瑞星卡卡安全论坛
未知者001 - 2007-10-4 16:01:00
Trojan.PS 远程到号木马!!!杀了又有!!郁闷.....麻烦那位大虾帮帮忙!!
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
日不懂啊 - 2007-10-4 16:03:00
下载 System Repair Engineer,
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
未知者001 - 2007-10-4 16:20:00
[CODE]
2000-10-04,16:02:01
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WinSysM><C:\WINDOWS\IGM.exe> []
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [TENCENT]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavRuneip><C:\WINDOWS\system32\RUNDLL32.EXE etiyymqesg.dll,ThreadFalse> []
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><> [N/A]
<{AAF3B135-E338-491A-B3CB-9D75DA02C5D1}><C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> []
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Anti-Spy Tools><; C:\Program Files\ast\ast.exe -min> [N/A]
<AVPSrv><; C:\WINDOWS\AVPSrv.exe> [N/A]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DiskMan32><; C:\WINDOWS\vafqaj.exe> []
<HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Publisher]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> [N/A]
<MsIMMs32><; C:\WINDOWS\MsIMMs32.exe> [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QQDownload><; "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [TENCENT]
<upxdnd><; C:\WINDOWS\upxdnd.exe> [N/A]
<WangWang><; "D:\淘宝旺旺\WangWang\WangWang.EXE"> [阿里巴巴软件(上海)有限公司]
<WinForm><; C:\WINDOWS\WinForm.exe> [N/A]
<WinSysM><; C:\WINDOWS\IGM.exe> []
==================================
启动文件夹
N/A
==================================
服务
[118B7D98 / 118B7D98][Stopped/Auto Start]
<C:\WINDOWS\system32\56854728.EXE -d><Microsoft Corporation>
[258A97E / 258A97E][Stopped/Auto Start]
<C:\WINDOWS\system32\A4CB1BF2.EXE -d><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
<C:\WINDOWS\system32\wdfmgr.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Basetdi / Basetdi][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
未知者001 - 2007-10-4 16:25:00
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\淘宝旺旺\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[添加到QQ表情]
<D:\网络游戏\QQ\AddEmotion.htm, N/A>
未知者001 - 2007-10-4 16:27:00
正在运行的进程
[PID: 468 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 804 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1016 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 1092 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[PID: 1768 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1808 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1848 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[PID: 2948 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2804 / Administrator][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2527 (xpsp.040919-1030)]
[C:\WINDOWS\system32\471E7570.DLL] [Microsoft Corporation, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3924]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3924]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3924]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3924]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3924]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.3924]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 2092 / Administrator][E:\千千静听\TTPlayer.exe] [Alen Soft, 4, 6, 9, 0]
[E:\千千静听\ttpcomm.dll] [N/A, ]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[E:\千千静听\ttpres.dll] [Alen Soft, 4, 6, 9, 0]
[E:\千千静听\msdmo.dll] [Microsoft Corporation, 6.03.01.0400]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[E:\千千静听\AddIn\ttp_asf.dll] [N/A, ]
[E:\千千静听\AddIn\ttp_aac.dll] [N/A, ]
[E:\千千静听\AddIn\ttp_ac3dts.dll] [N/A, ]
[E:\千千静听\wmadmod.dll] [Microsoft Corporation, 10.00.00.3646]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\千千静听\AddIn\ttp_lrcsh.dll] [N/A, ]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1040 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 1, 18]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3157 (xpsp_sp2_gdr.070614-0013)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1076 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1776 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
未知者001 - 2007-10-4 16:28:00
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[PID: 3688 / Administrator][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1312 / Administrator][C:\Program Files\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[PID: 1252 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\psapi.dll] [Microsoft Corporation, 4.00]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
未知者001 - 2007-10-4 16:29:00
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1324 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1420 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[PID: 3204 / Administrator][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.62]
[C:\Program Files\Rising\AntiSpyware\TopSoft.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.3]
[C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\RasGui.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 0, 14]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\AntiSpyware\zip.dll] [rising, 13, 0, 0, 1]
[PID: 2068 / Administrator][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[PID: 888 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2172 / Administrator][C:\Program Files\Tencent\QQDownload\QQDownload.exe] [Tencent Technology (Shenzhen) Company Limited, 1, 5, 134, 134]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Tencent\QQDownload\QQDownload.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 5, 134, 134]
[C:\Program Files\Tencent\QQDownload\TNProxy.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[D:\网络游戏\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / Administrator][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[PID: 2840 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.538\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\avpdj.dll] [N/A, ]
[C:\WINDOWS\system32\avpwl.dll] [N/A, ]
[C:\WINDOWS\system32\avpgj.dll] [N/A, ]
[C:\WINDOWS\system32\avpzx.dll] [N/A, ]
[C:\WINDOWS\system32\avpwm.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 22]
[C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE32.Dat] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.538\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\msavp.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
C:\WINDOWS\system32\msavp.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINDOWS\system32\msavp.dll(, N/A)
==================================
Autorun.inf
[D:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
[E:\]
[autorun]
open=PegeFile.pif
shellexecute=PegeFile.pif
shell\Auto\command=PegeFile.pif
shell=Auto
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2092, E:\千千静听\TTPLAYER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1776, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3688, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1312, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1420, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1420, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3204, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3204, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2068, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2172, C:\PROGRAM FILES\TENCENT\QQDOWNLOAD\QQDOWNLOAD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 976, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
newcenturymoon - 2007-10-4 16:46:00
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
重命名以下文件
C:\WINDOWS\system32\msavp.dll
C:\WINDOWS\system32\avpwm.dll
C:\WINDOWS\system32\avpgj.dll
C:\WINDOWS\system32\avpwl.dll
C:\WINDOWS\system32\avpzx.dll
C:\WINDOWS\system32\avpdj.dll
然后重启计算机 进入
安全模式下(开机后不断 按F8键 然后出来一个高级菜单 选择第一项 安全模式 进入系统)
打开sreng (就是你扫日志的软件)
启动项目 注册表 删除如下项目
<WinSysM><C:\WINDOWS\IGM.exe> []
<RavRuneip><C:\WINDOWS\system32\RUNDLL32.EXE etiyymqesg.dll,ThreadFalse> []
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><> [N/A]
<{AAF3B135-E338-491A-B3CB-9D75DA02C5D1}><C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> []
<AVPSrv><; C:\WINDOWS\AVPSrv.exe> [N/A]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> [N/A]
<DiskMan32><; C:\WINDOWS\vafqaj.exe> []
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> [N/A]
<MsIMMs32><; C:\WINDOWS\MsIMMs32.exe> [N/A]
<upxdnd><; C:\WINDOWS\upxdnd.exe> [N/A]
<WinForm><; C:\WINDOWS\WinForm.exe> [N/A]
<WinSysM><; C:\WINDOWS\IGM.exe> []
双击AppInit_DLLs把器键值改为空
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
118B7D98 / 118B7D98
258A97E / 258A97E
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
点击 菜单栏下方的 文件夹按钮(搜索右边的按钮)
在左边的资源管理器中单击C盘(千万不要双击打开)
删除如下文件C:\WINDOWS\system32\471E7570.DLL
C:\WINDOWS\system32\msavp.dll
C:\WINDOWS\system32\msavp.dll
C:\WINDOWS\system32\avpwm.dll
C:\WINDOWS\system32\avpgj.dll
C:\WINDOWS\system32\avpwl.dll
C:\WINDOWS\system32\avpzx.dll
C:\WINDOWS\system32\avpdj.dll
C:\WINDOWS\IGM.exe
C:\WINDOWS\system32\etiyymqesg.dll
C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\vafqaj.exe
C:\WINDOWS\Kvsc3.exe
C:\WINDOWS\MsIMMs32.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WinForm.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\system32\56854728.EXE
C:\WINDOWS\system32\A4CB1BF2.EXE
从左边的资源管理器 进入其他盘 (千万不要双击打开)
D:\PegeFile.pif
E:\PegeFile.pif
D:\autorun.inf
E:\autorun.inf
修改你的各种网络游戏密码(包括QQ)
以下文件希望你发送给我newcenturymoon1986@yahoo.com.cn 压缩加密123
D:\PegeFile.pif
附:此类病毒一般通过U盘等移动存储传播,所以如果你电脑最近有插过移动存储,那么大致可以判断病毒是从移动存储传播到你的电脑里的。
对于此类病毒,烦请大家做好如下预防工作,不要再让这类病毒扩散了。(这种东西下载的木马很多,看日志眼都会花的)
1.关闭自动播放
在“开始”菜单的“运行”框中运行“gpedit.msc”命令,在“组策略”找到“计算机配置”和“用户配置”下的“管理模板”功能,打开其中的“系统”菜单中的“关闭自动播放”的设置,在其属性里面选择“已启用”,接着选择“所有驱动器”,最后确定保存即可。
2.锁住某些注册表权限
开始-运行-输入regedit,展开HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2,右键单击这个键,权限,把管理员的权限设置为拒绝。
3.可以使用某些第三方的U盘病毒免疫工具对系统进行免疫
如超级巡警的U盘病毒免疫器:http://update3.dswlab.com/antiautorun.zip
4.克服拿来陌生U盘就双击打开的方法!!!最安全的打开U盘方式如下
打开我的电脑 点击菜单栏下方的 文件夹按钮(搜索右边的按钮)
从左边的资源管理器 进入U盘(同上面清除病毒时打开磁盘分区的方法)
日不懂啊 - 2007-10-4 16:52:00
下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar
用SRENG删除注册表中:
<WinSysM><C:\WINDOWS\IGM.exe> []
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><> [N/A]
<{AAF3B135-E338-491A-B3CB-9D75DA02C5D1}><C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> []
<Anti-Spy Tools><; C:\Program Files\ast\ast.exe -min> [N/A]
<AVPSrv><; C:\WINDOWS\AVPSrv.exe> [N/A]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> [N/A]
<DiskMan32><; C:\WINDOWS\vafqaj.exe> []
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> [N/A]
<MsIMMs32><; C:\WINDOWS\MsIMMs32.exe> [N/A]
<WinForm><; C:\WINDOWS\WinForm.exe> [N/A]
<WinSysM><; C:\WINDOWS\IGM.exe> []
<upxdnd><; C:\WINDOWS\upxdnd.exe> [N/A]
删除服务
[118B7D98 / 118B7D98][Stopped/Auto Start]
<C:\WINDOWS\system32\56854728.EXE -d><Microsoft Corporation>
[258A97E / 258A97E][Stopped/Auto Start]
<C:\WINDOWS\system32\A4CB1BF2.EXE -d><Microsoft Corporation>
重起删除文件(找到几个删几个)
每个分区的PegeFile.pif和Autorun.inf
C:\WINDOWS\system32\A4CB1BF2.EXE
C:\WINDOWS\system32\56854728.EXE
C:\WINDOWS\system32\471E7570.DLL
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\IGM.exe
C:\WINDOWS\WinForm.exe
C:\WINDOWS\MsIMMs32.exe
C:\WINDOWS\IGM.exe> []
C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys> []
C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
C:\Program Files\Internet Explorer\IEXPLORE32.win> []
C:\Program Files\ast\ast.exe > [N/A]
C:\WINDOWS\AVPSrv.exe> [N/A]
C:\WINDOWS\cmdbcs.exe> [N/A]
C:\WINDOWS\vafqaj.exe> []
C:\WINDOWS\Kvsc3.exe> [N/A]
修复Winsock 提供者
MSAPI Tcpip [TCP/IP]
C:\WINDOWS\system32\msavp.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINDOWS\system32\msavp.dll(, N/A)
修复文件关联
未知者001 - 2007-10-4 17:02:00
谢谢你们俩!!!3Q
1
© 2000 - 2026 Rising Corp. Ltd.