Trojan.PSW.ZhengTu.afq 瑞星杀不动啊..999999 bbs.ikaka.com

dfasfs - 2007-1-30 18:45:00

Trojan.PSW.ZhengTu.afq
这个毒开机就有杀不了,开机自动静音,瑞星杀毒自动隐藏了,系统慢,用瑞星杀了以后重启还有,后来,我用木马清道夫清.开机正常了,但是玩网络游戏很卡,CPU使用率不正常,在50左右啊.~~~
那位哥帮帮忙杀啊!

dfasfs - 2007-1-30 18:48:00

SRENG 日志
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<jmekey><C:\Program Files\jmesoft\hotkey.exe> [JME Co., Ltd.]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<VTTimer><VTTimer.exe> [(Verified)S3 Graphics, Inc.]
<VTTrayp><VTtrayp.exe> [(Verified)S3 Graphics Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BigDog305><C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)> [N/A]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<wsvbs><C:\WINDOWS\wsvbs.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<Snewpeek><C:\Program Files\WindowsUpdate\9.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sysbak hotkey Server / Sysbak_hotkey_Server]
<C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>

dfasfs - 2007-1-30 18:49:00

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
<\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\e:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[PauseDrv / PauseDrv]
<\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\C:\Program Files\rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[VHDISK / VHDISK]
<C:\WINDOWS\SYSTEM32\DRIVERS\VHDISK.SYS><N/A>
[viagfx / viagfx]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
{54EBD539-9BC1-480B-966A-843A333CA162} <c:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[]
{A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <c:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{54EBD539-9BC1-480B-966A-843A333CA162} <c:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[]
{A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<c:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<c:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

dfasfs - 2007-1-30 18:53:00

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\Program Files\rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 868][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024][C:\Program Files\rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\Program Files\rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1080][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1288][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1380][C:\Program Files\rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]

dfasfs - 2007-1-30 18:54:00

[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1556][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1624][C:\Program Files\Founder\Emergency Center\Hotkey.exe] [N/A, N/A]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, N/A]
[PID: 1968][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 312][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048][C:\Program Files\jmesoft\hotkey.exe] [JME Co., Ltd., 3.9.0.1112]
[C:\Program Files\jmesoft\Keyhook.dll] [N/A, N/A]
[PID: 1328][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.39]
[PID: 684][C:\WINDOWS\system32\VTTimer.exe] [S3 Graphics, Inc., 2.00.01-0307]
[PID: 1444][C:\WINDOWS\system32\VTtrayp.exe] [S3 Graphics Co., Ltd., 2.00.36-0308B]
[C:\WINDOWS\system32\VTDisply.dll] [S3 Graphics Co., Ltd., 2.00.58-0523]
[C:\WINDOWS\system32\VTGamma2.dll] [S3 Graphics Co., Ltd., 2.00.21-0308B]
[C:\WINDOWS\system32\VTInfo2.dll] [S3 Graphics Co., Ltd., 2.00.26-0308B]
[C:\WINDOWS\system32\VTOvrlay.dll] [S3 Graphics Co., Ltd., 2.00.23-0308B]
[PID: 1156][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[PID: 1576][C:\WINDOWS\VM305_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM305Prp.Ax] [Vimicro, 4.3. 625.61]
[PID: 1516][C:\Program Files\rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1744][C:\Program Files\rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\Program Files\rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1720][C:\Program Files\WindowsUpdate\9.exe] [N/A, N/A]
[PID: 1916][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2304][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\WINDOWS\system32\3721.ini] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[PID: 2488][E:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[E:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[E:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[E:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[E:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[E:\Program Files\Tencent\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[E:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[E:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 3, 30]
[E:\Program Files\Tencent\QQ\videodevice.dll] [Tencent, 1, 6, 0, 1]
[E:\Program Files\Tencent\QQ\inplus.dll] [Tencent, 1, 6, 0, 0]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[E:\Program Files\Tencent\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[E:\Program Files\Tencent\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[PID: 2512][E:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[E:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2620][E:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[E:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[E:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]

dfasfs - 2007-1-30 18:54:00

[E:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\videodevice.dll] [Tencent, 1, 6, 0, 1]
[E:\Program Files\Tencent\QQ\inplus.dll] [Tencent, 1, 6, 0, 0]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[E:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[E:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[E:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
[E:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[E:\Program Files\Tencent\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[E:\Program Files\Tencent\QQ\VqqModule.dll] [, 1, 0, 0, 1]
[E:\Program Files\Tencent\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[E:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3488][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\WINDOWS\system32\3721.ini] [N/A, N/A]
[C:\Program Files\rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, N/A]
[PID: 3716][F:\游戏安装文件\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

dfasfs - 2007-1-30 18:54:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
125.91.97.132 www.waigua8.com
125.91.97.132 www.6657.com
125.91.97.132 www.game172.com
125.91.97.132 waigua8.com
125.91.97.132 6657.com
125.91.97.132 game172.com
125.91.97.132 dx6.waigua8.com
125.91.97.132 dx5.waigua8.com
125.91.97.132 dx4.waigua8.com
125.91.97.132 dx3.waigua8.com
125.91.97.132 dx2.waigua8.com
125.91.97.132 dx1.waigua8.com

==================================

安全防卫 - 2007-1-30 19:09:00

冰刃IceSwordv1.20 等会可能用上
下载地址: http://www.crsky.com/soft/6947.html

用SRE删除注册表启动项
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<wsvbs><C:\WINDOWS\wsvbs.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<Snewpeek><C:\Program Files\WindowsUpdate\9.exe> [N/A]

删除浏览器加载项
[]
{A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>

删除以下文件,碰到无法删除的用冰刃1.20删除
<C:\WINDOWS\cmdbcs.exe>
<C:\WINDOWS\wsvbs.exe>
<C:\WINDOWS\msccrt.exe>
<C:\WINDOWS\mppds.exe>
C:\Program Files\WindowsUpdate\9.exe
C:\WINDOWS\system32\3721.ini

搜索HOSTSY文件找到用右键记事本方式打开,
留下127.0.0.1 localhost,下面的全部删除

安全防卫 - 2007-1-30 19:14:00

搜索HOSTS文件找到用右键记事本方式打开,
留下127.0.0.1 localhost,下面的全部删除

多打了一个Y

★無＆詺★ - 2007-1-30 19:18:00

这个我遇到过
用瑞星熊猫烧香专杀
试一下

安全防卫 - 2007-1-30 19:21:00

C:\Program Files\Founder\Emergency Center\Hotkey.exe
C:\Program Files\jmesoft\hotkey.exe
有两个进程,而且不在同一路径不知道是不是楼主自己装的东西

安全防卫 - 2007-1-30 19:25:00

引用:

【★無＆詺★的贴子】这个我遇到过
用瑞星熊猫烧香专杀
试一下
………………

不是熊猫病毒,用瑞星熊猫专杀有啥用?

soood - 2007-1-30 19:25:00

用卡卡处理

★無＆詺★ - 2007-1-30 19:26:00

你认为没用那我保留意见你自己琢磨着处理吧

山川一龙 - 2007-1-30 19:29:00

我保留意见

安全防卫 - 2007-1-30 20:04:00

http://it.rising.com.cn/Channels/Service/2006-11/1163505486d38734.shtml

上面的下载地址就是瑞星的熊猫专杀

专杀只是对付熊猫用的,对其它病毒根本没用

大家不信,楼主试试能不能删除

幽灵妹妹 - 2007-1-30 20:24:00

【回复“安全防卫”的帖子】征途的盗号木马，用avst!Home看能杀不

qdwjh - 2007-1-30 20:28:00

我的电脑也一样,各位,谁有确定有效的办法杀毒啊?

qdwjh - 2007-1-30 20:37:00

在线苦等

qdwjh - 2007-1-30 22:05:00

waiting

摩托骆拉 - 2007-1-30 22:08:00

我也是啊，杀不完啊

qdwjh - 2007-1-30 22:28:00

别沉了

mariposa - 2007-1-31 0:32:00

嗯嗯，我也中招了，苦等ing~~~~

寻找北方的哥儿 - 2007-1-31 0:38:00

一般外挂都有木马的,我以前玩征途的时候,刚冲200块进去.钱还没用,第二天就光光了,因为我用过外挂,答题器之类的东西,因此,大家小心呀

sz上上签 - 2007-1-31 0:49:00

我发现了一个这种病毒的杀法，不知道对你的管不管用。你用瑞星杀了这个毒以后，再用磁盘清理把你感染病毒的盘的临时文件清空，下次再启动很可能就没有了。这种病毒我怀疑在你上网或应用程序所产生的临时文件里有隐藏。你可以试试。

mariposa - 2007-1-31 0:51:00

问题是我都不知道这病毒是从哪来的，没下过外挂啊，也从来都不玩网络游戏的。

mariposa - 2007-1-31 0:52:00

哦？试试先。

小Chu - 2007-1-31 1:12:00

安全模式下进行删除~

呢喃呢喃 - 2007-1-31 1:36:00

我也是这个情况，用瑞星杀显示病毒名称是C\windows\system.exe
还有一个名称是C\windows\winlogOn.exe(注意这个O是大写），哪位老大帮我一下吧，每次重启都会出现，而且是瑞星内存扫描就有了，把实时监控也关了，有时连声音都没有，哭死了。另外，我开机后在应用程序里面就会有一个叫shellexcute.exe的执行程序，以前没有的呀，这是什么东东，会不会是病毒程序，现在我每次开机都是把这个程序关了。救命啊。。。。。。。

呢喃呢喃 - 2007-1-31 8:01:00

顶起

瑞星卡卡安全论坛