[求助]自动播放音乐的病毒

显示全部楼层 · 发表于 2007-12-7 16:38:28

真是奇怪的病毒啊！

音乐比较阴沉

不会是有人搞恶作剧吧！！

显示全部楼层 · 发表于 2007-12-7 16:59:28

注销了还能唱？还真没见过这样的病毒。我觉得病毒的可能性不是很大。

显示全部楼层 · 发表于 2007-12-7 17:29:36

今天下午朋友反馈说，今天又试了一次，注销后音乐停了，但他说清楚的记得前天晚上那次注销后的确音乐没停。已经建议他先用比较常规的办法，装上杀软和安全助手试一试，如果还不行就采取极品职员的建议，直接做掉算了。

显示全部楼层 · 发表于 2007-12-7 21:34:07

嗯~~~~还是感觉不是病毒~~~~

能不能叫你朋友用SRE扫一个报告传上来啊~~~~

显示全部楼层 · 发表于 2007-12-11 09:29:05

哈哈
是那你朋友中邪了哦
哈哈

显示全部楼层 · 发表于 2007-12-11 09:49:09

进来看看，没听说过

显示全部楼层 · 发表于 2007-12-11 09:57:11

有时候我有遇到过关了QQ空间但是空间的音乐一直放一直放，只是没有像LZ一样注销解决不了～～到底什么原理啊，静待解答～～

显示全部楼层 · 发表于 2007-12-13 17:59:11

这个朋友的机子里有 logogogo.exe 病毒, 用360的U盘专杀杀掉后,用瑞星的卡卡扫了个结果，高手给看看：

瑞星卡卡电脑诊断日志 v1.30 (2007-12-13 17:44:53)
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
+ HKLM\System\CurrentControlSet\Services
   msn
      [AM] 1. c:\windows\system32\ime\svchost.exe
      .text,.rdata,.data,

   ose
      [A ] 2. c:\program files\common files\microsoft shared\source engine\ose.exe
      Microsoft Corporation
      Office Source Engine
      .text,.data,.rsrc,

   rpcapd
      [A ] 3. c:\program files\winpcap\rpcapd.exe
      CACE Technologies
      rpcapd
      .text,.rdata,.data,.rsrc,

   RsCCenter
      [A ] 4. c:\program files\rising\rav\ccenter.exe
      Beijing Rising Technology Co., Ltd.
      CCenter
      .text,.rdata,.data,.rsrc,

   RsRavMon
      [A ] 5. c:\program files\rising\rav\ravmond.exe
      Beijing Rising Technology Co., Ltd.
      RavMond
      .text,.rdata,.data,.rsrc,

   UMWdf
      [AM] 6. c:\windows\system32\wdfmgr.exe
      Microsoft Corporation
      Windows User Mode Driver Manager
      .text,.data,.rsrc,

  + 内核驱动
+ HKLM\System\CurrentControlSet\Services
   AsyncMac
      [A ] 7. c:\windows\system32\drivers\comint32.sys

   BaseTDI
      [A ] 8. c:\windows\system32\drivers\basetdi.sys
      Beijing Rising Technology Co., Ltd.
      basetdi
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   btaudio
      [A ] 9. c:\windows\system32\drivers\btaudio.sys

   BTDriver
      [A ] 10. c:\windows\system32\drivers\btport.sys

   BTKRNL
      [A ] 11. c:\windows\system32\drivers\btkrnl.sys

   BTWDNDIS
      [A ] 12. c:\windows\system32\drivers\btwdndis.sys

   btwmodem
      [A ] 13. c:\windows\system32\drivers\btwmodem.sys
      Broadcom Corporation.
      Bluetooth BTPORT Driver for Windows 2000
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   BTWUSB
      [A ] 14. c:\windows\system32\drivers\btwusb.sys

   ExpScaner
      [A ] 15. c:\program files\rising\rav\expscan.sys
      ExpScan.sys
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   HdAudAddService
      [A ] 16. c:\windows\system32\drivers\hdaudio.sys
      Windows (R) Server 2003 DDK provider
      High Definition Audio Function Driver v1.0a
      .text,CODE,.rdata,.data,PAGE,PAGED,INIT,.rsrc,.reloc,

   HDAudBus
      [A ] 17. c:\windows\system32\drivers\hdaudbus.sys
      Windows (R) Server 2003 DDK provider
      High Definition Audio Bus Driver v1.0a
      .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

   HookCont
      [A ] 18. c:\program files\rising\rav\hookcont.sys
      Rising
      HookCont
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   HookReg
      [A ] 19. c:\program files\rising\rav\hookreg.sys
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   HookSys
      [A ] 20. c:\program files\rising\rav\hooksys.sys
      Rising
      Hooksys
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   ialm
      [A ] 21. c:\windows\system32\drivers\ialmnt5.sys
      Intel Corporation
      Intel Graphics Miniport Driver
      .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

   IntcAzAudAddService
      [A ] 22. c:\windows\system32\drivers\rtkhdaud.sys
      Realtek Semiconductor Corp.
      Realtek(r) High Definition Audio Function Driver
      .text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,

   lcqdsgr
      [A ] 23. c:\windows\system32\drivers\lcqdsgr.sys
      北京三七二一科技有限公司
      sys 应用程序
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   MegaIDE
      [A ] 24. c:\windows\system32\drivers\megaide.sys
      LSI Logic Corporation.
      LSI MegaRAID IDE Driver
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   MEMSCAN
      [A ] 25. c:\program files\rising\rav\memscan.sys
      Beijing Rising Technology Co., Ltd.
      MemScan Driver
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   NPF
      [A ] 26. c:\windows\system32\drivers\npf.sys
      CACE Technologies
      npf
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   npkcrypt
      [A ] 27. c:\program files\tencent\qq\npkcrypt.sys
      INCA Internet Co., Ltd.
      nProtect KeyCrypt Driver
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   pcouffin
      [A ] 28. c:\windows\system32\drivers\pcouffin.sys
      VSO Software
      low level access layer for CD/DVD/BD devices
      .text,.rdata,.data,.CRT,.STL,PAGE,INIT,.rsrc,.reloc,

   pfc
      [A ] 29. c:\windows\system32\drivers\pfc.sys
      Padus, Inc.
      Padus(R) ASPI Shell
      .text,.data,INIT,.rsrc,.reloc,

   QQHX
      [A ] 30. c:\docume~1\zc\locals~1\temp\tmpb.tmp

   RsAntiSpyware
      [A ] 31. c:\windows\system32\drivers\rsboot.sys
      Beijing Rising Technology Co., Ltd.
      Anti-RootKit Driver
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   RsNTGDI
      [A ] 32. c:\windows\system32\drivers\rsntgdi.sys
      Beijing Rising Technology Co., Ltd.
      RsNTGDI
      .text,.rdata,INIT,.rsrc,.reloc,

   RSPPSYS
      [A ] 33. c:\program files\rising\rav\rsppsys.sys
      Rising
      RSPPSYS.SYS
      .text,.rdata,.data,INIT,.rsrc,.reloc,

   Secdrv
      [A ] 34. c:\windows\system32\drivers\secdrv.sys
      .text,.data,INIT,.reloc,

   SVKP
      [A ] 35. c:\windows\system32\svkp.sys
      AntiCracking
      SVKP driver for NT
      .text,.data,INIT,.rsrc,.reloc,

   ZSMC303
      [A ] 36. c:\windows\system32\drivers\usbvm303.sys
      Vimicro Corporation
      Video streaming and Capture Device Driver
      .text,.data,.data1,PAGECONS,INIT,.rsrc,.reloc,

  + 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
   ADProt
      [A ] 37. c:\windows\system32\drivers\adprot.sys

  + 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
      [A ] 38. c:\windows\system32\igfxdev.dll
      Intel Corporation
      igfxdev Module
      .text,.rdata,.data,.rsrc,.reloc,

+ HKCU\Control Panel\Desktop
   Scrnsave.exe
      [A ] 39. c:\windows\system32\flurry.scr
      Matt Ginzton
      Flurry screen saver for Windows
      .text,.rdata,.data,.sxdata,.rsrc,

  + IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
   {E0E899AB-F487-11D5-8D29-0050BA6940E3}
      [A ] 40. c:\program files\flashget\fgiebar.dll
      Amaze Soft
      FlashGet IE Bar
      .text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   {00000AAA-A363-466E-BEF5-9BB68697AA7F}
      [AM] 41. c:\program files\thunder network\webthunder\webthunderbho_now.dll
      Thunder Networking Technologies,LTD
      XunLeiBHO
      .text,.rdata,.data,.rsrc,.reloc,

   {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
      [AM] 42. c:\program files\flashget\jccatch.dll
      www.flashget.com
      Flashget CatchUrl Module
      .text,.rdata,.data,.rsrc,.reloc,

   {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
      [AM] 43. c:\program files\bitcomet\tools\bitcometbho.dll
      .text,.rdata,.data,.rsrc,.reloc,

   {889D2FEB-5411-4565-8998-1DD2C5261283}
      [AM] 44. c:\program files\thunder network\thunder\comdlls\xunleibho_007.dll
      Thunder Networking Technologies,LTD
      XunLeiBHO
      .text,.rdata,.data,.rsrc,.reloc,

   {9963387B-212E-4643-B207-82DAEA0E713D}
      [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}
      [AM] 46. c:\program files\internet explorer\iexplore32.win
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {C5E87A05-F463-4841-B19E-DD3EC3862368}
      [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {EE12D60D-AD9A-4095-B839-3BE6862679FD}
      [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {F156768E-81EF-470C-9057-481BA8380DBA}
      [AM] 49. c:\program files\flashget\getflash.dll
      www.flashget.com
      Flashget GetFlash Module
      .text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
   Exec
      [A ] 50. c:\program files\thunder network\thunder\thunder.exe
      Thunder Networking Technologies,LTD
      .text,.rdata,.data,.rsrc,

   Exec
      [A ] 51. c:\program files\flashget\flashget.exe
      FlashGet.com
      FlashGet
      .text,.rdata,.data,.rsrc,

  + 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
   application/x-shockwave-flash
      [AM] 52. c:\program files\netmeeting\msn2075.dll
      msnlive Module
      .text,.rdata,.data,.rsrc,.reloc,

   text/html
      [AM] 52. c:\program files\netmeeting\msn2075.dll
      msnlive Module
      .text,.rdata,.data,.rsrc,.reloc,

   text/xml
      [A ] 53. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
      Microsoft Corporation
      Microsoft Office XML MIME Filter
      .text,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
   KuGoo3
      [A ] 54. c:\program files\kugoo3\inextend\kugoo3downxcontrol.ocx
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
   HyperTerminal Icon Ext
      [A ] 55. c:\windows\system32\hticons.dll
      Hilgraeve, Inc.
      HyperTerminal Applet Library
      .text,.data,.rsrc,.reloc,

   Portable Media Devices
      [A ] 56. c:\windows\system32\audiodev.dll
      Microsoft Corporation
      便携媒体设备命令行解释器扩展
      .text,.data,.rsrc,.reloc,

   Portable Media Devices Menu
      [A ] 56. c:\windows\system32\audiodev.dll
      Microsoft Corporation
      便携媒体设备命令行解释器扩展
      .text,.data,.rsrc,.reloc,

   Shell Extensions for RealOne Player
      [A ] 57. c:\program files\real\realplayer\rpshell.dll
      RealNetworks, Inc.
      RealPlayer Shell Extensions
      .text,.rdata,.data,.rsrc,.reloc,

   WinRAR shell extension
      [A ] 58. c:\program files\winrar\rarext.dll
      .text,.data,.tls,.idata,.edata,.rsrc,.reloc,

   PicaView
      [A ] 59. c:\program files\acdsee\picaview.dll
      ACD Systems, Ltd.
      PicaView 系统扩展 DLL
      .text,.rdata,.data,.tls,.rsrc,.reloc,

   Microsoft Office HTML Icon Handler
      [AM] 60. c:\program files\microsoft office\office11\msohev.dll
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,.reloc,

   Web Folders
      [A ] 61. c:\program files\common files\microsoft shared\web folders\msonsext.dll
      Microsoft Corporation
      Microsoft Web Folders
      .text,.data,.rsrc,.reloc,

   RISING
      [AM] 62. c:\windows\system32\ravext.dll
      Beijing Rising Technology Co., Ltd.
      Rising Shell Ext Module
      .text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
   {5A321487-4977-D98A-C8D5-6488257545A5}
      [AM] 63. c:\windows\system32\kapjezy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {8A1247C1-53DA-FF43-ABD3-345F323A48D8}
      [AM] 64. c:\windows\system32\avwghmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {B859245F-345D-BC13-AC4F-145D47DA34FB}
      [AM] 65. c:\windows\system32\avzxkmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {7960356A-458E-DE24-BD50-268F589A56A7}
      [AM] 66. c:\windows\system32\avwlgmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {5598FF45-DA60-F48A-BC43-10AC47853D55}
      [AM] 67. c:\windows\system32\rarjepi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {68907901-1416-3389-9981-372178569986}
      [AM] 68. c:\windows\system32\kawdfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {24909874-8982-F344-A322-7898787FA742}
      [AM] 69. c:\windows\system32\swjqbzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {25679330-4034-9021-7012-909856721372}
      [AM] 70. c:\windows\system32\wszjbzx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {9963387B-212E-4643-B207-82DAEA0E713D}
      [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {C5E87A05-F463-4841-B19E-DD3EC3862368}
      [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {EE12D60D-AD9A-4095-B839-3BE6862679FD}
      [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}
      [AM] 46. c:\program files\internet explorer\iexplore32.win
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {E159854F-6971-3456-6941-10235412974E}
      [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {792FADFA-BCDE-ACDF-CDEF-21054865CBA7}
      [AM] 72. c:\windows\system32\wsmsezx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {BD561258-45F3-A451-F908-A258458226DB}
      [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {9E32FA58-3453-FA2D-BC49-F340348ACCE9}
      [AM] 74. c:\windows\system32\rsmyipm.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {E6650011-3344-6688-4899-345FABCD156E}
      [AM] 75. c:\windows\system32\ratbnpi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {68847374-8323-FADC-B443-4732ABCD3786}
      [AM] 76. c:\windows\system32\sidjfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
      [AM] 77. c:\windows\system32\shlhook.dll
      Beijing Rising Technology Co., Ltd.
      shlhook Module
      .text,.rdata,.data,.rsrc,.reloc,

   {32CD708B-60A7-4C00-9377-D73EAA495F0F}
      [AM] 62. c:\windows\system32\ravext.dll
      Beijing Rising Technology Co., Ltd.
      Rising Shell Ext Module
      .text,.rdata,.data,.rsrc,.reloc,

   {AC87A354-ABC3-DEDE-FF33-3213FD7447CA}
      [AM] 78. c:\windows\system32\kvdxjma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {2A57CAD1-412F-9547-713F-9641FA3FC7A2}
      [AM] 79. c:\windows\system32\okmhbzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {778A7521-FA87-34AB-34C2-4893F3AD34C7}
      [AM] 80. c:\windows\system32\swrcfzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

   {C7D81718-1314-5200-2597-58790101807C}
      [AM] 81. c:\windows\system32\kaqhlzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
   runeip
      [AM] 82. c:\program files\rising\antispyware\runiep.exe
      Beijing Rising Technology Co., Ltd.
      Rising AntiSpyware Monitor
      .text,.rdata,.data,.rsrc,

   RavTask
      [A ] 83. c:\program files\rising\rav\ravtask.exe
      Beijing Rising Technology Co., Ltd.
      RavTimer
      .text,.rdata,.data,.rsrc,

   TkBellExe
      [AM] 84. c:\program files\common files\real\update_ob\realsched.exe
      RealNetworks, Inc.
      RealNetworks Scheduler
      .text,.rdata,.data,.rsrc,

  + 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
   BootExecute
      [A ] 85. c:\windows\system32\bsmain.exe
      Beijing Rising Technology Co., Ltd.
      BootScan
      .text,.data,.rsrc,.reloc,

  + 映像劫持
+ HKCR\.html
   FirefoxHTML\Edit\Command
      [A ] 86. c:\program files\microsoft office\office11\msohtmed.exe
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,

   FirefoxHTML\open\Command
      [A ] 87. c:\program files\mozilla firefox\firefox.exe
      Mozilla Corporation
      Firefox
      .text,.rdata,.data,.rsrc,

   FirefoxHTML\Print\Command
      [A ] 86. c:\program files\microsoft office\office11\msohtmed.exe
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,

+ HKCR\.htm
   FirefoxHTML\Edit\Command
      [A ] 86. c:\program files\microsoft office\office11\msohtmed.exe
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,

   FirefoxHTML\open\Command
      [A ] 87. c:\program files\mozilla firefox\firefox.exe
      Mozilla Corporation
      Firefox
      .text,.rdata,.data,.rsrc,

   FirefoxHTML\Print\Command
      [A ] 86. c:\program files\microsoft office\office11\msohtmed.exe
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,

+ HKCR\.mp3
   RealPlayer.MP3.6\open\Command
      [A ] 88. c:\program files\real\realplayer\realplay.exe
      RealNetworks, Inc.
      RealPlayer
      .text,.rdata,.data,.rsrc,

  + 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_DLLs
      [AM] 76. c:\windows\system32\sidjfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   Canon BJ Language Monitor BJC-1000SP
      [AM] 89. c:\windows\system32\cnmlm2i.dll
      CANON INC.
      BJ Language Monitor
      .text,.data,.rsrc,.reloc,

+ 正在运行的进程
  + 00000140(320) Explorer.EXE
003D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017B0000[0000C000]
   [AM] 63. c:\windows\system32\kapjezy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017C0000[0000D000]
   [AM] 64. c:\windows\system32\avwghmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017D0000[0000D000]
   [AM] 65. c:\windows\system32\avzxkmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

显示全部楼层 · 发表于 2007-12-13 17:59:28

续：

019F0000[0000D000]
   [AM] 66. c:\windows\system32\avwlgmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01A50000[0000C000]
   [AM] 67. c:\windows\system32\rarjepi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01A60000[0000C000]
   [AM] 68. c:\windows\system32\kawdfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01B30000[0000D000]
   [AM] 69. c:\windows\system32\swjqbzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01B40000[0000C000]
   [AM] 70. c:\windows\system32\wszjbzx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01CE0000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

72C80000[00008000]
   [ M] 90. c:\windows\system32\msacm32.drv
      Microsoft Corporation
      Microsoft Sound Mapper
      .text,.data,.rsrc,.reloc,

017E0000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

022D0000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02880000[0000D000]
   [AM] 46. c:\program files\internet explorer\iexplore32.win
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

029D0000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02A00000[0000D000]
   [AM] 72. c:\windows\system32\wsmsezx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02A10000[0000C000]
   [AM] 74. c:\windows\system32\rsmyipm.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02A70000[0000C000]
   [AM] 75. c:\windows\system32\ratbnpi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02B50000[0000D000]
   [AM] 76. c:\windows\system32\sidjfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02C30000[0000C000]
   [AM] 78. c:\windows\system32\kvdxjma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02C80000[0000D000]
   [AM] 79. c:\windows\system32\okmhbzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02CD0000[0000C000]
   [AM] 80. c:\windows\system32\swrcfzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02D20000[0000D000]
   [AM] 81. c:\windows\system32\kaqhlzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

10000000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

03910000[00011000]
   [AM] 77. c:\windows\system32\shlhook.dll
      Beijing Rising Technology Co., Ltd.
      shlhook Module
      .text,.rdata,.data,.rsrc,.reloc,

03990000[0001B000]
   [AM] 62. c:\windows\system32\ravext.dll
      Beijing Rising Technology Co., Ltd.
      Rising Shell Ext Module
      .text,.rdata,.data,.rsrc,.reloc,

  + 000001f8(504) smss.exe

  + 00000268(616) csrss.exe

  + 00000288(648) winlogon.exe
004D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

72C80000[00008000]
   [ M] 90. c:\windows\system32\msacm32.drv
      Microsoft Corporation
      Microsoft Sound Mapper
      .text,.data,.rsrc,.reloc,

  + 000002c0(704) services.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 000002cc(716) lsass.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 00000370(880) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 000003a8(936) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 00000408(1032) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

50E60000[0000C000]
   [ M] 92. c:\windows\system32\wups2.dll
      Microsoft Corporation
      Windows Update client proxy stub 2
      .text,.orpc,.data,.rsrc,.reloc,

  + 0000043c(1084) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 000004ec(1260) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 000004fc(1276) svchost.exe
00400000[00004000]
   [AM] 1. c:\windows\system32\ime\svchost.exe
      .text,.rdata,.data,

  + 00000578(1400) svchost.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 000005c4(1476) wdfmgr.exe
01000000[0000C000]
   [AM] 6. c:\windows\system32\wdfmgr.exe
      Microsoft Corporation
      Windows User Mode Driver Manager
      .text,.data,.rsrc,

00560000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 00000684(1668) spoolsv.exe
003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

66D00000[0001A000]
   [AM] 89. c:\windows\system32\cnmlm2i.dll
      CANON INC.
      BJ Language Monitor
      .text,.data,.rsrc,.reloc,

00B50000[00006000]
   [ M] 93. c:\windows\system32\spool\prtprocs\w32x86\cnmpd2i.dll
      CANON INC.
      Canon BJ Print Processor Dispatcher
      .text,.data,.rsrc,.reloc,

  + 000007f4(2036) alg.exe

  + 00000898(2200) Ras.exe
00400000[00170000]
   [ M] 94. c:\program files\rising\antispyware\ras.exe
      Beijing Rising Technology Co., Ltd.
      Rising AntiSpyware
      .text,.rdata,.data,.rsrc,

780C0000[00061000]
   [ M] 95. c:\program files\rising\antispyware\msvcp60.dll
      Microsoft Corporation
      Microsoft (R) C++ Runtime Library
      .text,.rdata,.data,.rsrc,.reloc,

10000000[00013000]
   [ M] 96. c:\program files\rising\antispyware\topsoft.dll
      Beijing Rising Technology Co., Ltd.
      Rising AntiSpyware TopSoft
      .text,.rdata,.data,.rsrc,.reloc,

7C140000[00103000]
   [ M] 97. c:\program files\rising\antispyware\mfc71.dll
      Microsoft Corporation
      MFCDLL Shared Library - Retail Version
      .text,.data,.rsrc,.reloc,

7C340000[00056000]
   [ M] 98. c:\program files\rising\antispyware\msvcr71.dll
      Microsoft Corporation
      Microsoft? C Runtime Library
      .text,.rdata,.data,.rsrc,.reloc,

7C3A0000[0007B000]
   [ M] 99. c:\program files\rising\antispyware\msvcp71.dll
      Microsoft Corporation
      Microsoft? C++ Runtime Library
      .text,.rdata,.data,.rsrc,.reloc,

003D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00D70000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01020000[000BD000]
   [ M] 100. c:\program files\rising\antispyware\rasgui.dll
      Beijing Rising Technology Co., Ltd.
      RasGUI
      .text,.rdata,.data,.rsrc,.reloc,

015A0000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01870000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

018A0000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

018D0000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

018F0000[0000C000]
   [AM] 63. c:\windows\system32\kapjezy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01900000[0000D000]
   [AM] 64. c:\windows\system32\avwghmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01740000[0000D000]
   [AM] 65. c:\windows\system32\avzxkmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01750000[0000D000]
   [AM] 66. c:\windows\system32\avwlgmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01760000[0000C000]
   [AM] 67. c:\windows\system32\rarjepi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01770000[0000C000]
   [AM] 68. c:\windows\system32\kawdfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01780000[0000D000]
   [AM] 69. c:\windows\system32\swjqbzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01790000[0000C000]
   [AM] 70. c:\windows\system32\wszjbzx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017A0000[0000D000]
   [AM] 72. c:\windows\system32\wsmsezx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017B0000[0000C000]
   [AM] 74. c:\windows\system32\rsmyipm.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017C0000[0000C000]
   [AM] 75. c:\windows\system32\ratbnpi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017D0000[0000D000]
   [AM] 76. c:\windows\system32\sidjfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017E0000[0000C000]
   [AM] 78. c:\windows\system32\kvdxjma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

017F0000[0000D000]
   [AM] 79. c:\windows\system32\okmhbzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01800000[0000C000]
   [AM] 80. c:\windows\system32\swrcfzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01810000[0000D000]
   [AM] 81. c:\windows\system32\kaqhlzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02F50000[00022000]
   [AM] 52. c:\program files\netmeeting\msn2075.dll
      msnlive Module
      .text,.rdata,.data,.rsrc,.reloc,

  + 0000091c(2332) runiep.exe
00400000[00016000]
   [AM] 82. c:\program files\rising\antispyware\runiep.exe
      Beijing Rising Technology Co., Ltd.
      Rising AntiSpyware Monitor
      .text,.rdata,.data,.rsrc,

00AC0000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00B20000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

00B10000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00B50000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01090000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

012A0000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 00000934(2356) realsched.exe
00400000[0002F000]
   [AM] 84. c:\program files\common files\real\update_ob\realsched.exe
      RealNetworks, Inc.
      RealNetworks Scheduler
      .text,.rdata,.data,.rsrc,

003C0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00B70000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

011E0000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

10000000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

01210000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01220000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 0000098c(2444) ctfmon.exe
003D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00A30000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00BB0000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

10000000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

00C60000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00E80000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

  + 00000dc4(3524) IEXPLORE.EXE
003D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

00BD0000[00011000]
   [AM] 45. c:\program files\internet explorer\plugins\wn_sys8x.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

10000000[0002A000]
   [AM] 41. c:\program files\thunder network\webthunder\webthunderbho_now.dll
      Thunder Networking Technologies,LTD
      XunLeiBHO
      .text,.rdata,.data,.rsrc,.reloc,

01270000[00011000]
   [AM] 42. c:\program files\flashget\jccatch.dll
      www.flashget.com
      Flashget CatchUrl Module
      .text,.rdata,.data,.rsrc,.reloc,

01290000[0005F000]
   [AM] 43. c:\program files\bitcomet\tools\bitcometbho.dll
      .text,.rdata,.data,.rsrc,.reloc,

01AC0000[0001D000]
   [AM] 44. c:\program files\thunder network\thunder\comdlls\xunleibho_007.dll
      Thunder Networking Technologies,LTD
      XunLeiBHO
      .text,.rdata,.data,.rsrc,.reloc,

01AF0000[0000D000]
   [AM] 46. c:\program files\internet explorer\iexplore32.win
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01C30000[0000D000]
   [AM] 47. c:\program files\internet explorer\iexplore32.sys
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01D40000[0000E000]
   [AM] 48. c:\program files\internet explorer\iexplore32.dat
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

01E50000[00021000]
   [AM] 49. c:\program files\flashget\getflash.dll
      www.flashget.com
      Flashget GetFlash Module
      .text,.rdata,.data,.rsrc,.reloc,

028C0000[00022000]
   [AM] 52. c:\program files\netmeeting\msn2075.dll
      msnlive Module
      .text,.rdata,.data,.rsrc,.reloc,

02D40000[0000B000]
   [AM] 71. c:\windows\fonts\hookhelp.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

02E50000[0001B000]
   [ M] 91. c:\program files\rising\antispyware\ieprot.dll
      Beijing Rising Technology Co., Ltd.
      IE Protector
      .text,.rdata,.data,.rsrc,.reloc,

325C0000[00012000]
   [AM] 60. c:\program files\microsoft office\office11\msohev.dll
      Microsoft Corporation
      Microsoft Office 2003 component
      .text,.data,.rsrc,.reloc,

02FC0000[0000D000]
   [AM] 81. c:\windows\system32\kaqhlzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

030D0000[0000C000]
   [AM] 80. c:\windows\system32\swrcfzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

031E0000[0000D000]
   [AM] 79. c:\windows\system32\okmhbzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

032F0000[0000C000]
   [AM] 78. c:\windows\system32\kvdxjma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03400000[0000D000]
   [AM] 76. c:\windows\system32\sidjfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03510000[0000C000]
   [AM] 75. c:\windows\system32\ratbnpi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03620000[0000C000]
   [AM] 74. c:\windows\system32\rsmyipm.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03730000[0000D000]
   [AM] 72. c:\windows\system32\wsmsezx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03840000[0000C000]
   [AM] 70. c:\windows\system32\wszjbzx.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03950000[0000D000]
   [AM] 69. c:\windows\system32\swjqbzc.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03A60000[0000C000]
   [AM] 68. c:\windows\system32\kawdfzy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03B70000[0000C000]
   [AM] 67. c:\windows\system32\rarjepi.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03C80000[0000D000]
   [AM] 66. c:\windows\system32\avwlgmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03D90000[0000D000]
   [AM] 65. c:\windows\system32\avzxkmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03EA0000[0000D000]
   [AM] 64. c:\windows\system32\avwghmn.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

03FB0000[0000C000]
   [AM] 63. c:\windows\system32\kapjezy.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

72C80000[00008000]
   [ M] 90. c:\windows\system32\msacm32.drv
      Microsoft Corporation
      Microsoft Sound Mapper
      .text,.data,.rsrc,.reloc,

049C0000[00019000]
   [ M] 101. c:\program files\rising\rav\ravscrch.dll
      Beijing Rising Technology Co., Ltd.
      RavScrCh Module
      .text,.rdata,.data,.rsrc,.reloc,

30000000[002EE000]
   [ M] 102. c:\windows\system32\macromed\flash\flash9b.ocx
      Adobe Systems, Inc.
      Adobe Flash Player 9.0  r28
      .text,.rdata,.data,.rsrc,.reloc,

07B80000[00035000]
   [ M] 103. c:\windows\system32\xpsp3res.dll
      Microsoft Corporation
      Service Pack 3 Messages
      .rsrc,

  + 00000f50(3920) wuauclt.exe
003D0000[0000C000]
   [AM] 73. c:\windows\system32\kvdxskma.dll
      CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

50E60000[0000C000]
   [ M] 92. c:\windows\system32\wups2.dll
      Microsoft Corporation
      Windows Update client proxy stub 2
      .text,.orpc,.data,.rsrc,.reloc,

显示全部楼层 · 发表于 2007-12-13 18:30:22

使用sreng扫报告。

[已解决] [求助]自动播放音乐的病毒

浏览过的版块