瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 这个病毒怎么杀 请大家帮忙看看  有日志

1   1  /  1  页   跳转

这个病毒怎么杀 请大家帮忙看看  有日志

收藏
271133585
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-09-23
  • 来自:
发表于: 2006-09-29 09:25 | 只看楼主 短消息 资料
字号: 1楼

这个病毒怎么杀 请大家帮忙看看  有日志

最近上网,打开网页瑞星总是提示有病毒,系统也提示windows无法访问指定设备,路径或文件,连瑞星的主页也是这样,病毒的程序名叫svchost.exe 每次瑞星删除这个程序后刷新网页还有,格式化重装系统还是这样,而且每次重装完系统后瑞星检测到的病毒都和以前的不一样,请大家帮的看一看!
最后编辑2006-09-29 09:19:27
分享到:
gototop
 
271133585
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-09-23
  • 来自:
发表于: 2006-09-29 09:26 | 只看楼主 短消息 资料
字号: 2楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <KvXP><E:\KV2006\KvXP.kxp /ScanBoot /ScanSys>  [Jiangmin Co.Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <RavTask><"E:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <KvMonXP><E:\KV2006\KVMonXP.kxp /auto>  [Jiangmin Co.Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{81402638-2638-140E-3814-63840638140E}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\2638140E.dll>  []

==================================
启动文件夹
服务
[Rising Proxy  Service / RfwProxySrv]
  <e:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"E:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <E:\KV2006\KVBHO.dll, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <E:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <E:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
gototop
 
271133585
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-09-23
  • 来自:
发表于: 2006-09-29 09:27 | 只看楼主 短消息 资料
字号: 3楼

正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 556][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 568][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 732][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 784][E:\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 812][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [E:\KV2006\KVSock.dll]  <Jiangmin Co. Ltd.><9.2.5.720>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
[PID: 904][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 988][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [E:\KV2006\KVSock.dll]  <Jiangmin Co. Ltd.><9.2.5.720>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
[PID: 1040][E:\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
    [E:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [E:\Rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [E:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
    [E:\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [E:\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [E:\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [E:\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [E:\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [E:\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [E:\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
    [E:\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [E:\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [E:\Rising\Rav\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 17>
    [E:\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [E:\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [E:\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [E:\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [E:\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [E:\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1164][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [E:\KV2006\KvShell.dll]  <Jiangmin Co.Ltd><9, 0, 5, 830>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
    [E:\KV2006\lang\Kvxp0804.lng]  <N/A><N/A>
    [E:\KV2006\APIImpl.dll]  <JiangMin Ltd.><9.0.0.500>
    [E:\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 831>
    [E:\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [E:\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1256][e:\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [e:\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [e:\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [e:\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [e:\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [e:\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [e:\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1376][E:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1440][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1488][E:\Rising\Rfw\rfwmain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [E:\Rising\Rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [E:\Rising\Rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1496][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1512][E:\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [E:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [E:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [E:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1668][E:\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [E:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 772][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1020][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [E:\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
    [E:\KV2006\GUIExt.dll]  <Jiangmin Co.Ltd><9, 0, 5, 831>
    [E:\KV2006\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [E:\KV2006\KVBHO.dll]  <N/A><1, 0, 0, 1>
    [E:\KV2006\KVAddrDb.dll]  <Jiangmin Co.Ltd><9, 0, 0, 813>
    [E:\KV2006\KVSock.dll]  <Jiangmin Co. Ltd.><9.2.5.720>
    [E:\KV2006\KvShell.dll]  <Jiangmin Co.Ltd><9, 0, 5, 830>
    [E:\KV2006\lang\Kvxp0804.lng]  <N/A><N/A>
    [E:\KV2006\APIImpl.dll]  <JiangMin Ltd.><9.0.0.500>
[PID: 3408][E:\KV2006\KVSrvXP.exe]  <Jiangmin Co. Ltd><9.2.0.50822>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
    [E:\KV2006\SvcSafe.dll]  <Jiangmin Co. Ltd><9, 2, 0, 50904>
    [E:\KV2006\lang\SvcSafe0804.lng]  <N/A><N/A>
    [E:\KV2006\Scan.dll]  <Jiangmin Co. Ltd><1.0.0.50822>
    [E:\KV2006\FileGD.dll]  <Jiangmin Co.Ltd><9.2.0.50809>
    [E:\KV2006\KvSPI.dll]  <JiangMin Co. Ltd><9, 2, 0, 50918>
    [E:\KV2006\ScanHost.dll]  <Jiangmin Co. Ltd><9, 2, 0, 50822>
    [E:\KV2006\KVWPSet.dll]  <Jiangmin Co.Ltd><9, 0, 0, 509>
    [E:\KV2006\EngPS.dll]  <Jiangmin Co.Ltd><9, 2, 0, 50817>
    [E:\KV2006\KVEnhJ.dll]  <Jiangmin Co.Ltd><9, 1, 0, 50822>
    [E:\KV2006\KVExtCab.dll]  <JiangMin Co. Ltd><9, 2, 0, 50822>
    [E:\KV2006\KVExtEml.dll]  <JiangMin Co. Ltd.><9, 0, 0, 503>
    [E:\KV2006\KVExtGz.dll]  <Jiangmin Co. Ltd><9, 0, 0, 50822>
    [E:\KV2006\KVExtLZH.dll]  <JiangMin Co. Ltd.><9, 2, 0, 50822>
    [E:\KV2006\KvExtRar.dll]  <JiangMin Co. Ltd.><9, 2, 0, 50822>
    [E:\KV2006\KVExtTar.dll]  <Jiangmin Co. Ltd><9, 2, 0, 50822>
    [E:\KV2006\KVExtZ.dll]  <Jiangmin Co. Ltd><9.2.0.503>
    [E:\KV2006\KvExtZip.dll]  <JiangMin Co Ltd.><9, 2, 0, 50822>
    [E:\KV2006\KVEnhK.dll]  <Jiangmin Co.Ltd><9, 1, 0, 50822>
    [E:\KV2006\lang\PrivateCfg0804.lng]  <TODO: <Company name>><1.0.0.1>
[PID: 2248][E:\KV2006\UIHost.exe]  <Jiangmin Co. Ltd><9.2.0.50822>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
    [E:\KV2006\ComUI.dll]  <Jiangmin Ltd.><9. 0. 0.509>
    [E:\KV2006\ComUIPS.dll]  <N/A><9. 5. 5. 20>
[PID: 3268][C:\DOCUME~1\3#\LOCALS~1\Temp\Rar$EX01.719\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [E:\KV2006\KVSock.dll]  <Jiangmin Co. Ltd.><9.2.5.720>
    [E:\KV2006\UpdateX.dll]  <JiangMin Co.Ltd.><9, 0, 5, 913>
gototop
 
271133585
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-09-23
  • 来自:
发表于: 2006-09-29 09:27 | 只看楼主 短消息 资料
字号: 4楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT