瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.Clicker.Agent.aed是什么病毒?(附日志)

12   2  /  2  页   跳转

Trojan.Clicker.Agent.aed是什么病毒?(附日志)

收藏
klxq
头像
自信弱冠狮
  • 帖子:418
  • 注册: 2006-07-25
  • 来自:
发表于: 2006-09-17 13:20 | 只看楼主 短消息 资料
字号: 11楼

正在运行的进程

[PID: 708][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 756][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 780][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 824][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 836][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 988][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1072][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1132][C:\Program Files\Rising\Rav\CCenter.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[PID: 1148][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1244][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1328][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1352][C:\Program Files\Rising\Rav\Ravmond.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 35)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsLog.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\HOOKSYS.dll] (Beijing Rising Technology Co., Ltd.)(18, 1, 0, 11)
[C:\Program Files\Rising\Rav\Scanner.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 32)
[C:\Program Files\Rising\Rav\libload.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\VirusLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 12)
[C:\Program Files\Rising\Rav\regmon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\HookWeb.dll] (rising)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\MemMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\expscan.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\mPorts.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 3)
[C:\Program Files\Rising\Rav\MailMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\Program Files\Rising\Rav\SpamEng.dll] (N/A)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\engine.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 34)
[C:\Program Files\Rising\Rav\PostTrt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 15)
[C:\Program Files\Rising\Rav\UnExe.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanExec.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanEx.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\RSUnpack.dll] (Beijing Rising Technology Co., Ltd.)(1, 0, 0, 13)
[C:\Program Files\Rising\Rav\NvFile.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 7)
[C:\Program Files\Rising\Rav\ScanMac.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\Program Files\Rising\Rav\ScanSct.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 18)
[C:\Program Files\Rising\Rav\Unpacker.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\ExtOLE.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\ExtMail.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 13)
[PID: 1508][c:\program files\rising\rfw\rfwsrv.exe] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 32)
[c:\program files\rising\rfw\RfwRule.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 13)
[c:\program files\rising\rfw\rfwlog.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 6)
[c:\program files\rising\rfw\Rfwdrv.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 21)
[c:\program files\rising\rfw\MonDrv.dll] (rs)(1, 0, 0, 4)
[c:\program files\rising\rfw\ProcLib.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 9)
[PID: 1540][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 2)
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] (Xi)(1.91.12)
[PID: 1716][C:\Program Files\Rising\Rav\RavStub.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[PID: 1840][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2696 (xpsp_sp2_gdr.050610-1519))
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] (Windows (R) 2000 DDK provider)(5.00.2195.1620)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1844][c:\program files\rising\rfw\RfwMain.exe] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 51)
[c:\program files\rising\rfw\RsGuiLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 23)
[c:\program files\rising\rfw\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[c:\program files\rising\rfw\PngDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[PID: 128][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: dnsrv(bld4act))
[PID: 312][C:\Program Files\Rising\Rav\RavTask.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 22)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[PID: 336][C:\Program Files\Rising\Rav\Ravmon.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 33)
[C:\Program Files\Rising\Rav\RsGuiLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 26)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\PngDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[PID: 392][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] (RealNetworks, Inc.)(0.1.0.3427)
[PID: 452][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 584][C:\InterWise\Student\pull.exe] (Interwise Ltd)(4.2.25)
[C:\InterWise\Student\PullCHSDll.dll] (Interwise Ltd)(4.2.30.01)
[PID: 648][C:\WINDOWS\system32\conime.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1568][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 2748][C:\WINDOWS\system32\wuauclt.exe] (Microsoft Corporation)(5.8.0.2469 built by: lab01_n(wmbla))
[PID: 2924][C:\Program Files\Internet Explorer\iexplore.exe] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\KakaTool.dll] (Beijing Rising Technology Co., Ltd.)(2, 0, 0, 9)
[c:\program files\google\googletoolbar1.dll] (Google Inc.)(3, 0, 131, 0)
[C:\Program Files\QQ2005\QQIEHelper.dll] (深圳市腾讯计算机系统有限公司)(1, 1, 0, 5)
[C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 0, 0, 2)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 2)
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] (Xi)(1.91.12)
[C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll] (CNNIC)(1, 1, 0, 0)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\Rising\Rav\RavScrCh.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] (Macromedia, Inc.)(8,5,0,133)
[PID: 2324][C:\WINDOWS\system32\taskmgr.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
gototop
 
klxq
头像
自信弱冠狮
  • 帖子:418
  • 注册: 2006-07-25
  • 来自:
发表于: 2006-09-17 13:20 | 只看楼主 短消息 资料
字号: 12楼

[PID: 440][C:\Program Files\QQ2005\QQ.exe] (TENCENT)(0, 0, 0, 0)
[C:\Program Files\QQ2005\QQBaseClassInDll.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\QQHelperDll.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\BasicCtrlDll.dll] (Tencent)(5, 0, 200, 370)
[C:\Program Files\QQ2005\QQAPI.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\TIMProxy.dll] (tencent)(0, 3, 2, 4)
[C:\Program Files\QQ2005\LoginCtrl.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\npkcntc.dll] (INCA Internet Co., Ltd.)(2006, 6, 27, 1)
[C:\Program Files\QQ2005\npkpdb.dll] (INCA Internet Co., Ltd.)(2003, 10, 1, 1)
[C:\Program Files\QQ2005\QQRes.dll] (tencent)(1, 0, 0, 1)
[C:\Program Files\QQ2005\QQMainFrame.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\CQQApplication.dll] (N/A)(N/A)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\QQ2005\NewSkin.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\HostingMgr.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\CameraDll.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\MailSummary.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\QQSpace.dll] ()(1, 0, 0, 1)
[C:\WINDOWS\system32\msdmo.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\QQGroupMng.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\GroupLive.dll] (N/A)(N/A)
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[C:\Program Files\QQ2005\UserDefinedHead.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\QQPlugin.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\QQConfigPlugin.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\QQSysMsgMng.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\QRingMng.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\PhoneAPI.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\DialerAllinOne.dll] (tencent)(1, 4, 0, 0)
[C:\Program Files\QQ2005\VPortal.dll] ()(1, 0, 0, 4)
[C:\Program Files\QQ2005\LongConnection.dll] (tencent)(5, 0, 200, 160)
[C:\Program Files\QQ2005\QQAvatar.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\FlashAvatarDll.dll] ()(1, 4, 0, 1)
[C:\Program Files\QQ2005\QQPet.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\BQQApplication.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\CommercesMng.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\PersonalDesktop.dll] (深圳市腾讯计算机系统公司QQ工作小组)(1, 0, 0, 2)
[C:\Program Files\QQ2005\QQAddr.dll] (深圳市腾讯计算机系统有限公司)(5, 0, 101, 240)
[C:\Program Files\QQ2005\QQSceneMng.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\QQAllInOne.dll] (N/A)(N/A)
[C:\Program Files\QQ2005\SCCore.dll] (TENCENT)(2, 0, 0, 1)
[C:\Program Files\QQ2005\QQCustomFace.dll] (N/A)(N/A)
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] (Macromedia, Inc.)(8,5,0,133)
[C:\Program Files\QQ2005\QQMagicFace.dll] ()(1, 0, 0, 1)
[C:\Program Files\QQ2005\GroupConnection.dll] (Tencent)(0, 3, 3, 5)
[C:\Program Files\QQ2005\ImageOle.dll] (TODO: (Company name))(1.0.0.1)
[C:\Program Files\QQ2005\QQFileTransfer.dll] (Tencent)(0, 3, 3, 5)
[PID: 2152][C:\Program Files\QQ2005\TIMPlatform.exe] (tencent)(0, 3, 1, 8)
[C:\Program Files\QQ2005\TIMProxy.dll] (tencent)(0, 3, 2, 4)
[PID: 404][F:\e\sreng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------


Winsock 提供者



--------------------------------------------------------------------------------
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT