baby2258 - 2007-4-13 21:58:00
刚才不知道中了什么病毒,几乎所有的exe文件都打不开,注册表也能进去,也能上网,就是exe文件进不去,点了后瑞星就提示杀毒Trojan.PSW.RocOnline.ei[img][/img]
附件:
8666432007413215004.jpg
baby2258 - 2007-4-13 22:09:00
病毒名称 处理结果 发现日期 扫描方式 路径 文件 病毒来源
Worm.DlOnlineGames.g 清除成功 2007-04-13 20:24 手动扫描 IEXPLORE.EXE>>C:\program files\Internet Explorer\IEXPLORE.EXE 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 20:25 手动扫描 notepad.exe>>C:\WINDOWS\system32\notepad.exe 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 20:25 手动扫描 IEXPLORE.EXE>>C:\program files\Internet Explorer\IEXPLORE.EXE 本机
Trojan.PSW.OnlineGames.ajz 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp 1explore.exe 本机
Trojan.PSW.Agent.jrl 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp c0nime.exe>>UPX 本机
Trojan.PSW.OnLineGames.abj 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp crasos.exe>>UPX 本机
Trojan.PSW.RocOnline.ei 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp iexpl0re.exe 本机
Trojan.PSW.OnlineGames.ajy 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp Servere.exe 本机
Trojan.PSW.OnlineGames.ahu 删除成功 2007-04-13 20:26 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temp winlog0n.exe 本机
Trojan.PSW.OnLineGames.abj 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3PHLPBIJ image2[1].gif>>UPX 本机
Trojan.PSW.RocOnline.ei 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6YH0JK3D image1[1].gif 本机
Trojan.PSW.OnlineGames.ajy 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6YH0JK3D image4[1].gif 本机
Trojan.PSW.OnlineGames.ala 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6YH0JK3D image7[1].gif 本机
Trojan.PSW.Agent.jrl 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1Q3WXY7 image5[1].gif>>UPX 本机
Trojan.PSW.OnlineGames.ajz 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5Q7W12F image3[1].gif 本机
Trojan.PSW.OnlineGames.ahu 删除成功 2007-04-13 20:28 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S5Q7W12F image6[1].gif 本机
Trojan.PSW.OnlineGames.ala 删除成功 2007-04-13 20:32 手动扫描 C:\WINDOWS hcmdbcs.exe 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 21:03 手动扫描 F:\PES6\pes6补丁 (可选)\PES6reg_e PES6reg_e.exe 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 21:04 手动扫描 F:\PES6\pes6补丁 (可选) 注册表导入器.exe 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 21:04 手动扫描 F:\PES6\pes6补丁 (可选)\金钱修改器 pes6.exe 本机
Worm.DlOnlineGames.g 清除成功 2007-04-13 21:04 手动扫描 F:\PES6 settings.exe 本机
baby2258 - 2007-4-13 22:10:00
进程名称 路径 数值名称 数值数据 操作日期 操作方式 操作结果
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:06 修改 同意修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:06 修改 同意修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:06 修改 同意修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:07 修改 拒绝修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:07 修改 同意修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:07 修改 同意修改
C:\Program Files\Common Files\System\directdb.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN EXPLORER C:\Program Files\Common Files\System\wab32res.exe 2007-04-13 20:08 修改 同意修改
baby2258 - 2007-4-13 22:10:00
快帮帮我啊
baby2258 - 2007-4-13 22:19:00
呵呵
█ikaka█ - 2007-4-13 22:25:00
把瑞星升级到最新病毒库,杀下咯
勇闯猪罗纪 - 2007-4-13 22:32:00
| 引用: |
【█ikaka█的贴子】把瑞星升级到最新病毒库,杀下咯
……………… |
升到最病毒库杀毒,重起看下。如果还不行
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 关闭一切多余的程序。不然扫出来的日志太乱。
3 运行SREng.exe
4 智能扫描=》扫描=》保存报告
5 把日志中的报告完整拷贝贴上来,不要修改
baby2258 - 2007-4-13 22:38:00
好,我现在就去,谢谢你啊
baby2258 - 2007-4-13 22:46:00
[CODE]
2007-04-13,22:32:24
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
baby2258 - 2007-4-13 22:46:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<9yuvf8t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<vdyqydk30x><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe> [N/A]
<gm4xrdw01><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe> [N/A]
<vgvwqxz><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe> [N/A]
<u2s2wv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe> [N/A]
<ury51wwwl2whxl3><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<checkinstall><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\CheckInstall.exe> [N/A]
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe> [N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
==================================
baby2258 - 2007-4-13 22:46:00
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
=================================
baby2258 - 2007-4-13 22:47:00
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
<system32\drivers\cmaudio.sys><C-Media Inc>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[usb Card Device / ft2kEnum][Running/Manual Start]
<system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
<system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
<system32\DRIVERS\Chip_usb.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device / Reader_Device][Running/Manual Start]
<system32\DRIVERS\usbic2k.sys><OEM>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
==================================
baby2258 - 2007-4-13 22:47:00
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
==================================
baby2258 - 2007-4-13 22:48:00
正在运行的进程
[PID: 396][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1248][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 268][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2324][D:\Program Files\Alisoft\WangWang\WangWang.exe] [阿里软件(中国)有限公司, 5, 0, 0, 3]
[D:\Program Files\Alisoft\WangWang\AliViewCtrl.dll] [阿里软件(中国)有限公司, 1, 0, 0, 2]
[D:\Program Files\Alisoft\WangWang\VLNetwork.dll] [阿里软件(中国)有限公司, 1, 0, 0, 6]
[D:\Program Files\Alisoft\WangWang\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\Alisoft\WangWang\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\Alisoft\WangWang\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\Alisoft\WangWang\AliViewMedia.dll] [阿里软件(中国)有限公司, 1, 0, 0, 2]
[D:\Program Files\Alisoft\WangWang\VideoCap.dll] [, 1, 0, 0, 4]
[D:\Program Files\Alisoft\WangWang\VLAudio.dll] [阿里软件(中国)有限公司, 1, 0, 0, 5]
[D:\Program Files\Alisoft\WangWang\JsmShow.dll] [阿里软件(中国)有限公司, 1, 0, 0, 4]
[D:\Program Files\Alisoft\WangWang\AliSkin.dll] [TODO: <公司名>, 1.0.0.1]
[D:\Program Files\Alisoft\WangWang\zlib.dll] [, 1.2.3]
[D:\Program Files\Alisoft\WangWang\ww_network.dll] [, 1, 0, 1, 22]
[D:\Program Files\Alisoft\WangWang\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\Alisoft\WangWang\RICHED32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Alisoft\WangWang\RICHED20.dll] [Microsoft Corporation, 5.30.23.1221]
[D:\Program Files\Alisoft\WangWang\MessageNotify.dll] [, 1, 0, 0, 1]
[D:\Program Files\Alisoft\WangWang\Ali_Res.DLL] [N/A, ]
[D:\PROGRA~1\Alisoft\WangWang\TBATAB~1.OCX] [alibaba, 1, 0, 0, 1]
[D:\PROGRA~1\Alisoft\WangWang\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42]
[D:\PROGRA~1\Alisoft\WangWang\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\PROGRA~1\Alisoft\WangWang\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\Alisoft\WangWang\WangWangX4.dll] [阿里软件(中国)有限公司, 1, 0, 0, 1]
[D:\Program Files\Alisoft\WangWang\RichOne.dll] [阿里软件(中国)有限公司, 1.0.0.1]
[D:\Program Files\Alisoft\WangWang\TBProgress.dll] [阿里软件(中国)有限公司, 1.0.0.1]
[D:\Program Files\Alisoft\WangWang\tbATabControl.ocx] [alibaba, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[PID: 172][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]
==================================
baby2258 - 2007-4-13 22:48:00
=
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
baby2258 - 2007-4-13 22:48:00
谢谢了啊,都上来了,帮我看看吧
baohe - 2007-4-13 22:53:00
【回复“baby2258”的帖子】
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<9yuvf8t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<vdyqydk30x><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe> [N/A]
<gm4xrdw01><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe> [N/A]
<vgvwqxz><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe> [N/A]
<u2s2wv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe> [N/A]
<ury51wwwl2whxl3><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<checkinstall><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\CheckInstall.exe> [N/A]
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe> [N/A]
楼主节哀吧!
C:\Program Files\Common Files\System\wab32res.exe——————就这一个病毒,已经够你喝一壶的了!但愿杀软能“清除”所有被感染文件中的病毒代码且不影响其运行。
新版小欧 - 2007-4-13 22:57:00
| 引用: |
【baohe的贴子】【回复“baby2258”的帖子】
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<9yuvf8t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<vdyqydk30x><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe> [N/A]
<gm4xrdw01><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe> [N/A]
<vgvwqxz><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe> [N/A]
<u2s2wv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe> [N/A]
<ury51wwwl2whxl3><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<checkinstall><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\CheckInstall.exe> [N/A]
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe> [N/A]
楼主节哀吧!
C:\Program Files\Common Files\System\wab32res.exe——————就这一个病毒,已经够你喝一壶的了!但愿杀软能“清除”所有被感染文件中的病毒代码且不影响其运行。
……………… |
猫叔~~~~这么吓人~~~~用杀软可以恢复吧?
baby2258 - 2007-4-13 22:59:00
我现在把他删除了看怎么样,呵呵
baby2258 - 2007-4-13 23:02:00
| 引用: |
【baohe的贴子】【回复“baby2258”的帖子】
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<9yuvf8t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<vdyqydk30x><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe> [N/A]
<gm4xrdw01><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe> [N/A]
<vgvwqxz><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servere.exe> [N/A]
<u2s2wv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe> [N/A]
<ury51wwwl2whxl3><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe> [N/A]
<t><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<checkinstall><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\CheckInstall.exe> [N/A]
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe> [N/A]
楼主节哀吧!
C:\Program Files\Common Files\System\wab32res.exe——————就这一个病毒,已经够你喝一壶的了!但愿杀软能“清除”所有被感染文件中的病毒代码且不影响其运行。
……………… |
难道只能格盘了啊,装系统能解决了问题吗
天月来了 - 2007-4-13 23:12:00
还得全格,甚至估计得重新分区呢。
wangtian521ok - 2007-4-13 23:15:00
【回复“天月来了”的帖子】
请问是什么毒,必须全格,如何看出的?教教俺好吗?好厉害啊你们
天月来了 - 2007-4-13 23:24:00
你没听他自己说所有的.EXE文件点了都没反应吗?
可执行文件都感染了。
还不全格吗?
啥文件都不能要了。
如果当初他用了SSM控制进程发展,可能要好多了。
baby2258 - 2007-4-13 23:33:00
谢谢大家了,我格一下吧~!
subomaoming - 2007-4-13 23:53:00
请问这个病毒怎么回事啊?一开那个启动项吓死人拉~~但名字都很熟悉耶,究竟此毒是什么?咋这么厉害的???!!
baby2258 - 2007-4-13 23:57:00
真的不想格啊,难道没有好办法了吗
baby2258 - 2007-4-13 23:59:00
真的没有办法了吗,我几年的心血啊~
天月来了 - 2007-4-14 0:29:00
那你就照他们说的那些,先处理吧。
删除注册表里的项,然后删除文件。
再去多找几个杀软杀吧。
估计没用的了。
别折腾了,
以后记得常备份文件哦。
月之舞者 - 2007-4-14 0:44:00
表示同情!猫哥的话儿要牢记。
告诉你个避免格盘最好的方法,做个光盘备份,不用怕进病毒,硬盘的都不安全。
DVD光盘几元钱一张,恢复下备份也就最多20分钟,但是可以避免重新装机的烦恼。
我是来来 - 2007-4-14 6:17:00
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
© 2000 - 2026 Rising Corp. Ltd.