标题:
zcfqer95.dll到底是不是未知间谍软件阿?
[打印本页]
作者:
大海孤舟
时间:
2006-9-21 12:12
标题:
zcfqer95.dll到底是不是未知间谍软件阿?
2006-09-16 02:47:56 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:55 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:54 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:53 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:52 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:51 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:50 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:49 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:48 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:47 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:46 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:45 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:43 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:42 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:42 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ZCFQER95 %SYSTEMROOT%\SYSTEM32\RUNDLL32.EXE %SYSTEMROOT%\SYSTEM32\ZCFQER95.DLL,DLLUNREGISTERSERVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:41 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-16 02:47:31 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
上次报了样本,也没回复阿!
作者:
Legend
时间:
2006-9-21 12:22
请加入微点技术交流群QQ:16998902
作者:
大海孤舟
时间:
2006-9-21 12:51
加了,但没反应阿
作者:
Legend
时间:
2006-9-21 12:56
请再试试看
作者:
大海孤舟
时间:
2006-9-21 12:56
每次开机都说zcfqer95.dll是未知间谍软件,但总是删除失败,上次报了样本,也没回复啊。这次报告删除成功了,但接着自己就生成了。2006-09-21 12:54:20 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:19 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:18 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:17 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:16 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:15 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:14 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:13 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:12 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:11 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:10 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:09 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:08 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:07 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:06 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:06 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\ ZCFQER95 %SYSTEMROOT%\SYSTEM32\RUNDLL32.EXE %SYSTEMROOT%\SYSTEM32\ZCFQER95.DLL,DLLUNREGISTERSERVER C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:54:05 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH SYSTEM32\DRIVERS\ZCFQER95.SYS SYSTEM
2006-09-21 12:53:55 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZCFQER95\ IMAGEPATH
作者:
大海孤舟
时间:
2006-9-21 13:00
好友确实加上了,但好像都没反应阿,我留了言在上面。好像没有人啊
作者:
Legend
时间:
2006-9-21 13:06
请选择添加群不是好友
作者:
winsam
时间:
2006-9-22 12:19
我也是同样问题~~唉!微点努力点:P 这个病毒微点报删掉、但文件还存在、而且每次重启又走出来~~烦死!究竟微点报删除后、我的系统真的安全吗~~真担心!!!
附件 1:
报警信息.jpg
(2006-9-22 12:19, 36.18 K,下载次数: 22)
作者:
随风摇曳
时间:
2006-9-22 12:32
用在安全模式下查查看SpyBot-Search & Destroy V1.4绿色版
这是下载地址:
http://www.xdowns.com/soft/8/9/2006/Soft_31418.html
作者:
Legend
时间:
2006-9-22 12:46
winsam
请把您的这个文件发到
virus@micropoint.com.cn
,我们具体测试分析下;
并请注明您的具体环境及现象
作者:
winsam
时间:
2006-9-22 16:49
先感谢随风摇曳的帮助、我试过了那个软件、但问题依旧。
legend版主
那个文件不准复制、也不能打包、说给另一人或程序使用、所以无法发给你们、请指点该如何解决~~谢谢!
作者:
Legend
时间:
2006-9-22 16:56
Quote:
Originally posted by
winsam
at 2006-9-22 16:49:
先感谢随风摇曳的帮助、我试过了那个软件、但问题依旧。
legend版主
那个文件不准复制、也不能打包、说给另一人或程序使用、所以无法发给你们、请指点该如何解决~~谢谢!
您是否选择了剪切?您可以把微点的相关日志发到
support@micropoint.com.cn
我们具体分析下;(系统自启动、程序生成、注册表变更、木马日志)
作者:
winsam
时间:
2006-9-22 17:28
Quote:
Originally posted by
Legend
at 2006-9-22 04:56 PM:
您是否选择了剪切?您可以把微点的相关日志发到
support@micropoint.com.cn
我们具体分析下;(系统自启动、程序生成、注册表变更、木马日志)
不是选择剪切。此文件复制、删除、什么动作都不允许~~激死!日志已发了给你们。
欢迎光临 微点交流论坛 (http://bbs.micropoint.com.cn/)
bbs.micropoint.com.cn
报警信息.jpg (2006-9-22 12:19, 36.18 K,下载次数: 22)
