瑞星卡卡安全论坛
linbingsi - 2007-3-30 21:35:00
昨天瑞星查出了:Trojan.PSW.CabalOnLine.r和Trojan.PSW.XYOnLine.mx这两个病毒,相关文件有:C:\Windows\temp\下的upxdnd.dll ; upxdnd.exe ; LgSy2.dll 等等...和C:\Windows\system32\下的 1.exe 2.exe cmdbcs.exe
查完之后电脑暂时正常了,可我一运行一个程序,瑞星的监控就提示自动转为嵌入式杀毒,然后进程中就多出了iexplore.exe和notepad.exe
C:\Windows\temp\下也多出了winlog0n.exe ;upxdnd.exe ;rundl132.exe ;iexpl0re.exe ;crasos.exe ;c0nime.exe
启动选项里也多出了它们的身影...
这些明显是病毒,可瑞星却再也查不到,直接对它们查毒也没用,载了个金山毒霸2007也不行,没反应。后来用Windows优化大师的流氓软件清除器和木马克星才查出它们来,瑞星卡卡没去试过。
现在虽然病毒不发作了,可有个很头痛的问题,所有的.exe文件在中毒那天都被修改过,显然是被病毒感染,我现在每开个程序病毒就发作一次,都不知道该怎么办了....
有没哪个高手能帮帮?谢谢了....
metise - 2007-3-30 21:37:00
我也是中了一样的病毒,还有就是Trojan.PSW.WoWar.ade这个
还有一个是mygao.sys一样是瑞星能杀了,之后还有!!
求助!!!!!!!!!!!!
linbingsi - 2007-3-30 21:48:00
呵呵,我现在暂时不受病毒搔扰,因为我只开些我常用的程序,我每开个程序虽然会激活病毒一次,可我手动删除了之后再去开开过的程序就没事了,现在看看PPlive,上上QQ,然后就是等着瑞星升级到能杀净它的版本了,希望瑞星的动作能快些-_-!!!
newcenturymoon - 2007-3-30 22:22:00
| 引用: |
【linbingsi的贴子】昨天瑞星查出了:Trojan.PSW.CabalOnLine.r和Trojan.PSW.XYOnLine.mx这两个病毒,相关文件有:C:\Windows\temp\下的upxdnd.dll ; upxdnd.exe ; LgSy2.dll 等等...和C:\Windows\system32\下的 1.exe 2.exe cmdbcs.exe
查完之后电脑暂时正常了,可我一运行一个程序,瑞星的监控就提示自动转为嵌入式杀毒,然后进程中就多出了iexplore.exe和notepad.exe
C:\Windows\temp\下也多出了winlog0n.exe ;upxdnd.exe ;rundl132.exe ;iexpl0re.exe ;crasos.exe ;c0nime.exe
启动选项里也多出了它们的身影...
这些明显是病毒,可瑞星却再也查不到,直接对它们查毒也没用,载了个金山毒霸2007也不行,没反应。后来用Windows优化大师的流氓软件清除器和木马克星才查出它们来,瑞星卡卡没去试过。
现在虽然病毒不发作了,可有个很头痛的问题,所有的.exe文件在中毒那天都被修改过,显然是被病毒感染,我现在每开个程序病毒就发作一次,都不知道该怎么办了....
有没哪个高手能帮帮?谢谢了....
……………… |
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
linbingsi - 2007-3-30 23:17:00
这是我把病毒激活后检查的日志,为什么这个软件检查后会在注册表中添加很多个空白的启动项?正常吗?
[CODE]
2007-03-30,22:54:23
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<jiajiabx><G:\☆系统工具及应用软件\拼音加加\jjbxb41a\jjbxb\jiajiabx.exe> [加加工作组]
<l9vuj7f5699g><C:\WINDOWS\TEMP\iexpl0re.exe> []
<m5srk5ir4><C:\WINDOWS\TEMP\crasos.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\工具\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
<RfwMain><"D:\工具\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<IMJPMIG8.1><; > [N/A]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<MoveSearch><; > [N/A]
<nwiz><; nwiz.exe /install> []
<PHIME2002A><; > [N/A]
<PHIME2002ASync><; > [N/A]
<RealTray><; > [N/A]
<SKYNET Personal FireWall><; > [N/A]
<VVSN><; > [N/A]
<upxdnd><C:\WINDOWS\TEMP\upxdnd.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KAV7NEEDREBOOT><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
linbingsi - 2007-3-30 23:19:00
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache2 / Apache2][Stopped/Auto Start]
<"D:\工具\Java\Apache\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\工具\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\工具\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\工具\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\工具\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[a320raid / a320raid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ALi Based Ethernet NT Driver / ALI5261][Stopped/Manual Start]
<system32\DRIVERS\ALI5261.SYS><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\工具\Rising\Rav\ExpScan.sys><>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
linbingsi - 2007-3-30 23:20:00
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\J:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\工具\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\工具\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\工具\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\工具\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[IntelIde / IntelIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\intelide.sys><N/A>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\工具\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\工具\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nfrd960 / nfrd960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\工具\TENCENT\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\J:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\工具\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\工具\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\J:\NTGLM7X.sys><N/A>
linbingsi - 2007-3-30 23:21:00
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sptrak / sptrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\Xprotector.sys><N/A>
[VICKEY 4 USB PC Camera / ZSMC0305][Running/Manual Start]
<System32\Drivers\usbVM305.sys><Vimicro Corporation>
[KWatch3 / KWatch3][Running/Disabled]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[KNetWch / KNetWch][Running/]
<2 - 系统找不到指定的文件。
><N/A>
==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <, N/A>
[KAVIEHelper Class]
{1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <, N/A>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[江民在线杀毒]
{06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\工具\OFFICE~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.DLL, N/A>
[CEditCtrl
Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl
Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[金山毒霸在线产品升级]
{E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[KvScanOnline Control]
{EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[KAVIEHelper Class]
{1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
linbingsi - 2007-3-30 23:22:00
[金山毒霸安全助手-可疑文件扫描]
{2EC585DF-A578-4A51-A66D-BB68460E6148} <C:\PROGRA~1\KOS\KOSTRO~1.OCX, 金山软件股份有限公司>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AquaRealOcx Control]
{7DB39A0D-580F-4BE9-9195-8BFCD226F6C2} <D:\工具\Fish\AquaReal.ocx, formosoft>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[金山毒霸在线产品升级]
{E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.DLL, N/A>
[上传到QQ网络硬盘]
<D:\工具\TENCENT\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\geturl.htm, N/A>
[添加到QQ自定义面板]
<D:\工具\TENCENT\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\工具\TENCENT\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\工具\TENCENT\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 636][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1768][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1880][d:\工具\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[d:\工具\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\工具\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\工具\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\工具\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\工具\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 204][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 368][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 444][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.0.6.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.12.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.11.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
linbingsi - 2007-3-30 23:23:00
[PID: 496][G:\☆系统工具及应用软件\拼音加加\jjbxb41a\jjbxb\jiajiabx.exe] [加加工作组, 4, 1, 0, 47]
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198]
[PID: 624][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1600][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3200][D:\工具\TENCENT\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\工具\TENCENT\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[D:\工具\TENCENT\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\工具\TENCENT\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\工具\TENCENT\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\工具\TENCENT\QQAPI.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\工具\TENCENT\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[D:\工具\TENCENT\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\工具\TENCENT\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\工具\TENCENT\QQMainFrame.dll] [N/A, ]
[D:\工具\TENCENT\CQQApplication.dll] [N/A, ]
[D:\工具\TENCENT\NewSkin.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\CameraDll.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\MailSummary.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQAllInOne.dll] [N/A, ]
[D:\工具\TENCENT\GroupLive.dll] [N/A, ]
[D:\工具\TENCENT\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[D:\工具\TENCENT\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\TENCENT\QQSpace.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\工具\TENCENT\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\工具\TENCENT\QQAvatar.dll] [N/A, ]
[D:\工具\TENCENT\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQPlugin.dll] [N/A, ]
[D:\工具\TENCENT\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QRingMng.dll] [N/A, ]
[D:\工具\TENCENT\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\工具\TENCENT\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\工具\TENCENT\QQPet.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQCustomFace.dll] [N/A, ]
[D:\工具\TENCENT\BQQApplication.dll] [N/A, ]
[D:\工具\TENCENT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\工具\TENCENT\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[D:\工具\TENCENT\QQSceneMng.dll] [N/A, ]
[D:\工具\TENCENT\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\工具\TENCENT\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 6, 60]
[D:\工具\TENCENT\QQSysMsgMng.dll] [N/A, ]
[D:\工具\TENCENT\VqqModule.dll] [, 1, 0, 0, 1]
[D:\工具\TENCENT\VqqAllInOne.dll] [Tencent, 1, 6, 0, 1]
[D:\工具\TENCENT\InPlus.dll] [Tencent, 1, 6, 0, 0]
[D:\工具\TENCENT\tencent-proto1.dll] [tencent, 1, 6, 0, 0]
[D:\工具\TENCENT\tencent-comlib.dll] [tencent, 1, 6, 0, 0]
[D:\工具\TENCENT\tencent-proto2.dll] [tencent, 1, 6, 0, 0]
[D:\工具\TENCENT\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\WINDOWS\system32\JJBX.IME] [加加工作组, 4, 1, 0, 47]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\TENCENT\QQMagicFace.dll] [, 1, 0, 0, 1]
[D:\工具\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\工具\TENCENT\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\工具\TENCENT\vqqset.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3332][D:\工具\TENCENT\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[D:\工具\TENCENT\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2276][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\JJBX.IME] [加加工作组, 4, 1, 0, 47]
[PID: 3700][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\Office2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\工具\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Picaview\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Picaview\msvcr71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\JJBX.IME] [加加工作组, 4, 1, 0, 47]
[D:\工具\金山毒霸\KAVEXT.DLL] [Kingsoft Corporation, 2005, 8, 5, 16]
[C:\Program Files\Picaview\PicaView.dll] [ACD Systems, Ltd., 2, 0, 0, 84]
[C:\Program Files\Picaview\IDE_ACDStd.apl] [ACD Systems, Ltd., 3,2,62,0]
[C:\Program Files\KOS\MFC42.DLL] [Microsoft Corporation, 6.02.4131.0]
[C:\Program Files\KOS\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\zh-CHS\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\TEMP\LgSy0.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\TEMP\Msxo0.dll] [N/A, ]
[C:\WINDOWS\TEMP\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\TEMP\Rav20.dll] [N/A, ]
[C:\WINDOWS\TEMP\LgSy1.dll] [N/A, ]
linbingsi - 2007-3-30 23:23:00
[PID: 344][G:\☆系统工具及应用软件\QQPetNurse\QQPetNurse.exe] [永恒E网, 2.2.0.1]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1844][D:\工具\TENCENT\qqpet\qqpet.exe] [腾讯公司, 2, 54, 101, 7]
[D:\工具\TENCENT\qqpet\Pnet.dll] [N/A, ]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\TENCENT\qqpet\QQPetResDownload.dll] [, 6, 1, 101, 1]
[D:\工具\TENCENT\qqpet\QQPetCommunity.dll] [, 6, 3, 103, 1]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2472][D:\工具\GoSuRF2\gsfbwsr.exe] [mmjd.com, 2.75.611.7563]
[D:\工具\GoSuRF2\Resources\Themes\pictures.theme] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[C:\WINDOWS\system32\JJBX.IME] [加加工作组, 4, 1, 0, 47]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Thunder\xunleibho_v13.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 48]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3868][D:\工具\PPLive\PPLive.exe] [N/A, ]
[D:\工具\PPLive\UI.DLL] [, 1, 6, 0, 1]
[D:\工具\PPLive\common.dll] [, 1, 0, 0, 1]
[D:\工具\PPLive\NetTools.dll] [, 1.0.0.2]
[D:\工具\PPLive\SYNACA~1.OCX] [, 1, 6, 18, 0]
[D:\工具\PPLive\ETS.DLL] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[D:\工具\PPLive\SYNACA~2.OCX] [Synacast, 1, 6, 0, 7]
[D:\工具\PPLive\PPK.DLL] [N/A, ]
[D:\工具\PPLive\FWUpnp.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 2536][D:\工具\PPLive\PPLive.exe] [N/A, ]
[D:\工具\PPLive\MngModule.dll] [, 1, 0, 0, 2]
[PID: 3736][C:\Program Files\Thunder\Thunder.exe] [Thunder Networking Technologies,LTD, 5.1.2.166]
[C:\Program Files\Thunder\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Thunder\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 57]
[C:\Program Files\Thunder\log4cplus.dll] [, 1, 0, 2, 1]
[C:\Program Files\Thunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[C:\Program Files\Thunder\msgmanage.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Thunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
[C:\Program Files\Thunder\iEmbed.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 14]
[C:\Program Files\Thunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 6]
[C:\Program Files\Thunder\FloatBar.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 4004][G:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[C:\WINDOWS\TEMP\LgSy1.dll] [N/A, ]
[C:\WINDOWS\TEMP\Rav20.dll] [N/A, ]
[C:\WINDOWS\TEMP\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\TEMP\Msxo0.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\TEMP\LgSy0.dll] [N/A, ]
[PID: 1716][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll] [BitComet, 20070207]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[D:\工具\Office2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 2068][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll] [BitComet, 20070207]
[C:\WINDOWS\system32\ESPI11.dll] [DYWT, 1, 1, 0, 0]
[D:\工具\Office2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [Compiled Help Module]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP UDP Service Provider
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP TCP Service Provider
C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
==================================
Autorun.inf
[D:\]
[autorun]
icon=Woa05.ico
[E:\]
[autorun]
ICON=game.ICO
[F:\]
[autorun]
ICON=FauxS-55.ico
[G:\]
[autorun]
ICON=Control_panel.ico
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
linbingsi - 2007-3-30 23:25:00
好长的日志啊...论坛里有教怎么看日志的帖子吗?在哪个版块?我自己也学着看看
linbingsi - 2007-3-31 0:12:00
顶一下.........
wswlhn - 2007-3-31 0:33:00
Trojan.PSW.CabalOnLine.r和Trojan.PSW.WoWar.ade和Trojan.PSW.OnlineGames.w紧急求助!!!!!这是病毒名称 频频发作。.我用的是个人版的瑞星.扫了一边,但不行还是老发作..求助解决办法
linbingsi - 2007-3-31 0:51:00
和我中的是同个类型的病毒啦,先控制住它吧,等瑞星升级
天月来了 - 2007-3-31 0:54:00
都死定了。等吧。
linbingsi - 2007-3-31 1:03:00
手动修复那些.exe文件我还不会啊,它们都被感染了,很无奈....
不过至少还能干点基本的事,看看PPlive咯。
linbingsi - 2007-3-31 1:04:00
手动修复那些.exe文件我还不会啊,它们都被感染了,很无奈....
不过至少还能干点基本的事,看看PPlive咯。
桃子CiCi - 2007-3-31 1:12:00
天月
你怎么不跟别人分析一下啊
呵呵
我也好学习学习哇
风间沧月 - 2007-3-31 11:20:00
我也是中了这个害人的东西
david67 - 2007-3-31 11:28:00
我好象也有这毒!反正哪次有流行的病毒都落不下我!奶奶的1郁闷!
xuhaoandbd - 2007-3-31 12:03:00
我也中了,没人回应,等吧!
重返荣耀 - 2007-3-31 12:20:00
我的大学期间苦心经营的魔兽帐号已经被盗了,
好象也是中的这个病毒,一运行.EXE文件,病毒就被激活。
在论坛已经泡了好几天了。
可怜我连QQ都上不了,只能看PPSTREAM。
天月来了 - 2007-3-31 12:43:00
桃子啊!!!!!!!!!
你不明白的,这些个系统已很难处理到正常了。
一般来说这些上上网玩游戏的电脑。我只建议全格重装系统的。
处理这个也简单的,只要在日志中有了极端不明的注册项和文件,就都备份了,然后删除呗。
不行就恢复备份。
还可以备份整个系统的。就是处理的瘫痪了。也可以恢复系统。再从头处理。
象他们这系统还是全格重装系统,是上上的选择。
wswlhn - 2007-3-31 14:48:00
管理员分析一下??难道就没人能办的了这俩煞笔病毒了吗 ??
soso777 - 2007-3-31 14:58:00
今天杀了毒 也是这几个 到是没什么反映 但是听大家这么说
好象很严重哈 不过反正没什么秘密
能用就用 等升级 哎~~
只是网上银行证书也装不了 可能就是这问题 还有时不时的 咚咚叫
忍耐中~~~~
linbingsi - 2007-3-31 15:07:00
硬盘里有很多重要的资料啊,格了就不能恢复了啊...如果完全重装系统的话也很头痛的啊....有很多软件的注册和设置都要重新弄,太麻烦了.
杀毒软件不是也能查出被病毒感染的其他文件吗?只要软件能查就行..我也不玩网游的,反正病毒也没发作,就暂时这么用着,应该能等到杀毒软件能完全应对吧?
问一下,杀毒软件自己有没有可能也被感染?会不会能照样运行,但却不会对那些病毒文件有反应? 有没有必要重装呢?
天月来了 - 2007-3-31 15:39:00
杀毒软件自己可能也被感染,不重装系统,就没有必要重装杀毒软件。
至于资料可以压缩存入U盘等移动存储设备中。
但是资料中的可执行文件就难说了。如果也感染了,就没法了。
linbingsi - 2007-3-31 16:15:00
我有不少的资料啊,是些教程和电子书,都是花了很长时间从网上载到的。可惜手头没移动硬盘...
我还是慢慢等好了,我也就宝贝QQ的密码重要,我不玩网游...
linbingsi - 2007-3-31 17:39:00
刚刚用UltraEdit,看到被病毒感染的文件被添加了这样的东西...瑞星快点升级啊...恢复它们吧
附件:
8599332007331172913.jpg
© 2000 - 2026 Rising Corp. Ltd.