noname123 - 2006-9-14 16:12:00
Trojan.DL.Agent.lqt 这个病毒瑞星杀不掉
还有就是 Trojan.DL.Small.oan 这个病毒每次启动后开IE都有发现,不能彻底删除~!
求救~!!!
以下是用卡卡扫的日志:
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 16:00:35, on 2006-09-14
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
Running processes:
[smss.exe]
CommandLine =
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[winlogon.exe]
CommandLine = winlogon.exe
[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe
[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe
[Ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService
[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmond.exe"
[rfwsrv.exe]
CommandLine = "c:\program files\rising\rfw\rfwsrv.exe"
[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService
[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe
[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND
[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe
[Ati2evxx.exe]
CommandLine = Ati2evxx.exe -Client
[Explorer.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE
[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
[rfwmain.exe]
CommandLine = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM
[AliTalk.exe]
CommandLine = "D:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE" -hideframe
[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc
[RsAgent.exe]
CommandLine = "C:\Program Files\Rising\Rav\RsAgent.exe"
[RavStore.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStore.exe"
[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" http://viruslist.rising.com.cn/v.asp?q=Trojan.DL.Agent.lqt
[Rav.exe]
CommandLine = "C:\Program Files\Rising\Rav\Rav.exe" /SHELLEXT
[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.haokan123.com/
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 555.265.com
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [AliTalk] D:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE -hideframe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Super Rabbit Winspeed] "D:\Program Files\超级兔子清理王 V7.8\MagicSet\winspeed.exe" /autokill:165,164,163,162,161,160,159,158,157,156,155,154,153,152,151,150,149,148,147,146,145,144,143,142,141,140,139,138,137,136,135,134,133,132,131,130,129,128,127,126,125,124,123,122,121,120,119,118,117,116,115,114,113,112,111,110,109,108,107,106,105,104,103,102,101,100,99,98,97,96,95,94,93,92,91,90,89,88,87,86,85,84,83,82,81,80,79,78,77,76,75,74,73,72,71,70,69,68,67,66,65,64,63,62,61,60,59,58,57,56,55,54,53,52,51,50,49,48,47,46,45,44,43,42,41,40,39,38,37,36,35,34,33,32,31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,3,1
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\迅雷\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\迅雷\Program\GetAllUrl.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} (updatePanelX Control) - http://www.uusee.com/player/updateC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157044030671
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://img.365ren.com/tv/cabs/EmoWebInstaller.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F5430FE-DBB0-4E4E-8AFE-CC1574F75BC1}: NameServer = 202.102.192.68 202.102.199.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - (no file)
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - (no file)
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - (no file)
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - (no file)
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - (no file)
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - (no file)
O20 - Winlogon Notify: AtiExtEvent
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
noname123 - 2006-9-14 16:27:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll
HKLM\System\CurrentControlSet\Services
+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ AliIdeFile not found: System32\DRIVERS\aliide.sys
+ AN983ADMtek AN983/AN985/ADM951X NDIS5 DriverADMtek Incorporated.c:\windows\system32\drivers\an983.sys
+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys
+ EagleNTFile not found: C:\WINDOWS\system32\drivers\EagleNT.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HdAudAddServiceHigh Definition Audio Function Driver v1.0aWindows (R) Server 2003 DDK providerc:\windows\system32\drivers\hdaudio.sys
+ HDAudBusHigh Definition Audio Bus Driver v1.0aWindows (R) Server 2003 DDK providerc:\windows\system32\drivers\hdaudbus.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ IntcAzAudAddServiceRealtek(r) High Definition Audio Function DriverRealtek Semiconductor Corp.c:\windows\system32\drivers\rtkhdaud.sys
+ kmsinputc:\windows\system32\drivers\kmsinput.sys
+ MegaIDELSI MegaRAID IDE DriverLSI Logic Corporation.c:\windows\system32\drivers\megaide.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ nwupspxc:\windows\system32\drivers\nwupspx.sys
+ oreans32c:\windows\system32\drivers\oreans32.sys
+ PortTalkPortTalk - Beyond Logic I/O Port DriverBeyond Logic http://www.beyondlogic.orgc:\windows\system32\drivers\porttalk.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ SNPSTD3PC Camera driverc:\windows\system32\drivers\snpstd3.sys
+ VIAudioVIA Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\ac97via.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll
快帮我看看吧~! 急死我了啊~!
tigergroup - 2006-9-14 16:30:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AGRSMMSGSoftModem Messaging AppletAgere Systemsc:\windows\agrsmmsg.exe
+ BigDogPathVimicroVimicroc:\windows\vm_sti.exe
+ EPM-DMAcer EPM Device ManagerAcer Incc:\acer\epm\epm-dm.exe
+ ePowerManagementAcer ePowerManagementAcer Value Labs, Taiwanc:\acer\epm\epm.exe
+ eRecoveryServiceMonitoracer Inc.c:\program files\acer\erecovery\monitor.exe
+ HotKeysCmdshkcmd ModuleIntel Corporationc:\windows\system32\hkcmd.exe
+ LaunchAppAcer Launch Tool UtilityAcer Inc.c:\windows\alaunch.exe
+ LManagerLaunch ManagerDritek System Inc.c:\program files\launch manager\lmanager.exe
+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ NvMediaCenterNVIDIA Media Center LibraryNVIDIA Corporationc:\windows\system32\nvmctray.dll
+ nwizNVIDIA nView Wizard, Version 100.38 NVIDIA Corporationc:\windows\system32\nwiz.exe
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RemoteControlPowerDVD RC ServiceCyberlink Corp.c:\program files\cyberlink\powerdvd\pdvdserv.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ SynTPEnhSynaptics TouchPad EnhancementsSynaptics, Inc.c:\program files\synaptics\syntp\syntpenh.exe
+ SynTPLprTouchPad Driver Helper ApplicationSynaptics, Inc.c:\program files\synaptics\syntp\syntplpr.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising RavStubBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravstub.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ Adobe Reader Speed Launch.lnkAdobe Acrobat SpeedLauncherAdobe Systems Incorporatedc:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ ewido anti-spyware 4.0ewido anti-spyware guardAnti-Malware Development a.s.c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Desktop ExplorerNVIDIA Desktop Explorer, Version 100.38 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Desktop Explorer MenuNVIDIA Desktop Explorer, Version 100.38 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Display Panning CPL ExtensionFile not found: deskpan.dll
+ EPM-PO Shell ExtensionEPM-PO DLLAcer Labs USAc:\windows\system32\epm-po.dll
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ NvCpl DesktopContext ClassNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ nView Desktop Context MenuNVIDIA Desktop Explorer, Version 100.38 NVIDIA Corporationc:\windows\system32\nvshell.dll
+ Play on my TV helperNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll
+ Synaptics Control PanelTouchPad Control Panel ExtensionsSynaptics, Inc.c:\program files\synaptics\syntp\syntpcpl.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedc:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ bho Class万能五笔接口程序深圳世强软件开发部c:\program files\common files\wnwb\wnwbio.dll
+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent\qq\qqiehelper.dll
+ Thunder Browser HelperXunLeiBHOThunder Networking Technologies,LTDd:\program files\thunder network\thunder\comdlls\xunleibho_002.dll
+ ThunderIEHelper ClassXunLei BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v14.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 豪杰超级解霸V8c:\herosoft\herov8\sthsdvd.exe
tigergroup - 2006-9-14 16:30:00
+ 腾讯QQQQTENCENTd:\program files\tencent\qq\qq.exe
HKLM\System\CurrentControlSet\Services
+ anbmServiceService Program for Acer eManagerOSA Technologies Inc.c:\acer\emanager\anbmserv.exe
+ ewido anti-spyware 4.0 guardewido anti-spyware guardAnti-Malware Development a.s.c:\program files\ewido anti-spyware 4.0\guard.exe
+ MazeSvrd:\program files\天网maze\mazesvr.exe
+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ AgereSoftModemSoftModem Device DriverAgere Systemsc:\windows\system32\drivers\agrsm.sys
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ b57w2kBroadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.Broadcom Corporationc:\windows\system32\drivers\b57xp32.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ bcm4sbxpBroadcom Corporation NDIS 5.1 ethernet driverBroadcom Corporationc:\windows\system32\drivers\bcm4sbxp.sys
+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys
+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys
+ DKbFltrDritek PS2 Keyboard Filter DriverDritek System Inc.c:\windows\system32\drivers\dkbfltr.sys
+ EMSCRENE PCI Memory Stick Card Reader DriverENE Technology Inc.c:\windows\system32\drivers\ems7sk.sys
+ EpmPsdAcer EPM Power Scheme DriverAcer Value Labs, USAc:\windows\system32\drivers\epm-psd.sys
+ EpmShdAcer EPM SHD ECV-TOAcer Value Labs, USAc:\windows\system32\drivers\epm-shd.sys
+ ESDCRENE PCI Secure Digital / MMC Card Reader DriverENE Technology Inc.c:\windows\system32\drivers\esd7sk.sys
+ ESMCRENE PCI SmartMedia / XD Card Reader DriverENE Technology Inc.c:\windows\system32\drivers\esm7sk.sys
+ ewido anti-spyware 4.0 driverc:\program files\ewido anti-spyware 4.0\guard.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ ialmIntel Graphics Miniport DriverIntel Corporationc:\windows\system32\drivers\ialmnt5.sys
+ int15.sysc:\program files\acer\erecovery\int15.sys
+ kmsinputc:\windows\system32\drivers\kmsinput.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys
+ npkcusbnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq\npkcusb.sys
+ NTIDrvrNTI CD-ROM Filter DriverNewTech Infosystems, Inc.c:\windows\system32\drivers\ntidrvr.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 72.71 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ nwupspxc:\windows\system32\drivers\nwupspx.sys
+ osaioOSA I/O Port DriverAvocent/OSA Technologies Inc.c:\windows\system32\drivers\osaio.sys
+ osanbmWindows int15 DriverWindows (R) 2000 DDK providerc:\windows\system32\drivers\osanbm.sys
+ pfcPadus(R) ASPI ShellPadus, Inc.c:\windows\system32\drivers\pfc.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ SMCIRDASMSC IrCC NDIS 5.0 IrDA FIR Device DriverSMSCc:\windows\system32\drivers\smcirda.sys
+ SONYPVU1Sony USB Lower Filter driverSony Corporationc:\windows\system32\drivers\sonypvu1.sys
+ SynTPSynaptics Touchpad DriverSynaptics, Inc.c:\windows\system32\drivers\syntp.sys
+ w29n51Intel? Wireless LAN DriverIntel? Corporationc:\windows\system32\drivers\w29n51.sys
+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ igfxcuiigfxsrvc ModuleIntel Corporationc:\windows\system32\igfxsrvc.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\system32\ravss.scrRising Screen SaverRising Corp.c:\windows\system32\ravss.scr
noname123 - 2006-9-14 18:11:00
现在重新运行autoruns 我看了一下好象没有nwupspx这项了,可是文件和病毒还是无法删除。我把日志发上来你看下:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll
HKLM\System\CurrentControlSet\Services
+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ RfwServiceRising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ AN983ADMtek AN983/AN985/ADM951X NDIS5 DriverADMtek Incorporated.c:\windows\system32\drivers\an983.sys
+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ CmdIdeCMD PCI IDE Bus DriverCMD Technology, Inc.c:\windows\system32\drivers\cmdide.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ HdAudAddServiceHigh Definition Audio Function Driver v1.0aWindows (R) Server 2003 DDK providerc:\windows\system32\drivers\hdaudio.sys
+ HDAudBusHigh Definition Audio Bus Driver v1.0aWindows (R) Server 2003 DDK providerc:\windows\system32\drivers\hdaudbus.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ IntcAzAudAddServiceRealtek(r) High Definition Audio Function DriverRealtek Semiconductor Corp.c:\windows\system32\drivers\rtkhdaud.sys
+ MegaIDELSI MegaRAID IDE DriverLSI Logic Corporation.c:\windows\system32\drivers\megaide.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys
+ PtilinkParallel Technologies DirectParallel IO LibraryParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ rtl8139Realtek RTL8139 NDIS 5.0 DriverRealtek Semiconductor Corporationc:\windows\system32\drivers\rtl8139.sys
+ Secdrvc:\windows\system32\drivers\secdrv.sys
+ SNPSTD3PC Camera driverc:\windows\system32\drivers\snpstd3.sys
+ VIAudioVIA Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\ac97via.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll
© 2000 - 2026 Rising Corp. Ltd.