瑞星卡卡安全论坛
最新病毒? - 2007-6-25 0:23:00
trojan.psw.win32.roconline.c
trojan.psw.win32.onlinegames.cmn
trojan.psw.win32.onlinegames.ckw
trojan.psw.win32.onlinegames.clc
trojan.psw.win32.worldonline.g
trojan.psw.win32.xyonline.i
trojan.psw.win32.zhuanxian.a
trojan.win32.mnless.kks
等病毒,我是昨天为了查看一些空调的资料,在某个网站上中的,直接把我的卡卡助手,
瑞星杀毒软件强制关闭了。(我的是正版)重起后杀毒,完了重起又有。又换安全模式
下杀毒,老样子,GHOST被破坏,不可以恢复。备份文件在,就是GHOST,不能用,病毒
原因吧,重装GHOST也不可用。
只好该天重装系统了。扎的就杀不了呢?
最新病毒? - 2007-6-25 0:31:00
Trojan.PSW.Win32.WorldOnline.g 删除成功 2005-06-19 08:37 手动扫描 C:\WINDOWS\system32 nwizwlwzs.dll 本机
Trojan.PSW.Win32.ZhuanXian.a 删除成功 2005-06-19 08:37 手动扫描 C:\WINDOWS\system32 nwizzhuxians.dll 本机
Trojan.PSW.Win32.WorldOnline.e 删除成功 2005-06-19 08:37 手动扫描 C:\WINDOWS\system32 nwizwmgjs.dll 本机
Trojan.PSW.Win32.OnlineGames.clc 删除成功 2005-06-19 08:47 手动扫描 C:\Documents and Settings\Alen\Local Settings\Temporary Internet Files\Content.IE5\63E76D2Z wm0612[1].exe>>upack0.36 本机
Trojan.PSW.Win32.XYOnline.i 删除成功 2005-06-19 08:47 手动扫描 C:\Documents and Settings\Alen\Local Settings\Temporary Internet Files\Content.IE5\63E76D2Z dh0616[1].exe>>upack0.39 本机
Trojan.PSW.Win32.ZhuanXian.a 删除成功 2005-06-19 08:47 手动扫描 C:\Documents and Settings\Alen\Local Settings\Temporary Internet Files\Content.IE5\0XMBCDIR zx0616[1].exe>>upack0.39 本机
Trojan.PSW.Win32.XYOnline.i 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006747.exe>>upack0.39 本机
Trojan.PSW.Win32.WorldOnline.g 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006727.dll 本机
Trojan.PSW.Win32.RocOnline.c 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006728.dll 本机
Trojan.PSW.Win32.XYOnline.i 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006736.dll 本机
Trojan.PSW.Win32.WorldOnline.g 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006749.exe>>upack0.36 本机
Trojan.PSW.Win32.RocOnline.c 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006750.exe>>upack0.39 本机
Trojan.PSW.Win32.OnlineGames.cmn 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006751.exe 本机
Trojan.PSW.Win32.ZhuanXian.a 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006874.dll 本机
Trojan.PSW.Win32.WorldOnline.g 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006876.dll 本机
Trojan.PSW.Win32.OnlineGames.clc 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006878.exe>>upack0.36 本机
Trojan.PSW.Win32.XYOnline.i 删除成功 2005-06-19 08:50 手动扫描 C:\System Volume Information\_restore{2A1D88B1-1B8B-4C65-AB09-5E2CEAAE4144}\RP20 A0006847.exe>>upack0.39 本机
foxlee2006 - 2007-6-25 0:35:00
【回复“最新病毒?”的帖子】老兄!同病相连啊!是不是在任务管理器里面老跑网站出来?哪位好心的仁兄摆脱帮帮忙?感谢感谢!
我是文物 - 2007-6-25 1:34:00
和我中的一样,我现在还没做系统,我也杀不掉,急!!
我是文物 - 2007-6-25 1:35:00
不知道这是什么病毒啊
MCNR - 2007-6-25 8:23:00
我也中了 救命啊
最新病毒? - 2007-6-25 8:27:00
有没高手来指点下
有毒必问 - 2007-6-25 8:36:00
先个日至再说!
最新病毒? - 2007-6-25 8:46:00
2楼是我发的扫描日志啊
HOSTのS - 2007-6-25 9:03:00
2楼? 日志?
newcenturymoon - 2007-6-25 9:06:00
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
最新病毒? - 2007-6-25 22:45:00
2007-06-24,23:40:34
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<Microsoft Autorun14><C:\WINDOWS\system32\ztinetzt.exe> [N/A]
<WinForm><C:\WINDOWS\WinForm.exe> [N/A]
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> [N/A]
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
最新病毒? - 2007-6-25 22:46:00
启动文件夹
N/A
==================================
服务
[9469C980 / 9469C980][Stopped/Auto Start]
<C:\WINDOWS\system32\F73296C0.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
最新病毒? - 2007-6-25 22:47:00
浏览器加载项
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
{F90D830D-C175-4bbe-82C7-FF94669A4C42} <D:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
最新病毒? - 2007-6-25 22:49:00
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\E7C9C1C0.DLL] [N/A, ]
[PID: 1212][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\E7C9C1C0.DLL] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwmgjs.dll] [N/A, ]
[C:\WINDOWS\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwlwzs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5303]
[C:\WINDOWS\system32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5303]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqjsj.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1828][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\E7C9C1C0.DLL] [N/A, ]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[PID: 1112][C:\WINDOWS\system32\ntsd.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1316][C:\WINDOWS\system32\ntsd.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1168][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2644][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2896][D:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
最新病毒? - 2007-6-25 22:51:00
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2916][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[PID: 3108][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[D:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 4, 1007]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[PID: 2752][D:\Program Files\FlashGet\flashget.exe] [FlashGet.com, 1, 8, 4, 1001]
[D:\Program Files\FlashGet\FGBTCORE.dll] [, 1, 0, 0, 36]
[D:\Program Files\FlashGet\FGEMCORE.dll] [, 1, 0, 0, 1002]
[D:\Program Files\FlashGet\debugrpt.dll] [flashget, 1, 0, 0, 1006]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[D:\Program Files\FlashGet\fgupdate.dll] [www.flashget.com, 1, 8, 1, 1003]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3856][C:\sreng2\abc.EXE] [Smallfrogs Studio, 2.4.12.806]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[C:\]
[AutoRun]
shell\Auto\command=auto.exe
open=auto.exe
shellexecute=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 一般, 被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
入口点错误:CreateProcessW (危险等级: 一般, 被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
==================================
最新病毒? - 2007-6-25 22:54:00
System Repair Engineer 好象也被病毒搞的不好用了 ,我的D,E盘比昨天更厉害了,
打不了,病毒应该是越来越多了,看到好些人也中了这些个相同的病毒~
救命啊,高手们~~~
最新病毒? - 2007-6-25 22:58:00
好象很多人中了这些个病毒,我的机器病毒越来越厉害了,D,E盘都打不开了
救命啊~~
最新病毒? - 2007-6-25 23:14:00
...等了这么久,只有路过的啊?
重做系统?
a68857110 - 2007-6-26 0:34:00
删出缓冲文件 入还不行 加QQ381877532
agee - 2007-6-26 0:35:00
删除以下启动项
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<Microsoft Autorun14><C:\WINDOWS\system32\ztinetzt.exe> [N/A]
<WinForm><C:\WINDOWS\WinForm.exe> [N/A]
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> [N/A]
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
删除以下服务
[9469C980 / 9469C980][Stopped/Auto Start]
<C:\WINDOWS\system32\F73296C0.EXE -k><Microsoft Corporation>
删除以下驱动
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
删除进程中调用的以下文件
[C:\WINDOWS\system32\E7C9C1C0.DLL] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwmgjs.dll] [N/A, ]
[C:\WINDOWS\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwlwzs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqjsj.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
删除C,D,E盘下的autorun.inf文件
把上面的启动项,驱动,服务相应文件全部删除
小猪贝贝啊 - 2007-6-26 9:39:00
病的不轻啊!!!!小心点哦!
最新病毒? - 2007-6-26 18:11:00
18楼的朋友,下面的我会弄,可是前面的怎么删除啊?用什么工具
我重做了系统C盘,没用,做完马上都是病毒,D,E,盘过来的..?
删除进程中调用的以下文件
[C:\WINDOWS\system32\E7C9C1C0.DLL] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwmgjs.dll] [N/A, ]
[C:\WINDOWS\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwlwzs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\ztinetzt.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqjsj.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
删除C,D,E盘下的autorun.inf文件
把上面的启动项,驱动,服务相应文件全部删除
最新病毒? - 2007-6-26 18:59:00
18楼的高手,不行啊,我还没删完,病毒有重新复制了.
C/WINDOWS下的删了,马上又自动生成
最新病毒? - 2007-6-26 19:15:00
http://forum.ikaka.com/topic.asp?board=28&artid=8328546&page=1
参照这个贴子可以搞定吧,可是我是菜鸟,搞不定,
看样子什么杀毒软件都没的用..
菜鸟们只有重做系统了,C-X盘都要格掉.日了.
我重做C盘,仍然是老样子,没用.
扎的这么倒霉
newcenturymoon - 2007-6-26 19:28:00
你重做系统后不要双击或者右键打开其他分区 就不会复发
天月来了 - 2007-6-26 19:51:00
可以在新系统安装完毕,进入的第一次,绝不使用原机任何文件,绝不打开任何磁盘,绝不使用U盘。
然后直接去网上的自己的邮箱里下载先备份上传的解压缩工具WinRAR,下载到桌面,安装后,立即用WinRAR打开各个磁盘,手工在WinRAR中删除各盘根目录下的文件:
Autorun.inf
auto.exe
然后安装并升级杀软至最新版本,全盘杀毒。
至于U盘,可以在插入电脑前,按住“Shift”键不放手,直至系统检测完毕.
再用WinRAR打开U盘,删除根目录下的同样文件,就可以了。但是里面的所有文件,也得再彻底杀毒。
1
© 2000 - 2026 Rising Corp. Ltd.