求救！Worm.Magistr.d该怎么杀？？瑞星好象也无法解决！ bbs.ikaka.com

dollchen - 2007-5-15 11:12:00

求救！Worm.Magistr.d该怎么杀？？瑞星好象也无法解决！
重装好几次了，杀了好多，但重启还是有，瑞星杀毒软件一开机末启动就杀毒后发现很多程序被破坏，exe程序就没办法打开了，如果选择清除病毒后，程序就再也无法执行！！

病毒名称处理结果扫描方式路径文件病毒来源
Worm.Magistr.d 忽略手动扫描 C:\Documents and Settings\Administrator\My Documents peekPassword.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Documents and Settings\Default User\My Documents peekPassword.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Alcohol Soft\Alcohol 120 Alcohol.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Alcohol Soft\Alcohol 120 patch.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Analog Devices\SoundMAX install.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Analog Devices\SoundMAX Remove.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Common Files\Microsoft Shared\SQL Debugging sqldbreg2.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Common Files\System\MSSearch\Bin SearchStp.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Dachshund Software Integrator.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\FinalData\FinalData 2.0 OEM FinalData.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\FlashFXP3.3.5 FlashFXP.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\FlashGet UninstallLib.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\HyperSnap-DX 5 HprSnap5.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\MSN Messenger msnmsgr.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows Media Components\Encoder wmeditor.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows Media Components\Encoder wmenc.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows Media Components\Encoder WMEncAgt.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows Media Components\Encoder WMProEdt.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows Media Components\Encoder wmstreamedt.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Windows NT hypertrm.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Wom setup.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Wom Sysdoctor.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Wom Windows优化大师.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Wom WinMem.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Wom WinProcess.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Worldfax\etp etp.exe 本机
Worm.Magistr.d 忽略手动扫描 C:\Program Files\Worldfax\登录奇兵 V4.0 addurl.exe 本机
Worm.Magistr.d 忽略手动扫描 C: sndrec32.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\Need.For.Speed.Most.Wanted\极品飞车9\NFS9mcd2\修改器\英文版修改器 NFS9英文v1.2版无限金钱修改器.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\Need.For.Speed.Most.Wanted\极品飞车9\NFS9mcd2\修改器\英文版修改器 NFS9英文版12项属性修改器.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\win98se\tools\reskit\netadmin\poledit poledit.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\win98se\tools\reskit\netadmin\pwledit pwledit.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\win98se\tools\reskit\scrpting winset.exe 本机
Worm.Magistr.d 忽略手动扫描 D:\Windows Vista最新系统\Vista工具箱 V2.0.0.0_打开VISTA好多不为人知隐藏功能 bcdedit.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003 SETUP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 ADPREP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 AUTOCHK.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 AUTOFMT.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 EXPAND.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 LDIFDE.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 LLSSRV.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 NTSD.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 REGEDIT.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 SCHUPGR.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 SYSPARSE.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 TELNET.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 USETUP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386 WINNT32.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386\DRW DWWIN.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\I386\SYSTEM32 SMSS.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\SUPPORT\TOOLS GBUNICNV.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\SUPPORT\TOOLS MSRDPCLI.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\SUPPORT\TOOLS NETSETUP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\MGMT\DOMREN GPFIXUP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\MGMT\DOMREN RENDOM.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\MGMT\PBA PBAINST.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\NET\TOOLS TTCP.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\USMT LOADSTATE.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\USMT SCANSTATE.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\USMT SCANSTATE_A.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\VALUEADD\MSFT\USMT\ANSI SCANSTATE.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\Tools\IbmServ REGEDIT.EXE 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\b32a1fe2af8b36447eba28dff719359f\sp1qfe telnet.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\b32a1fe2af8b36447eba28dff719359f\sp1gdr telnet.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\bbacd378c3fe0a91b4146750d82f1cbc\sp1qfe hh.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\bbacd378c3fe0a91b4146750d82f1cbc\sp1gdr hh.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\efe7abd535b0c642264122be5cf4bbbb\update arpidfix.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\efe7abd535b0c642264122be5cf4bbbb\sp1qfe iedw.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\efe7abd535b0c642264122be5cf4bbbb\sp1gdr iedw.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\2aa7c4879eedd6161e6abff4aa9d6f70\update arpidfix.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\4e1d75878ce7800379d1943744d020fb\update arpidfix.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\5b5b6793e9fcb5770d055b37a760c478\update arpidfix.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\S-1-5-18\ed4d188969dc96371ff8a6a7a2b70e63\update arpidfix.exe 本机
Worm.Magistr.d 忽略手动扫描 L:\win2003\UpDate\d7eef7fd29f2fe0859b9e63633da43fd\update arpidfix.exe 本机
Worm.Magistr.d 清除成功手动扫描 C:\Program Files\HyperSnap-DX 5 HprSnap5.exe 本机
Worm.Magistr.d 忽略快捷扫描 C: sndrec32.exe 本机
Worm.Magistr.d 清除成功手动扫描 C: sndrec32.exe 本机

紧急求救各位大师！
谢谢！

姑苏残月 - 2007-5-15 11:25:00

你发的这个没什么用.
下载SRENG,扫描日志发上来吧

dollchen - 2007-5-16 9:42:00

扫描了，现发上来，请帮忙处理，很多人都有这个问题，瑞星根本无法杀毒，一清除就把程序也废了！
2007-05-16,09:25:41

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<ShutdownEventCheck><%systemroot%\system32\dumprep 0 -s> [N/A]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><""; C:\WINDOWS\system32\logon.scr""> [(Verified)Microsoft Corporation]

dollchen - 2007-5-16 9:42:00

启动文件夹
[Connector]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Connector.lnk --> C:\PROGRA~1\WaveFax\Client\WFAXConn.exe [WaveSource]><N>
[Wallpaper Calendar]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Wallpaper Calendar.lnk --> C:\PROGRA~1\zepsoft\WALLPA~1\WallCal3.exe [Zepsoft]><N>

==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Microsoft Search / MSSEARCH]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<d:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Remote Procedure Manager / RemoteProceManager]
<><N/A>
[Rising Personal Firewall Service / RfwService]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SmartLinkService / SLService]
<slserv.exe><>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[SQLSERVERAGENT / SQLSERVERAGENT]
<d:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[StarWind iSCSI Service / StarWindService]
<C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[WaveFax UpdateClient / WaveFax UpdateClient]
<C:\Program Files\WaveFax\Client\UpdCSrv.exe><>
[WDelMgr20 / WDelMgr20]
<C:\WINDOWS\system32\drivers\WDelMgr20.exe><N/A>

dollchen - 2007-5-16 9:43:00

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[aic78xx / aic78xx]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BEATUSB.sys Eratech USB driver / BEATUSB]
<System32\Drivers\beatusb.sys><Eratech Co.LTD.>
[d346bus / d346bus]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[i81x / i81x]
<system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0]
<system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1]
<system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2]
<system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3]
<system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4]
<system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5]
<system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6]
<system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7]
<system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0]
<system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1]
<system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3]
<system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4]
<system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5]
<system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6]
<system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[kdoxsc0 / kdoxsc01]
<\SystemRoot\System32\DRIVERS\kdoxsc01.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Mtlmnt5 / Mtlmnt5]
<system32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<system32\DRIVERS\Mtlstrm.sys><>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NtFsLdf20 / NtFsLdf20]
<C:\WINDOWS\SYSTEM32\DRIVERS\NtFsLdf20.SYS><Windows (R) 2000 DDK provider>
[NTSIM / NTSIM]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RecAgent / RecAgent]
<\SystemRoot\system32\DRIVERS\RecAgent.sys><>
[RioDrvs Usb Driver / RioDrvs]
<system32\DRIVERS\RioDrvs.sys><N/A>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt]
<system32\drivers\senfilt.sys><Sensaura>
[TP-Link AMR_PCI Driver / Slntamr]
<system32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<system32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<system32\DRIVERS\SlWdmSup.sys><>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[vax347b / vax347b]
<\SystemRoot\system32\DRIVERS\vax347b.sys><>
[vax347s / vax347s]
<\SystemRoot\System32\Drivers\vax347s.sys><>

dollchen - 2007-5-16 9:43:00

浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[IEHlprObj Class]
{999ADFA2-8AD1-47ff-97FC-69FB847458F4} <, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[听网]
{4e65fdf0-320e-11d4-b750-0050babe0290} <H:\iFly Info TEK\LTTN\LTTN.EXE, 中国科大讯飞信息科技股份有限公司>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}? <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[@msdxmLC.dll,-1@1033,&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[LKS Framer Control Object]
{00460182-9E5E-11D5-B7C8-B8269041DD57} <C:\WINDOWS\system32\lksframer.ocx, Landray(SZ) Management Consulting Support System CO.,LTD >
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[PGEdit Class]
{2BFAA61B-5C83-4865-8281-D8BDBF863061} <C:\WINDOWS\Downloaded Program Files\PG_ATL_Edit.dll, 银联网络支付集团有限公司>
[KX-HCM10 Control]
{2E28242B-A689-11D4-80F2-0040266CBB8D} <C:\WINDOWS\DOWNLO~1\kxhcm10.ocx, Kyushu Matsushita Electric Co.,Ltd.>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[cpu Class]
{7939AB8E-96A1-11D3-8997-00104BD12D94} <C:\WINDOWS\Downloaded Program Files\PCPitstop.dll, PC Pitstop>
[BL_Camera]
{87BE3784-6977-4E84-AA08-55A96B9CEAC5} <C:\WINDOWS\DOWNLO~1\BL_CAM~1.OCX, Panasonic Communications Co., Ltd.>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

dollchen - 2007-5-16 9:44:00

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 556][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 568][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 804][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1076][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1300][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1420][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000]
[D:\Program Files\Adobe\Acrobat 5.0\Distillr\ADistRes.CHS] [Adobe Systems Incorporated., 5.0.0.0]
[C:\WINDOWS\system32\wsfaxmon.dll] [N/A, N/A]
[PID: 1452][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1544][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1584][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)]
[PID: 1604][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1656][d:\MICROS~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0760.00]
[PID: 1780][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1800][C:\WINDOWS\system32\slserv.exe] [ , 2.80.00(24Apr2000)]
[PID: 1832][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1868][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1940][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1964][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 1980][C:\Program Files\WaveFax\Client\UpdCSrv.exe] [, 1, 0, 0, 1]
[PID: 2008][C:\WINDOWS\system32\drivers\WDelMgr20.exe] [N/A, N/A]
[PID: 296][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 388][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.0]
[PID: 924][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2328][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2936][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3220][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] [Zepsoft, 2.0.1.11]
[PID: 3228][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 3456][C:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 1, 0, 1, 1002]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 2, 1000]
[PID: 3464][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 3504][C:\Program Files\WaveFax\Client\WFAXConn.exe] [WaveSource, 6.5.2.89]
[C:\Program Files\WaveFax\Client\NWCLIENT.DLL] [Wavesource Technologies, 3.30]
[C:\Program Files\WaveFax\Client\IMPLODE.DLL] [N/A, N/A]
[C:\Program Files\WaveFax\Client\WFTiff.dll] [WaveSource, 3, 8, 0, 2]
[C:\Program Files\WaveFax\Client\DispThumb.dll] [, 1, 0, 0, 1]
[C:\Program Files\WaveFax\Client\BITMANI.dll] [N/A, N/A]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 3520][C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe] [Zepsoft, 3.0.2.87]
[C:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] [Zepsoft, 2.0.1.11]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 1908][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.5]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.5]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.5]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.3: 2007030919]
[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [N/A, N/A]
[PID: 3072][C:\sreng226605\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]

dollchen - 2007-5-16 9:44:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
10.1.1.82 koa.gmg.cn
10.1.1.10 www.gmg.cn
10.1.16.107 jmerp.gmg.cn
10.1.16.99 gmgitOA.gmg.cn
10.1.1.82 gmgoa.gmg.cn
10.1.1.182 mail.gmg.cn
10.1.1.182 gmg.cn

dollchen - 2007-5-16 13:21:00

Atvirus-king:您好!谢谢你的帮助,我已把附件附上,由于有病毒无法压缩成RAR文件,所以只好原件附上.只要一按清除,这个程序就无法运行,不清除一样无法运行!谢谢! 几乎所有的EXE文件都有.
DOLL

dollchen - 2007-5-18 11:52:00

http://forum.ikaka.com/topic.asp?board=28&artid=8310285

dollchen - 2007-5-18 11:53:00

还没有解决办法吗？看来瑞星的工程师都睡觉去了。哎……

dollchen - 2007-5-20 14:50:00

瑞星的工程师都睡觉去了

瑞星卡卡安全论坛