瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » nsuzfeir杀不了
rsgame133754 - 2012-5-2 23:11:00
瑞星也杀不了,杀了又自动生成,手动到systrm32/drivers/nsuzfeir删除文件,还是自动生成,晕倒,请高手帮忙,谢谢先
rsgame133754 - 2012-5-2 23:19:00
nsuzfeir瑞星杀不了,杀了后又自动生成,手动到system32/drivers里找到nsuzfeir删除文件后,也是自动生成,晕到,请高手帮帮忙杀了它,谢谢啦
天月来了 - 2012-5-3 8:38:00
扫描SRENG日志来看

并且那nsuzfeir就这文件名??还是后面还有扩展名???
rsgame133754 - 2012-5-3 13:40:00
天月版主,你好!
在文件夹里就是这个nsuzfeir名字,描述:TDI Wrapper Extesion,公司:Microsoft,文件:5.2.2.8,大小:15.2kb。在瑞星病毒隔离区、名称nsuzfeir.sys 、    原路径WINDOWS \system32\drivers、    病毒名称RootKit.Win32.Undef.cvt
我是个电脑菜鸟,有些知识不懂,别笑话哟,还是请费心看看,帮忙杀了这个病毒,谢谢
天月来了 - 2012-5-3 14:11:00
噢,是nsuzfeir.sys文件呀,将此文件压缩后发来看看呢

可能误报
rsgame133754 - 2012-5-3 14:29:00
天月版主你好!

附件: nsuzfeir.rar
天月来了 - 2012-5-3 15:55:00
将此文件改名后重启电脑看情况如何呢??

或者扫描SRENG日志来看看
rsgame133754 - 2012-5-3 23:00:00
改不了名字,瑞星直接杀,还是请版主看看日志吧
瑞星卡卡电脑诊断日志 v1.30 (2012-5-3 20:59:40)  北京瑞星信息技术有限公司

注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      AdobeFlashPlayerUpdateSvc
        [A ] 1. c:\windows\system32\macromed\flash\flashplayerupdateservice.exe


      DPSS
        [AM] 2. c:\windows\system32\dpskpr.exe


      GP_CLT_Service
        [AM] 3. c:\windows\system32\gp_clt_service.exe


      NVSvc
        [AM] 4. c:\windows\system32\nvsvc32.exe


      PsShutdownSvc
        [A ] 5. c:\windows\system32\pssdnsvc.exe


      RsMgrSvc
        [AM] 6. c:\program files\rising\rsd\rsmgrsvc.exe


      RsRavMon
        [AM] 7. d:\瑞星\rising\rav\ravmond.exe


      RsRFWMon
        [AM] 8. c:\program files\rising\rfw\ravmond.exe


      RsSafetyBoxMon
        [A ] 9. d:\防火墙\rising\rfb\rssmond.exe


      XLServicePlatform
        [AM] 10. c:\program files\common files\thunder network\serviceplatform\xlsp.dll




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      ComputerZ
        [A ] 11. d:\优化大师\ludashi\computerz.sys


      cpuz135
        [A ] 12. c:\docume~1\wj\locals~1\temp\cpuz135\cpuz135_x32.sys


      HDAudBus
        [A ] 13. c:\windows\system32\drivers\hdaudbus.sys


      hooksys
        [A ] 14. c:\windows\system32\drivers\hooksys.sys


      HookTdi
        [A ] 15. c:\windows\system32\drivers\hooktdi.sys


      HyperVM
        [A ] 16. c:\windows\system32\drivers\hvm.sys


      IntcAzAudAddService
        [A ] 17. c:\windows\system32\drivers\rtkhdaud.sys


      L1e
        [A ] 18. c:\windows\system32\drivers\l1e51x86.sys


      LBeepKE
        [A ] 19. c:\windows\system32\drivers\lbeepke.sys


      LHidFilt
        [A ] 20. c:\windows\system32\drivers\lhidfilt.sys


      LMouFilt
        [A ] 21. c:\windows\system32\drivers\lmoufilt.sys


      LUsbFilt
        [A ] 22. c:\windows\system32\drivers\lusbfilt.sys


      MTsensor
        [A ] 23. c:\windows\system32\drivers\asacpi.sys


      mv61xx
        [A ] 24. c:\windows\system32\drivers\mv61xx.sys


      QqNetflpwControl
        [A ] 25. c:\program files\common files\tencent\qqsafeguarder\qmnetflowxp.sys


      rfwaf
        [A ] 26. c:\program files\rising\rfw\rfwaf.sys


      RFWARP
        [A ] 27. c:\windows\system32\drivers\rfwarp.sys


      RFWNDIS
        [A ] 28. c:\windows\system32\drivers\rfwndis.sys


      rfwtdi
        [A ] 29. c:\program files\rising\rfw\rfwtdi.sys


      rsdsys
        [A ] 30. c:\windows\system32\drivers\protreg.sys


      rsfwdrv
        [A ] 31. c:\program files\rising\rfw\rsfwdrv.sys


      RsProtect5
        [A ] 32. c:\windows\system32\drivers\rsprotect.sys


      Secdrv
        [A ] 33. c:\windows\system32\drivers\secdrv.sys


      SNPSTD3
        [A ] 34. c:\windows\system32\drivers\snpstd3.sys


      TCSafeBox
        [A ] 35. c:\program files\common files\tencent\qqsafeguarder\tcsafebox.sys


      TesSafe
        [A ] 36. c:\windows\system32\tessafe.sys


      Wdf01000
        [A ] 37. c:\windows\system32\drivers\wdf01000.sys




  + 文件系统驱动
    + HKLM\System\CurrentControlSet\Services
      exFat
        [A ] 38. c:\windows\system32\drivers\exfat.sys


      nsuzfeir
        [A ] 39. c:\windows\system32\drivers\nsuzfeir.sys




  + IE浏览器加载模块
    + HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
      {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
        [AM] 40. c:\windows\system32\ieframe.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {0EA37B17-6B8B-4085-8257-F3A4AA69C27A}
        [A ] 41. c:\program files\thunder network\thunder\bho\xlbrowseraddin1.0.6.69.dll


      {889D2FEB-5411-4565-8998-1DD2C5261283}
        [A ] 42. c:\program files\thunder network\thunder\bho\xunleibho7.2.5.3364.dll


      {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}
        [A ] 43. c:\windows\system32\urlfilter.dll



    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 44. c:\program files\holdfast\platform 5.0\gameclient.exe


      Exec
        [A ] 45. c:\program files\china mobile\fetion\fetion.exe


      Exec
        [A ] 46. c:\windows\network diagnostic\xpnetdiag.exe


      Exec
        [A ] 47. c:\program files\messenger\msmsgs.exe




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
      <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
        [A ] 48. c:\windows\system32\ieudinit.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 49. c:\windows\system32\hticons.dll


      IE Search Band
        [AM] 40. c:\windows\system32\ieframe.dll


      Shell DocObject Viewer
        [AM] 40. c:\windows\system32\ieframe.dll


      InternetShortcut
        [AM] 40. c:\windows\system32\ieframe.dll


      Microsoft Url History Service
        [AM] 40. c:\windows\system32\ieframe.dll


      History
        [AM] 40. c:\windows\system32\ieframe.dll


      Temporary Internet Files
        [AM] 40. c:\windows\system32\ieframe.dll


      Temporary Internet Files
        [AM] 40. c:\windows\system32\ieframe.dll


      Microsoft Url Search Hook
        [AM] 40. c:\windows\system32\ieframe.dll


      The Internet
        [AM] 40. c:\windows\system32\ieframe.dll


      Internet Name Space
        [AM] 40. c:\windows\system32\ieframe.dll


      NvCpl DesktopContext Class
        [AM] 50. c:\windows\system32\nvcpl.dll


      IE Microsoft BrowserBand
        [AM] 40. c:\windows\system32\ieframe.dll


      IE History and Feeds Shell Data Source for Windows Search
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Fade Task
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Menu Desk Bar
        [AM] 40. c:\windows\system32\ieframe.dll


      IE AutoComplete
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Navigation Bar
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Menu Site
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Menu Band
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Microsoft History AutoComplete List
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Tracking Shell Menu
        [AM] 40. c:\windows\system32\ieframe.dll


      IE IShellFolderBand
        [AM] 40. c:\windows\system32\ieframe.dll


      IE BandProxy
        [AM] 40. c:\windows\system32\ieframe.dll


      Microsoft Web Browser
        [AM] 40. c:\windows\system32\ieframe.dll


      IE MRU AutoComplete List
        [AM] 40. c:\windows\system32\ieframe.dll


      IE RSS Feeder Folder
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Microsoft Shell Folder AutoComplete List
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Microsoft Multiple AutoComplete List Container
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Shell Rebar BandSite
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Shell Band Site Menu
        [AM] 40. c:\windows\system32\ieframe.dll


      &Links
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Registry Tree Options Utility
        [AM] 40. c:\windows\system32\ieframe.dll


      IE Custom MRU AutoCompleted List
        [AM] 40. c:\windows\system32\ieframe.dll


      Play on my TV helper
        [AM] 50. c:\windows\system32\nvcpl.dll


      WinRAR shell extension
        [AM] 51. d:\rar压缩\rarext.dll




  + 用户登陆自运行项目
    + HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      PPS Accelerator
        [AM] 52. c:\program files\ppstream\ppsap.exe



    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      SafetyBox
        [AM] 53. d:\防火墙\rising\rfb\safetybox.exe


      RavTRAY
        [AM] 54. d:\瑞星\rising\rav\rstray.exe


      RFWTRAY
        [AM] 55. c:\program files\rising\rfw\rstray.exe


      runeip
        [AM] 56. d:\瑞星卡卡\rstray.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 57. c:\windows\system32\bsmain.exe




  + 映像劫持
    + HKCR\.html
      TheWorldURL\open\Command
        [A ] 58. d:\世界之窗浏览器\theworld.exe



    + HKCR\.htm
      TheWorldURL\open\Command
        [A ] 58. d:\世界之窗浏览器\theworld.exe



    + HKCR\.mp3
      Audio.mp3\open\Command
        [A ] 59. d:\千千静听\ttplayer.exe


      Audio.mp3\PlayList\Command
        [A ] 59. d:\千千静听\ttplayer.exe




  + 程序初始化和已知动态连接库
    + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      AppInit_DLLs
        [AM] 60. c:\windows\system32\kmon.dll





+ 其他自启动项目
  + C:\WINDOWS\Tasks
    WpsUpdateTask_wj.job
      [A ] 61. c:\program files\kingsoft\wps office personal\office6\wpsupdate.exe


    AliUpdater{45D478F4-34C6-4B57-9E08-B0E41CEF3B1E}.job
      [A ] 62. d:\旺旺\alitask.exe


    Adobe Flash Player Updater.job
      [A ] 1. c:\windows\system32\macromed\flash\flashplayerupdateservice.exe




+ 正在运行的进程
  + 00000278(632) GP_CLT.exe
    00400000[00010000]
      [ M] 63. c:\windows\system32\gp_clt.exe


    10000000[00029000]
      [ M] 64. c:\windows\system32\gp_ifd.dll


    00910000[00055000]
      [ M] 65. c:\windows\system32\gp_cos.dll


    00A40000[0013F000]
      [ M] 66. c:\windows\system32\gp_res.dll



  + 000002ac(684) smss.exe

  + 000002e8(744) csrss.exe

  + 00000300(768) winlogon.exe
    72C80000[00008000]
      [ M] 67. c:\windows\system32\msacm32.drv



  + 0000032c(812) services.exe
    46040000[0000F000]
      [ M] 68. c:\windows\apppatch\acadproc.dll



  + 00000338(824) lsass.exe

  + 000003d0(976) nvsvc32.exe
    00400000[0002D000]
      [AM] 4. c:\windows\system32\nvsvc32.exe


    00A00000[00114000]
      [ M] 69. c:\windows\system32\nvapi.dll


    00E30000[00038000]
      [ M] 70. c:\windows\system32\nvrszhc.dll



  + 00000400(1024) svchost.exe

  + 0000046c(1132) svchost.exe
    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000498(1176) SafetyBox.exe
    00400000[00088000]
      [AM] 53. d:\防火墙\rising\rfb\safetybox.exe


    10000000[00025000]
      [ M] 72. d:\防火墙\rising\rfb\rsslogvw.dll


    00490000[00090000]
      [ M] 73. d:\防火墙\rising\rfb\rssdb.dll


    23900000[00040000]
      [ M] 74. d:\防火墙\rising\rfb\pngdll.dll


    23700000[00023000]
      [ M] 75. d:\防火墙\rising\rfb\rslang.dll


    00B50000[0002D000]
      [ M] 76. d:\防火墙\rising\rfb\comx3.dll


    00B80000[00019000]
      [ M] 77. d:\防火墙\rising\rfb\syslay.dll


    26600000[00086000]
      [ M] 78. d:\防火墙\rising\rfb\rsguilib.dll


    00D50000[00032000]
      [ M] 79. d:\防火墙\rising\rfb\combase.dll


    23800000[00039000]
      [ M] 80. d:\防火墙\rising\rfb\rsxml.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    01710000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    02A10000[0004F000]
      [ M] 83. d:\防火墙\rising\rfb\rsmginfo.dll


    02D90000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 000004b0(1200) RsMgrSvc.exe
    00400000[00024000]
      [AM] 6. c:\program files\rising\rsd\rsmgrsvc.exe


    10000000[0002E000]
      [ M] 84. c:\program files\rising\rsd\comx3.dll


    003E0000[00019000]
      [ M] 85. c:\program files\rising\rsd\syslay.dll



  + 000004c0(1216) RavMonD.exe
    00400000[00029000]
      [AM] 7. d:\瑞星\rising\rav\ravmond.exe


    10000000[00039000]
      [ M] 86. d:\瑞星\rising\rav\combase.dll


    003E0000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    01290000[0004B000]
      [ M] 87. d:\瑞星\rising\rav\rsconf.dll


    012F0000[00017000]
      [ M] 88. d:\瑞星\rising\rav\scansrvp.dll


    01320000[00086000]
      [ M] 89. d:\瑞星\rising\rav\cnt09.dll


    013C0000[00019000]
      [ M] 90. d:\瑞星\rising\rav\moncomm.dll


    01540000[0001C000]
      [ M] 91. d:\瑞星\rising\rav\monbase.dll


    01570000[00081000]
      [ M] 92. d:\瑞星\rising\rav\rslog.dll


    01620000[00029000]
      [ M] 93. d:\瑞星\rising\rav\rsstore.dll


    01DB0000[0001A000]
      [ M] 94. d:\瑞星\rising\rav\mondrvd.dll


    01DE0000[00034000]
      [ M] 95. d:\瑞星\rising\rav\defmon.dll


    01E30000[00010000]
      [ M] 96. d:\瑞星\rising\rav\moncom08.dll


    01F50000[00018000]
      [ M] 97. d:\瑞星\rising\rav\taskplug.dll


    02080000[00010000]
      [ M] 98. d:\瑞星\rising\rav\mondrvm.dll


    020A0000[0007F000]
      [ M] 99. d:\瑞星\rising\rav\monrule.dll


    02140000[00028000]
      [ M] 100. d:\瑞星\rising\rav\filemon.dll


    02180000[00030000]
      [ M] 101. d:\瑞星\rising\rav\mailmon.dll


    021F0000[00084000]
      [ M] 102. d:\瑞星\rising\rav\rsindent.dll


    02680000[0001D000]
      [ M] 103. d:\瑞星\rising\rav\cnt08.dll


    028A0000[00019000]
      [ M] 104. d:\瑞星\rising\rav\proccomm.dll


    02DF0000[0002E000]
      [ M] 105. d:\瑞星\rising\rav\comx3.dll


    02E20000[00019000]
      [ M] 106. d:\瑞星\rising\rav\syslay.dll


    00F70000[00020000]
      [ M] 107. d:\瑞星\rising\rav\hooksys.dll


    01020000[0001F000]
      [ M] 108. d:\瑞星\rising\rav\proccom.dll


    01040000[00024000]
      [ M] 109. d:\瑞星\rising\rav\rscommx2.dll


    01420000[0002A000]
      [ M] 110. d:\瑞星\rising\rav\rstask.dll


    014E0000[00018000]
      [ M] 111. d:\瑞星\rising\rav\rsstub.dll


    23700000[00023000]
      [ M] 112. d:\瑞星\rising\rav\rslang.dll


    03810000[0000D000]
      [ M] 113. d:\瑞星\rising\rav\hooktdi.dll


    03940000[0008F000]
      [ M] 114. d:\瑞星\rising\rav\bacore.dll


    039F0000[00081000]
      [ M] 115. d:\瑞星\rising\rav\rsnetsvr.dll


    03DC0000[00016000]
      [ M] 116. d:\瑞星\rising\rav\bawhite.dll


    03FF0000[0001C000]
      [ M] 117. d:\瑞星\rising\rav\scanadd.dll


    04020000[00047000]
      [ M] 118. d:\瑞星\rising\rav\scanner.dll


    04080000[0003A000]
      [ M] 119. d:\瑞星\rising\rav\recomp.dll


    040D0000[00039000]
      [ M] 120. d:\瑞星\rising\rav\refs.dll


    04120000[00034000]
      [ M] 121. d:\瑞星\rising\rav\viruslib.dll


    04170000[00029000]
      [ M] 122. d:\瑞星\rising\rav\relibldr.dll


    05980000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    061B0000[00019000]
      [ M] 123. d:\瑞星\rising\rav\scansrv.dll


    06760000[00073000]
      [ M] 124. d:\瑞星\rising\rav\scanpe.dll


    09360000[0002D000]
      [ M] 125. d:\瑞星\rising\rav\pearc.dll


    09500000[000CA000]
      [ M] 126. d:\瑞星\rising\rav\vmicore.dll


    0A240000[0005B000]
      [ M] 127. d:\瑞星\rising\rav\engext.dll


    09FD0000[00032000]
      [ M] 128. d:\瑞星\rising\rav\ffr.dll


    0A020000[00026000]
      [ M] 129. d:\瑞星\rising\rav\nvfile.dll


    13AB0000[00049000]
      [ M] 130. d:\瑞星\rising\rav\scanexec.dll


    0AF20000[00297000]
      [ M] 131. d:\瑞星\rising\rav\unexe.dll


    0B400000[000D2000]
      [ M] 132. d:\瑞星\rising\rav\scanex.dll


    0A1C0000[00010000]
      [ M] 133. d:\瑞星\rising\rav\scantj.dll


    0D0B0000[0001D000]
      [ M] 134. d:\瑞星\rising\rav\extsfx.dll


    0D110000[00023000]
      [ M] 135. d:\瑞星\rising\rav\scansct.dll


    00EA0000[00017000]
      [ M] 136. d:\瑞星\rising\rav\ur029.dat


    0FFA0000[0002A000]
      [ M] 137. d:\瑞星\rising\rav\posttrt.dll


    0FB90000[000F9000]
      [ M] 138. d:\瑞星\rising\rav\extarch.dll


    11EC0000[00061000]
      [ M] 139. d:\瑞星\rising\rav\extcomp.dll


    139E0000[0003A000]
      [ M] 140. d:\瑞星\rising\rav\extmail.dll



  + 000004d8(1240) rstray.exe
    00400000[00023000]
      [AM] 56. d:\瑞星卡卡\rstray.exe


    10000000[00044000]
      [ M] 141. d:\瑞星卡卡\rsmginfo.dll


    00910000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    23800000[00022000]
      [ M] 142. d:\瑞星卡卡\rsxml.dll


    7C3A0000[0007B000]
      [ M] 143. d:\瑞星卡卡\msvcp71.dll


    7C340000[00056000]
      [ M] 144. d:\瑞星卡卡\msvcr71.dll


    00CE0000[00024000]
      [ M] 145. d:\瑞星卡卡\comserv.dll


    00D10000[00019000]
      [ M] 146. d:\瑞星卡卡\syslay.dll


    23700000[00026000]
      [ M] 147. d:\瑞星卡卡\rscommon.dll


    00D50000[0002D000]
      [ M] 148. d:\瑞星卡卡\comx3.dll


    23900000[00040000]
      [ M] 149. d:\瑞星卡卡\pngdll.dll


    00F60000[00068000]
      [ M] 150. d:\瑞星卡卡\runiep.dll


    00FD0000[00034000]
      [ M] 151. d:\瑞星卡卡\ncomm.dll


    01030000[0001F000]
      [ M] 108. d:\瑞星\rising\rav\proccom.dll


    01050000[00024000]
      [ M] 152. d:\瑞星卡卡\rscommx2.dll


    01DD0000[000C1000]
      [ M] 153. d:\瑞星卡卡\pscan.dll


    7C140000[00103000]
      [ M] 154. d:\瑞星卡卡\mfc71.dll


    02DF0000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 000004f8(1272) RavMonD.exe
    00400000[00029000]
      [AM] 8. c:\program files\rising\rfw\ravmond.exe


    10000000[00039000]
      [ M] 155. c:\program files\rising\rfw\combase.dll


    003E0000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    01B70000[00086000]
      [ M] 156. c:\program files\rising\rfw\cnt09.dll


    012A0000[0001C000]
      [ M] 157. c:\program files\rising\rfw\monbase.dll


    01C00000[00019000]
      [ M] 158. c:\program files\rising\rfw\moncomm.dll


    01C30000[0004B000]
      [ M] 159. c:\program files\rising\rfw\rsconf.dll


    01C90000[00085000]
      [ M] 160. c:\program files\rising\rfw\rfwlog.dll


    01D40000[0000C000]
      [ M] 161. c:\program files\rising\rfw\rfwrule.dll


    7C3A0000[0007B000]
      [ M] 162. c:\windows\system32\msvcp71.dll
rsgame133754 - 2012-5-3 23:00:00
7C340000[00056000]
      [ M] 163. c:\windows\system32\msvcr71.dll


    01D60000[00061000]
      [ M] 164. c:\program files\rising\rfw\rfwsrv.dll


    01DD0000[00019000]
      [ M] 165. c:\program files\rising\rfw\syslay.dll


    01ED0000[0001B000]
      [ M] 166. c:\program files\rising\rfw\mports.dll


    01F00000[00011000]
      [ M] 167. c:\program files\rising\rfw\rfwdrvc.dll


    02430000[000B6000]
      [ M] 168. c:\program files\rising\rfw\fishweb.dll


    024F0000[00084000]
      [ M] 169. c:\program files\rising\rfw\rsindent.dll


    02590000[00018000]
      [ M] 170. c:\program files\rising\rfw\taskplug.dll


    025C0000[00012000]
      [ M] 171. c:\program files\rising\rfw\rfwpgdef.dll


    02B00000[00019000]
      [ M] 172. c:\program files\rising\rfw\proccomm.dll


    02E30000[0002E000]
      [ M] 173. c:\program files\rising\rfw\comx3.dll


    02FA0000[00012000]
      [ M] 174. c:\program files\rising\rfw\rfwdrv.dll


    03300000[00014000]
      [ M] 175. c:\program files\rising\rfw\urlrule.dll


    03530000[0003A000]
      [ M] 176. c:\program files\rising\rfw\recomp.dll


    03580000[00039000]
      [ M] 177. c:\program files\rising\rfw\refs.dll


    037E0000[00034000]
      [ M] 178. c:\program files\rising\rfw\viruslib.dll


    03830000[00029000]
      [ M] 179. c:\program files\rising\rfw\relibldr.dll


    038B0000[0004E000]
      [ M] 180. c:\program files\rising\rfw\rfwproxy.dll


    03910000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    23700000[00023000]
      [ M] 181. c:\program files\rising\rfw\rslang.dll


    04400000[0001B000]
      [ M] 182. c:\program files\rising\rfw\fwfish.dll


    04440000[0003A000]
      [ M] 183. c:\program files\rising\rfw\fwcomp.dll


    04490000[00039000]
      [ M] 184. c:\program files\rising\rfw\fwfs.dll


    046F0000[00034000]
      [ M] 185. c:\program files\rising\rfw\fwvirlib.dll


    04740000[00029000]
      [ M] 186. c:\program files\rising\rfw\fwlibldr.dll


    074A0000[0002A000]
      [ M] 187. c:\program files\rising\rfw\rstask.dll


    07A20000[00018000]
      [ M] 188. c:\program files\rising\rfw\rsstub.dll


    00F70000[0000E000]
      [ M] 189. c:\program files\rising\rfw\urllib.dll



  + 0000050c(1292) svchost.exe
    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    01950000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll



  + 00000530(1328) RSTRAY.EXE
    00400000[0002C000]
      [AM] 54. d:\瑞星\rising\rav\rstray.exe


    10000000[00037000]
      [ M] 190. d:\瑞星\rising\rav\comserv.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    23700000[00023000]
      [ M] 112. d:\瑞星\rising\rav\rslang.dll


    00BC0000[0002E000]
      [ M] 105. d:\瑞星\rising\rav\comx3.dll


    00BF0000[00019000]
      [ M] 106. d:\瑞星\rising\rav\syslay.dll


    00D80000[00019000]
      [ M] 104. d:\瑞星\rising\rav\proccomm.dll


    23800000[00039000]
      [ M] 191. d:\瑞星\rising\rav\rsxml.dll


    00FC0000[00014000]
      [ M] 192. d:\瑞星\rising\rav\monstate.dll


    00FF0000[00016000]
      [ M] 193. d:\瑞星\rising\rav\scanevnt.dll


    26600000[0007B000]
      [ M] 194. d:\瑞星\rising\rav\rsguilib.dll


    01030000[0004B000]
      [ M] 87. d:\瑞星\rising\rav\rsconf.dll


    01090000[00024000]
      [ M] 195. d:\瑞星\rising\rav\rspalvd.dll


    010D0000[0007D000]
      [ M] 196. d:\瑞星\rising\rav\mruleui.dll


    01160000[000D6000]
      [ M] 197. d:\瑞星\rising\rav\montray.dll


    012D0000[0004F000]
      [ M] 198. d:\瑞星\rising\rav\rsmginfo.dll


    01320000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    01370000[00013000]
      [ M] 199. d:\瑞星\rising\rav\usbserv.dll


    01390000[0003A000]
      [ M] 200. d:\瑞星\rising\rav\scantray.dll


    23900000[00040000]
      [ M] 201. d:\瑞星\rising\rav\pngdll.dll


    3ECA0000[00A96000]
      [AM] 40. c:\windows\system32\ieframe.dll


    02610000[000BA000]
      [ M] 202. d:\瑞星\rising\rav\dfw.dll


    027E0000[00087000]
      [ M] 203. d:\瑞星\rising\rav\scanprxy.dll


    02BC0000[00038000]
      [ M] 204. d:\瑞星\rising\rav\gcompt.dll


    02880000[0001F000]
      [ M] 205. d:\瑞星\rising\rav\isol.dll


    02C10000[00029000]
      [ M] 93. d:\瑞星\rising\rav\rsstore.dll


    03CD0000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000548(1352) RSTRAY.EXE
    00400000[0002C000]
      [AM] 55. c:\program files\rising\rfw\rstray.exe


    10000000[00037000]
      [ M] 206. c:\program files\rising\rfw\comserv.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    23700000[00023000]
      [ M] 181. c:\program files\rising\rfw\rslang.dll


    00B70000[0002E000]
      [ M] 173. c:\program files\rising\rfw\comx3.dll


    00BA0000[00019000]
      [ M] 165. c:\program files\rising\rfw\syslay.dll


    00D80000[00019000]
      [ M] 172. c:\program files\rising\rfw\proccomm.dll


    23800000[00039000]
      [ M] 207. c:\program files\rising\rfw\rsxml.dll


    00FC0000[00014000]
      [ M] 208. c:\program files\rising\rfw\monstate.dll


    00FF0000[0000C000]
      [ M] 161. c:\program files\rising\rfw\rfwrule.dll


    7C3A0000[0007B000]
      [ M] 162. c:\windows\system32\msvcp71.dll


    7C340000[00056000]
      [ M] 163. c:\windows\system32\msvcr71.dll


    01010000[0004B000]
      [ M] 159. c:\program files\rising\rfw\rsconf.dll


    01070000[00024000]
      [ M] 209. c:\program files\rising\rfw\rspalvd.dll


    26600000[0007B000]
      [ M] 210. c:\program files\rising\rfw\rsguilib.dll


    010C0000[00081000]
      [ M] 211. c:\program files\rising\rfw\rsnetsvr.dll


    01160000[0004F000]
      [ M] 212. c:\program files\rising\rfw\rsmginfo.dll


    011B0000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    011E0000[000DC000]
      [ M] 213. c:\program files\rising\rfw\rfwtray.dll


    018E0000[00085000]
      [ M] 160. c:\program files\rising\rfw\rfwlog.dll


    23900000[00040000]
      [ M] 214. c:\program files\rising\rfw\pngdll.dll


    3ECA0000[00A96000]
      [AM] 40. c:\windows\system32\ieframe.dll


    03550000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000554(1364) svchost.exe
    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000574(1396) ctfmon.exe

  + 00000590(1424) ppsap.exe
    00400000[00038000]
      [AM] 52. c:\program files\ppstream\ppsap.exe


    00380000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    16000000[0019B000]
      [ M] 215. c:\program files\ppstream\vodnet.dll


    22000000[00017000]
      [ M] 216. c:\program files\ppstream\ppsmb.dll


    2F000000[000CA000]
      [ M] 217. c:\program files\ppstream\vodres.dll



  + 000005a4(1444) dpskpr.exe
    00400000[00010000]
      [AM] 2. c:\windows\system32\dpskpr.exe


    10000000[00020000]
      [ M] 218. c:\windows\system32\dpssvc.dll


    003A0000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    01100000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000618(1560) svchost.exe
    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 000006fc(1788) GP_CLT_Service.exe
    00400000[00031000]
      [AM] 3. c:\windows\system32\gp_clt_service.exe



  + 00000724(1828) Explorer.EXE
    00400000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    3ECA0000[00A96000]
      [AM] 40. c:\windows\system32\ieframe.dll


    72C80000[00008000]
      [ M] 67. c:\windows\system32\msacm32.drv


    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    039B0000[0001C000]
      [ M] 219. d:\瑞星\rising\rav\ravscrch.dll


    7C3A0000[0007B000]
      [ M] 162. c:\windows\system32\msvcp71.dll


    7C340000[00056000]
      [ M] 163. c:\windows\system32\msvcr71.dll


    04270000[0093F000]
      [ M] 220. c:\windows\system32\macromed\flash\flash32_11_2_202_233.ocx


    47060000[00021000]
      [ M] 221. c:\windows\system32\xmllite.dll


    43EE0000[00040000]
      [ M] 222. c:\program files\internet explorer\ieproxy.dll


    053B0000[00034000]
      [AM] 51. d:\rar压缩\rarext.dll


    09D70000[0003D000]
      [ M] 223. c:\windows\system32\ravext.dll


    0EAE0000[00D38000]
      [AM] 50. c:\windows\system32\nvcpl.dll


    05B40000[00038000]
      [ M] 70. c:\windows\system32\nvrszhc.dll


    0C710000[00114000]
      [ M] 69. c:\windows\system32\nvapi.dll



  + 000007a0(1952) svchost.exe

  + 000007c8(1992) svchost.exe
    25070000[00014000]
      [AM] 10. c:\program files\common files\thunder network\serviceplatform\xlsp.dll


    7C3C0000[0007C000]
      [ M] 224. c:\program files\common files\thunder network\serviceplatform\msvcp71.dll


    7C360000[00056000]
      [ M] 225. c:\program files\common files\thunder network\serviceplatform\msvcr71.dll


    217E0000[0004E000]
      [ M] 226. c:\program files\common files\thunder network\serviceplatform\xlbughandler.dll


    25050000[00010000]
      [ M] 227. c:\program files\common files\thunder network\serviceplatform\xldocser.dll


    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000870(2160) alg.exe
    10000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 000009a0(2464) svchost.exe

  + 00000eb8(3768) knownsvr.exe
    00400000[00072000]
      [ M] 228. d:\瑞星卡卡\knownsvr.exe


    10000000[00034000]
      [ M] 151. d:\瑞星卡卡\ncomm.dll


    00390000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    60000000[00074000]
      [AM] 60. c:\windows\system32\kmon.dll


    00BD0000[0002D000]
      [ M] 148. d:\瑞星卡卡\comx3.dll


    00C00000[00019000]
      [ M] 146. d:\瑞星卡卡\syslay.dll



  + 00000ec8(3784) popwndexe.exe
    00400000[00021000]
      [ M] 229. c:\program files\rising\rsd\popwndexe.exe


    10000000[0007C000]
      [ M] 230. c:\program files\rising\rsd\rsdk.dll


    00990000[00055000]
      [ M] 231. c:\program files\rising\rsd\rsmginfo.dll


    00A00000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    01FB0000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll



  + 00000fb4(4020) ras.exe
    00400000[0000B000]
      [ M] 232. d:\瑞星卡卡\ras.exe


    7C140000[00103000]
      [ M] 154. d:\瑞星卡卡\mfc71.dll


    7C340000[00056000]
      [ M] 144. d:\瑞星卡卡\msvcr71.dll


    60000000[00074000]
      [AM] 60. c:\windows\system32\kmon.dll


    3EAB0000[001EB000]
      [ M] 81. c:\windows\system32\iertutil.dll


    10000000[00047000]
      [ M] 233. d:\瑞星卡卡\kakamgr.dll


    7C3A0000[0007B000]
      [ M] 143. d:\瑞星卡卡\msvcp71.dll


    00A40000[00019000]
      [ M] 146. d:\瑞星卡卡\syslay.dll


    00A70000[0001F000]
      [ M] 108. d:\瑞星\rising\rav\proccom.dll


    00A90000[00024000]
      [ M] 152. d:\瑞星卡卡\rscommx2.dll


    00BE0000[0002D000]
      [ M] 148. d:\瑞星卡卡\comx3.dll


    00D50000[00058000]
      [ M] 234. d:\瑞星卡卡\dbmgr.dll


    23800000[00022000]
      [ M] 142. d:\瑞星卡卡\rsxml.dll


    00EB0000[0002D000]
      [ M] 235. d:\瑞星卡卡\pweb.dll


    00F20000[000C1000]
      [ M] 153. d:\瑞星卡卡\pscan.dll


    00FF0000[00009000]
      [ M] 82. c:\windows\system32\normaliz.dll


    01000000[00034000]
      [ M] 151. d:\瑞星卡卡\ncomm.dll


    01280000[00070000]
      [ M] 236. d:\瑞星卡卡\pset.dll


    012F0000[0002A000]
      [ M] 237. d:\瑞星卡卡\pdefend.dll


    01320000[000B6000]
      [ M] 238. d:\瑞星卡卡\ptools.dll


    014E0000[0008D000]
      [ M] 239. d:\瑞星卡卡\psysinfo.dll


    3ECA0000[00A96000]
      [AM] 40. c:\windows\system32\ieframe.dll


    23900000[00040000]
      [ M] 149. d:\瑞星卡卡\pngdll.dll


    03000000[00072000]
      [ M] 71. c:\windows\system32\tenlsp.dll


    03710000[0001C000]
      [ M] 219. d:\瑞星\rising\rav\ravscrch.dll


    03E80000[0093F000]
      [ M] 220. c:\windows\system32\macromed\flash\flash32_11_2_202_233.ocx
天月来了 - 2012-5-4 8:41:00
要SRENG日志,你给的不是SRENG日志

置顶的工具贴内自己去找SRENG工具去
瑞星工程师12 - 2012-5-4 11:23:00
样本已收集反馈。
瑞星工程师12 - 2012-5-4 11:29:00
nsuzfeir.sys  确认是病毒。
1
查看完整版本: nsuzfeir杀不了