瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 求助!系统被篡改!
zhijianyuancn - 2007-9-30 23:02:00
[PID: 3680 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2444 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5208 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4544 / jsdc][C:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 3, 4643]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
    [C:\Program Files\Maxthon2\MxExt.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 61]
    [C:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
    [C:\Program Files\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 3531]
    [C:\Program Files\Maxthon2\IMxWebBoost.dll]  [Maxthon, 1, 0, 0, 67]
    [C:\Program Files\Maxthon2\mxdb.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\mxsafe.dll]  [Maxthon, 1, 0, 0, 477]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 220]
    [C:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 82]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Downloaded Program Files\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
zhijianyuancn - 2007-9-30 23:02:00
[C:\Program Files\Rising\RavWeb\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\RavWeb\RsVM.dll]  [, 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 59]
    [C:\Program Files\Rising\RavWeb\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\posttrtx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\UNISPIM6.IME]  [北京紫光华宇软件股份有限公司, 6.0.0.6077]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 2732 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4540 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4868 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5472 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5860 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4392 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5320 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4244 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5180 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5596 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4876 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4680 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5356 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4376 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5488 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5548 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 6092 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2636 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5112 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4228 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4440 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4368 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4948 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 324 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4952 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5872 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4908 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4112 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
zhijianyuancn - 2007-9-30 23:02:00
[PID: 5660 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4984 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 200 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4840 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5552 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3664 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2740 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4252 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5016 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2076 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4796 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5032 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 6000 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5956 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5012 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5512 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4348 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2224 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2364 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4932 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5348 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1712 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4980 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2344 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5476 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5436 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4436 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5964 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5248 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4752 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 204 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5564 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5244 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5212 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3068 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4684 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5288 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3440 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5672 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
zhijianyuancn - 2007-9-30 23:03:00
[PID: 5136 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5684 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1576 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3696 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3004 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5152 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2908 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 404 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4936 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5360 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5492 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4732 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4188 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5612 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3796 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1804 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4728 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4604 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1604 / jsdc][C:\WINDOWS\system32\REG.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4632 / jsdc][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[PID: 1288 / jsdc][C:\DOCUME~1\jsdc\LOCALS~1\Temp\Rar$EX00.890\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\DOCUME~1\jsdc\LOCALS~1\Temp\Rar$EX00.890\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\DOCUME~1\jsdc\LOCALS~1\Temp\Rar$EX00.890\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
zhijianyuancn - 2007-9-30 23:03:00
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=niu.exe
shell\open=打开(&O)
shell\open\Command=niu.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=niu.EXE

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 236, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2532, C:\PROGRAM FILES\LENOVO\RESCUE AND RECOVERY\RRSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2576, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2760, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2972, C:\PROGRAM FILES\COMMON FILES\LENOVO\LOGGER\LOGMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 580, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2712, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3076, C:\PROGRA~1\THINKPAD\UTILIT~1\EZEJMNAP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3552, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3668, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4028, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3804, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 964, C:\PROGRA~1\THINKV~1\PRDCTR\LPMGR.EXE]
zhijianyuancn - 2007-9-30 23:03:00

特殊特权被允许: SeLoadDriverPrivilege [PID = 792, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1020, C:\PROGRAM FILES\THINKVANTAGE\AMSG\AMSG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2144, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 192, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 192, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 368, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3000, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1556, C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2936, C:\PROGRAM FILES\DISKEEPER CORPORATION\DISKEEPER\DKICON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3596, C:\PROGRAM FILES\港湾网络\宽带接入客户端\HAMMERSUPPLICANT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4532, C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4632, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
zhijianyuancn - 2007-9-30 23:05:00
引用:
【haohe的fans的贴子】下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、打开已经解压缩的SRENG文件夹,双击运行其中的SREngPS.exe;
3、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
4、找到并打开日志,把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上,不要修改地传上来(日志很长,一个帖子搞不完,请手动将全部内容在同一个主题帖下分多个回复帖子传上来)。
友情提示:
1、扫描日志前请先关闭所有打开的软件(如QQ、迅雷等下载程序什么的程序)和IE窗口(请注意,是关闭而不是最小化窗口)
2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
3、SRENG操作图文详解:http://forum.ikaka.com/topic.asp?board=67&artid=8125594

………………


已经按照要求上传日志,下面怎么办?
haohe的fans - 2007-9-30 23:15:00
http://it.rising.com.cn/Channels/Anti_Virus/Upgrade_Report/2007-09-28/1190972492d44095.shtml看一下这个,按着上面的做,也许会好的
没有梦想的男人 - 2007-9-30 23:54:00
楼上给的这个帖没用.楼主中的是niu.exe不过解决可没这么简单.这个newcenturysun版主叫它"杀软终结者".就是杀毒软件都打不开.去看看newcenturysun版主写的吧.不过要更改回到以前很麻烦哦.
http://hi.baidu.com/newcenturysun/blog/item/19c2bf64d3fc41f3f7365482.html
那些木马可以用 arswp清理助手: http://www.arswp.com/来清理,手工太多了点.
zhijianyuancn - 2007-10-1 1:38:00
谢谢《没有梦想的男人》,你的推荐的帖子很好,正是我中的这个毒的情况,了解了许多,没办法,只好Format C:了。
不过还是谢谢了。让我多了解了一个知识。

还有一个问题就是:移动硬盘和U盘在“肉鸡”上用过了,肯定也中了,但是还是需要用里面的文件资料,可是上述帖子提到,此病毒传播主要途径之一就是U盘传播,怎么办呢?给个意见啊?
12
查看完整版本: 求助!系统被篡改!
© 2000 - 2026 Rising Corp. Ltd.