这下载地址打不开呢,哭
……………… |
如果你在局域网中,可能不能直接访问国外网站。
找个免费代理即可。
doublel4529 - 2006-8-27 22:00:00
【回复“baohe”的帖子】
怎么修复呢?
doublel4529 - 2006-8-27 22:04:00
| 引用: |
【baohe的贴子】| 引用: | 【doublel4529的贴子】Logfile of HijackThis v1.99.1
Scan saved at 15:17:18, on 2006-8-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
d:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.752\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "d:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra ''''Tools'''' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra ''''Tools'''' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120026452035
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4CBBE0-D5BA-4F13-A8CE-B95D1D00E011}: NameServer = 202.102.128.68 202.102.134.68
O20 - AppInit_DLLs: KB371662M.LOG
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Aication (tographicServices) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe (file missing)
版主,拜托你了,请把处理方法详细的告诉我,我太菜,太专业看不懂的啦!!!
……………… |
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: Aication (tographicServices) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe (file missing)
修复这两项。重扫日志看看。
……………… |
怎么修复呢?
天堂精灵 - 2006-8-27 22:41:00
佩服啊!我以后要多学习学习了.
影子110 - 2006-8-28 1:12:00
| 引用: |
【doublel4529的贴子】| 引用: | 【baohe的贴子】| 引用: | 【doublel4529的贴子】
……………… |
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: Aication (tographicServices) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe (file missing)
修复这两项。重扫日志看看。
……………… |
怎么修复呢?
……………… |
扫描后,在这两项前打上勾,点下面的修复即可~
影子110 - 2006-8-28 1:19:00
| 引用: |
【闪电风暴的贴子】
如果IceSword的驱动能正常加载,估计不太好搞.
同理,木马要利用这个技术,也得正常加载驱动.这一点是瞒不过SSM的.
唉,防患于未然啊..
……………… |
呵呵,是啊~
Icesword不可能在启动时就加载驱动的(我是说在平时)
所以,如果木马据有了SSM的技术,在杀软或最少可以在ICESWORD前启动自己的服务,阻止正常驱动的加载~那可该怎么办~?(驱动加载失败~~~)
彻底得为病毒火了 - 2006-8-28 3:26:00
好啊
可是好复杂……
看的头都晕……
彻底得为病毒火了 - 2006-8-28 3:27:00
最近烦死 下载的杀毒的东西本身都有毒
哎……
闪电风暴 - 2006-8-28 8:57:00
| 引用: |
【影子110的贴子】
呵呵,是啊~
Icesword不可能在启动时就加载驱动的(我是说在平时)
所以,如果木马据有了SSM的技术,在杀软或最少可以在ICESWORD前启动自己的服务,阻止正常驱动的加载~那可该怎么办~?(驱动加载失败~~~)
……………… |
IceSword的"重启并监视"应该是可以的.
IceSword的驱动加载十分奇怪.SSM拦截注册表:
HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES
创建:IsPub118=%system%\Ispub118.sys
删除:IsPub118=%system%\Ispub118.sys
拦截文件创建结果:
创建:%system%\Ispub118.sys
删除:%system%\Ispub118.sys
IceSword加载驱动成功后就会把注册表里的信息和驱动文件"删除".
我想可能是采用隐藏术隐藏了.
影子110 - 2006-8-28 9:44:00
而且,它好像只需要成功加载一次就可以了~以后再运行直接双击,(不需要再加载驱动~)
如果系统启动后,运行过一次ICESWORD,并成功加载了驱动,那可能就挡不住它再次运行了,(除非你禁止它的程序的运行~~~)
闪电风暴 - 2006-8-28 10:30:00
的确,只加载一次
virusmaster - 2006-8-28 10:49:00
3、重启系统。??
既然重启,进入DOS删除岂不更方便更快?呵呵
闪电风暴 - 2006-8-28 11:18:00
DOS有时候找不到文件,而且对于NTFS的读写还是有问题
baohe - 2006-8-28 11:20:00
| 引用: |
【virusmaster的贴子】3、重启系统。??
既然重启,进入DOS删除岂不更方便更快?呵呵
……………… |
进入DOS删除病毒文件是有先决条件的。
1、NTFS格式的系统,如果没有特殊的DOS工具,你怎么在DOS下删除系统中的病毒文件?
2、在这里发帖寻求解决方案的网友,熟悉DOS操作的有多少?
§龙骄子§ - 2006-8-28 11:36:00
怎么决人回我的贴啊。不会是你们这些大虾也没办法吧
洛漫Tic - 2006-8-28 13:05:00
学习了
呖呖呖呖 - 2006-8-28 13:28:00
感谢分享 辛苦了
oyxh - 2006-8-28 14:29:00
怎么汉化SSM?
§龙骄子§ - 2006-8-28 14:51:00
就一个实时监控为什么打不开都不给答复,版主和各位大虾们也太冷落新来的会员了吧。5555555555555555555555555555555555555555555555555555555555555555555555
以后不来了。
闪电风暴 - 2006-8-28 16:19:00
| 引用: |
【oyxh的贴子】怎么汉化SSM?
……………… |
SSM是多国语言的,可以切换到中文
特攻队2 - 2006-8-28 17:13:00
explorer.exe这个软件是电脑本身都有的吗?还是在哪个网子下载的?
© 2000 - 2026 Rising Corp. Ltd.