一个瑞星杀毒软件杀不掉的毒! bbs.ikaka.com

syxin2008 - 2007-7-8 20:05:00

下了一个电影,但是删不掉,CPU总是占50%以上,删不掉也打不开的文件,肯定是病毒,但是又不知道是什么毒!

附件: 895562200778195531.txt

syxin2008 - 2007-7-8 20:25:00

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
Ati HotKey Poller
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Smart
[A ] 3. c:\windows\system32\ati2sgag.exe
clr_optimization_v2.0.50727_32
[A ] 4. c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
EPSONStatusAgent2
[AM] 5. c:\program files\common files\epson\ebapi\sagent2.exe
ForceWare Intelligent Application Manager (IAM)
[AM] 6. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe
ForcewareWebInterface
[AM] 7. c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
gusvc
[A ] 8. c:\program files\google\common\google updater\googleupdaterservice.exe
nSvcIp
[AM] 9. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
nSvcLog
[AM] 10. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
ose
[A ] 11. c:\program files\common files\microsoft shared\source engine\ose.exe
RsCCenter
[A ] 12. c:\program files\rising\rav\ccenter.exe
RsRavMon
[A ] 13. c:\program files\rising\rav\ravmond.exe
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 14. c:\windows\system32\drivers\basetdi.sys
ENTECH
[A ] 15. c:\windows\system32\drivers\entech.sys
ExpScaner
[A ] 16. c:\program files\rising\rav\expscan.sys
HDAudBus
[A ] 17. c:\windows\system32\drivers\hdaudbus.sys
HookCont
[A ] 18. c:\program files\rising\rav\hookcont.sys
HookReg
[A ] 19. c:\program files\rising\rav\hookreg.sys
HookSys
[A ] 20. c:\program files\rising\rav\hooksys.sys
IntcAzAudAddService
[A ] 21. c:\windows\system32\drivers\rtkhdaud.sys
MEMSCAN
[A ] 22. c:\program files\rising\rav\memscan.sys
nvata
[A ] 23. c:\windows\system32\drivers\nvata.sys
NVENETFD
[A ] 24. c:\windows\system32\drivers\nvenetfd.sys
nvnetbus
[A ] 25. c:\windows\system32\drivers\nvnetbus.sys
NVTCP
[A ] 26. c:\windows\system32\drivers\nvtcp.sys
RsAntiSpyware
[A ] 27. c:\windows\system32\drivers\rsboot.sys
RsNTGDI
[A ] 28. c:\windows\system32\drivers\rsntgdi.sys
RSPPSYS
[A ] 29. c:\program files\rising\rav\rsppsys.sys
Secdrv
[A ] 30. c:\windows\system32\drivers\secdrv.sys
Tcpip
[A ] 31. c:\windows\system32\drivers\tcpip.sys
TesSafe
[A ] 32. c:\windows\system32\tessafe.sys
WINIO
[A ] 33. g:\winio.sys
+ Winlogon
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 34. c:\windows\system32\ati2evxx.dll
+ HKCU\Control Panel\Desktop
Scrnsave.exe
[A ] 35. c:\windows\system32\夜光时钟屏保.scr
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 36. c:\windows\system32\kakatool.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000AAA-A363-466E-BEF5-9BB68697AA7F}
[AM] 37. e:\program files\thunder network\webthunder\webthunderbho_now.dll
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 38. e:\program files\浩方对战平台\gameclient.exe
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[AM] 39. c:\windows\system32\mscoree.dll
application/x-complus
[AM] 39. c:\windows\system32\mscoree.dll
application/x-msdownload
[AM] 39. c:\windows\system32\mscoree.dll
text/xml
[A ] 40. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 41. c:\windows\system32\hticons.dll
ContextBG
[AM] 42. c:\windows\system32\contextbg.dll
ShellLink for Application References
[A ] 43. c:\windows\system32\dfshim.dll
Shell Icon Handler for Application References
[A ] 43. c:\windows\system32\dfshim.dll
Catalyst Context Menu extension
[AM] 44. c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll
WinRAR shell extension
[AM] 45. c:\program files\winrar\rarext.dll
Microsoft Office HTML Icon Handler
[AM] 46. c:\program files\microsoft office\office11\msohev.dll
Web Folders
[A ] 47. c:\program files\common files\microsoft shared\web folders\msonsext.dll
RISING
[AM] 48. c:\windows\system32\ravext.dll
Shell Extensions for RealOne Player
[AM] 49. e:\program files\real\realplayer\rpshell.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 50. c:\windows\system32\shlhook.dll
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 48. c:\windows\system32\ravext.dll
+ Logon
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
StartCCC
[A ] 51. c:\program files\ati technologies\ati.ace\core-static\clistart.exe
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Vistadrv
[A ] 52. c:\windows\resources\themes\vistadrv\vsdrv.exe
RTHDCPL
[AM] 53. c:\windows\rthdcpl.exe
Alcmtr
[A ] 54. c:\windows\alcmtr.exe
RavTask
[A ] 55. c:\program files\rising\rav\ravtask.exe
runeip
[AM] 56. c:\program files\rising\antispyware\runiep.exe
StormCodec_Helper
[A ] 57. e:\program files\ringz studio\storm codec\stormset.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 58. c:\program files\rising\antispyware\runonce.exe
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 59. c:\windows\system32\bsmain.exe
[A ] 60. c:\windows\system32\kknative.exe
+ Image Hijacks
+ HKCR\.html
htmlfile\Edit\Command
[A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
htmlfile\Print\Command
[A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
htmlfile\Print\Command
[A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 62. e:\program files\real\realplayer\realplay.exe
+ Print Monitor
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
EPSON V5 2KMonitor
[AM] 63. c:\windows\system32\ebpmon2.dll
+ 其他自启动项目
+ C:\Documents and Settings\sss\「开始」菜单\程序\启动
腾讯QQ.lnk
[AM] 64. e:\program files\tencent\qq\qq.exe
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
EPSON Status Monitor 3 Environment Check 2.lnk
[A ] 65. c:\windows\system32\spool\drivers\w32x86\3\e_srcv02.exe
Microtek 扫描仪探测器.lnk
[AM] 66. c:\program files\microtek\scanwizard 5\scannerfinder.exe

syxin2008 - 2007-7-8 20:28:00

活动模块
+ 000000c8(200) SAgent2.exe
00400000[00018000]
[AM] 5. c:\program files\common files\epson\ebapi\sagent2.exe
10000000[00025000]
[ M] 67. c:\windows\system32\ebapi2.dll
00FB0000[0003D000]
[ M] 68. c:\program files\common files\epson\ebapi\ebplpt.dll
+ 00000110(272) ccc.exe
00400000[0000E000]
[ M] 69. c:\program files\ati technologies\ati.ace\core-static\ccc.exe
79000000[00045000]
[AM] 39. c:\windows\system32\mscoree.dll
79E70000[00561000]
[ M] 70. c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
790C0000[00AE6000]
[ M] 71. c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\50c16dc87cb1d94abfa0b5a01e0508fb\mscorlib.ni.dll
5ADC0000[00037000]
[ M] 72. c:\windows\system32\uxtheme.dll
79060000[00053000]
[ M] 73. c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
7A440000[007BE000]
[ M] 74. c:\windows\assembly\nativeimages_v2.0.50727_32\system\a457fff53a38e448affd43518f2eb290\system.ni.dll
7ADE0000[00194000]
[ M] 75. c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\66caaf9b806e3441a6f5d2620c471a43\system.drawing.ni.dll
7AFD0000[00C86000]
[ M] 76. c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3990b025c3cc1349818e85c66c0790a2\system.windows.forms.ni.dll
51400000[0000C000]
[ M] 77. c:\windows\assembly\gac_msil\ccc.implementation\2.0.2589.34834__90ba9c70f846762e\ccc.implementation.dll
60C00000[0000C000]
[ M] 78. c:\windows\assembly\gac_msil\log.foundation\2.0.2560.25959__90ba9c70f846762e\log.foundation.dll
61400000[00008000]
[ M] 79. c:\windows\assembly\gac_msil\mom.foundation\2.0.2560.25974__90ba9c70f846762e\mom.foundation.dll
5FA00000[00010000]
[ M] 80. c:\windows\assembly\gac_msil\cli.foundation\2.0.2560.25961__90ba9c70f846762e\cli.foundation.dll
61000000[00008000]
[ M] 81. c:\windows\assembly\gac_msil\log.foundation.implementation.private\2.0.2560.25982__90ba9c70f846762e\log.foundation.implementation.private.dll
60E00000[00012000]
[ M] 82. c:\windows\assembly\gac_msil\log.foundation.implementation\2.0.2589.34833__90ba9c70f846762e\log.foundation.implementation.dll
67770000[0004C000]
[ M] 83. c:\windows\assembly\gac_msil\system.runtime.remoting\2.0.0.0__b77a5c561934e089\system.runtime.remoting.dll
61200000[0000C000]
[ M] 84. c:\windows\assembly\gac_msil\log.foundation.private\2.0.2560.25964__90ba9c70f846762e\log.foundation.private.dll
64890000[000EE000]
[ M] 85. c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\53480915f3b2834eb8866b058770e893\system.configuration.ni.dll
69BE0000[00568000]
[ M] 86. c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\749b43e7cac7204395b5d3b1c06d551e\system.xml.ni.dll
61600000[0001C000]
[ M] 87. c:\windows\assembly\gac_msil\mom.implementation\2.0.2589.34834__90ba9c70f846762e\mom.implementation.dll
5FE00000[0000A000]
[ M] 88. c:\windows\assembly\gac_msil\cli.foundation.xmanifest\2.0.2560.26040__90ba9c70f846762e\cli.foundation.xmanifest.dll
5EC00000[0001A000]
[ M] 89. c:\windows\assembly\gac_msil\cli.component.runtime\2.0.2589.34533__90ba9c70f846762e\cli.component.runtime.dll
5EE00000[0000C000]
[ M] 90. c:\windows\assembly\gac_msil\cli.component.runtime.shared.private\2.0.2560.25980__90ba9c70f846762e\cli.component.runtime.shared.private.dll
5FC00000[00008000]
[ M] 91. c:\windows\assembly\gac_msil\cli.foundation.private\2.0.2560.25966__90ba9c70f846762e\cli.foundation.private.dll
50E00000[0000C000]
[ M] 92. c:\windows\assembly\gac_msil\aticccom\2.0.0.0__90ba9c70f846762e\aticccom.dll
50200000[0000A000]
[ M] 93. c:\windows\assembly\gac_msil\aem.foundation\2.0.2560.25960__90ba9c70f846762e\aem.foundation.dll
50400000[0000C000]
[ M] 94. c:\windows\assembly\gac_msil\aem.server\2.0.2589.34532__90ba9c70f846762e\aem.server.dll
61A00000[0000A000]
[ M] 95. c:\windows\assembly\gac_msil\newaem.foundation\2.0.2560.25964__90ba9c70f846762e\newaem.foundation.dll
10000000[0001B000]
[ M] 96. c:\program files\rising\antispyware\ieprot.dll
50600000[00008000]
[ M] 97. c:\windows\assembly\gac_msil\aem.server.shared\2.0.2560.25970__90ba9c70f846762e\aem.server.shared.dll
04000000[0000C000]
[ M] 98. c:\windows\assembly\gac_msil\aem.plugin.source.kit.server\2.0.2589.34878__90ba9c70f846762e\aem.plugin.source.kit.server.dll
04020000[00008000]
[ M] 99. c:\windows\assembly\gac_msil\aem.plugin.dppe.shared\2.0.2560.26010__90ba9c70f846762e\aem.plugin.dppe.shared.dll
60600000[0000E000]
[ M] 100. c:\windows\assembly\gac_msil\dem.graphics.i0601\2.0.2537.29860__90ba9c70f846762e\dem.graphics.i0601.dll
60200000[00008000]
[ M] 101. c:\windows\assembly\gac_msil\dem.foundation\2.0.2531.19989__90ba9c70f846762e\dem.foundation.dll
60400000[00008000]
[ M] 102. c:\windows\assembly\gac_msil\dem.graphics\2.0.2560.25997__90ba9c70f846762e\dem.graphics.dll
51000000[0004E000]
[ M] 103. c:\program files\ati technologies\ati.ace\core-implementation\atidemgx.dll
67510000[0005E000]
[ M] 104. c:\windows\assembly\gac_msil\system.management\2.0.0.0__b03f5f7f11d50a3a\system.management.dll
6A300000[0000A000]
[ M] 105. c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
5C400000[0003A000]
[ M] 106. c:\windows\assembly\gac_msil\cli.caste.graphics.runtime\2.0.2589.34534__90ba9c70f846762e\cli.caste.graphics.runtime.dll
5C800000[00010000]
[ M] 107. c:\windows\assembly\gac_msil\cli.caste.graphics.shared\2.0.2560.25971__90ba9c70f846762e\cli.caste.graphics.shared.dll
50000000[0000A000]
[ M] 108. c:\windows\assembly\gac_msil\ace.graphics.displaysmanager.shared\2.0.2531.19989__90ba9c70f846762e\ace.graphics.displaysmanager.shared.dll
60A00000[00008000]
[ M] 109. c:\windows\assembly\gac_msil\dem.os.i0602\2.0.2560.26001__90ba9c70f846762e\dem.os.i0602.dll

syxin2008 - 2007-7-8 20:30:00

文字太多了,还是看TXT文件吧...老是复制不上来!

瑞星卡卡安全论坛