求救，中了trojan.dl.win32.qqhelper.bat瑞星查出来但杀不掉 bbs.ikaka.com

吉祥财神 - 2007-11-13 22:18:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 22:05:34, 日期 2007-11-13
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lenovo\LenovoClient\scheduler.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\U8SMSSrv.exe
C:\WINNT\system32\ServerNT.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\rising\Rav\RavTask.exe
E:\Program Files\360safe\safemon\360Tray.exe
E:\Program Files\360safe\antiarp\antiarp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\rising\Rav\Ravmon.exe
E:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.276\HijackThis1991zww.exe

O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - E:\Program Files\360safe\safemon\safemon.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [360Safetray] E:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 启动项HKLM\\Run: [360Antiarp] E:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {19EFFC12-25FB-479A-A0F2-1569AE1B3365} - http://60.190.101.206/abc.cab
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} (GDGetTokenInfo Class) - https://mybank.icbc.com.cn/icbc/GDReadPub.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} (CSetLET Class) - https://mybank.icbc.com.cn/icbc/perbank/GDSetLET.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86884FDE-B42B-4D23-8CE8-BD8CE8496181}: NameServer = 61.29.201.114,202.103.225.68
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Fortinet Service Scheduler (FA_Scheduler) - Lenovo (Beijing) Ltd. - C:\Program Files\Lenovo\LenovoClient\scheduler.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: UFSoft SMS Platform (U8SmsSrv) - Unknown owner - C:\WINNT\system32\U8SMSSrv.exe
O23 - NT 服务: 用友U8预警调度服务 (UFALERTSERVICE) - Unknown owner - (no file)
O23 - NT 服务: U8管理软件 (UFNet) - Unknown owner - C:\WINNT\system32\ServerNT.EXE
O23 - NT 服务: Windows Advanced Manager (wamer) - Unknown owner - C:\Program Files\Microsoft Office\SYSTEM\dodolook_7266.exe (file missing)
O23 - NT 服务: 一起来音乐助手 (Yiqilai) - Yiqilai - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe

吉祥财神 - 2007-11-13 22:19:00

高手帮看看呀

changderen - 2007-11-13 23:31:00

关闭系统还原后在找到病毒文件手动删除！用瑞星在安全模式也应该可以杀掉！

火影忍者 - 2007-11-14 2:27:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

吉祥财神 - 2007-11-14 8:45:00

[CODE]

2007-11-14,08:32:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [N/A]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<360Safetray><E:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<360Antiarp><E:\Program Files\360safe\antiarp\antiarp.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserRemove> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[AVP-SE / AVP-SE][Stopped/Disabled]
<><N/A>
[C5FD27FF / C5FD27FF][Stopped/Auto Start]
<><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Fortinet Service Scheduler / FA_Scheduler][Running/Auto Start]
<C:\Program Files\Lenovo\LenovoClient\scheduler.exe><Lenovo (Beijing) Ltd.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
<C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Time Windows / TIMES][Stopped/Disabled]
<><N/A>
[UFSoft SMS Platform / U8SmsSrv][Running/Auto Start]
<C:\WINNT\system32\U8SMSSrv.exe><N/A>
[用友U8预警调度服务 / UFALERTSERVICE][Stopped/Auto Start]
<><N/A>
[U8管理软件 / UFNet][Running/Auto Start]
<C:\WINNT\system32\ServerNT.EXE><N/A>
[Windows Advanced Manager / wamer][Stopped/Auto Start]
<"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7266.exe"><N/A>
[wint / wint][Stopped/Disabled]
<C:\WINNT\system32\RunDLL32.exe ><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[一起来音乐助手 / Yiqilai][Stopped/Auto Start]
<"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe"><Yiqilai>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
<\??\C:\WINNT\system32\drivers\360AntiArp.sys><奇虎网>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[fortidrv / fortidrv][Running/Boot Start]
<\SystemRoot\System32\drivers\fortidrv.sys><N/A>
[fortips / fortips][Running/Auto Start]
<\??\C:\WINNT\System32\drivers\fortips.sys><N/A>
[usb Card Device / ft2kEnum][Running/Manual Start]
<system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[Fortinet network virtual adapter / ft_vnic][Running/Manual Start]
<System32\DRIVERS\ftvnic.sys><Lenovo(Beijing) Ltd.>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
<system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
<system32\DRIVERS\usbtoken.sys><>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HanWang Pen Class Driver / hwmclass][Running/System Start]
<System32\DRIVERS\hwmclass.sys><Windows (R) 2000 DDK provider>
[%hwpen3.SvcDesc% / hwpen3][Stopped/Manual Start]
<System32\DRIVERS\hwpen3.sys><Windows (R) 2000 DDK provider>
[j34xq0 / j34xq0][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\j34xq0.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\KRegEx.sys><N/A>
[KSysCall / KSysCall][Stopped/System Start]
<\??\C:\PROGRA~1\KV2005\KSysCall.sys><N/A>
[KVDP / KVDP][Stopped/Manual Start]
<\??\C:\PROGRA~1\KV2005\KVDP_4.sys><N/A>
[KWATCH / KWATCH][Stopped/Manual Start]
<\??\C:\KAV\KWATCH.SYS><N/A>
[New0 / New0][Stopped/Auto Start]
<\??\C:\WINNT\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[USB Mass Storage / OEMSTOR][Stopped/Manual Start]
<system32\DRIVERS\USBMSDk.SYS><USB Mass Storage.>
[PProtect / PProtect][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device / Reader_Device][Running/Manual Start]
<system32\DRIVERS\usbic2k.sys><OEM>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sense3 / Sense3][Running/Auto Start]
<System32\Drivers\sense3.sys><Beijing Senselock>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[Superk53 / Superk53][Running/Auto Start]
<\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[vkvxve / vkvxve3][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vkvxve3.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
<\??\C:\WINNT\Downloaded Program Files\CONFLICT.5\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

吉祥财神 - 2007-11-14 8:47:00

==================================
浏览器加载项
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINNT\system32\GDREAD~1.DLL, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\system32\INPUTC~1.DLL, >
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[CSetLET Class]
{C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINNT\system32\GDSetLET.dll, >
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[Kingsoft DUBA OnlineScan]
{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINNT\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[IcbcSslCacheCleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <e:\Program Files\360safe\live.dll, 360safe.com>
[添加到QQ表情]
<E:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================

吉祥财神 - 2007-11-14 8:48:00

正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 244][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 396][C:\WINNT\System32\SCardSvr.exe] [Microsoft Corporation, 5.00.2195.6609]
[PID: 644][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 652][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 716][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 3, 0, 0]
[C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 756][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 768][C:\Program Files\Lenovo\LenovoClient\scheduler.exe] [Lenovo (Beijing) Ltd., 1.0.407.0]
[C:\Program Files\Lenovo\LenovoClient\utilsdll.dll] [Lenovo (Beijing) Ltd., 1.0.407.0]
[C:\Program Files\Lenovo\LenovoClient\LIBEAY32.dll] [N/A, ]
[PID: 800][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.7021]
[PID: 812][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Common Files\System\OLE DB\sqloledb.dll] [Microsoft Corporation, 2000.080.0380]
[C:\WINNT\system32\MSDART.DLL] [Microsoft Corporation, 2.61.7326.0]
[C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL] [Microsoft Corporation, 2.61.7326.0]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 988][C:\WINNT\system32\WINDOW~1\Server\nspmon.exe] [Microsoft Corporation, 4.1.00.3934]
[PID: 1072][C:\WINNT\system32\WINDOW~1\Server\nscm.exe] [Microsoft Corporation, 4.1.00.3934]
[PID: 1096][C:\WINNT\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.4403]
[C:\WINNT\system32\HANWANGP.IME] [HanWang Corporation, 4.00.950]
[PID: 1140][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 1192][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[PID: 1272][C:\WINNT\system32\stisvc.exe] [Microsoft Corporation, 5.00.2195.6656]
[PID: 1336][C:\WINNT\system32\U8SMSSrv.exe] [N/A, ]
[PID: 1368][C:\WINNT\system32\ServerNT.EXE] [N/A, ]
[C:\WINNT\system32\UMiscell.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\sgv.dll] [, 8, 2, 0, 0]
[C:\WINNT\system\Sense3.dll] [N/A, ]
[C:\WINNT\system32\SecuComm.dll] [N/A, ]
[C:\WINNT\system32\MSDART.DLL] [Microsoft Corporation, 2.61.7326.0]
[C:\Program Files\Common Files\System\OLE DB\sqloledb.dll] [Microsoft Corporation, 2000.080.0380]
[C:\Program Files\Common Files\System\OLE DB\MSDATL3.DLL] [Microsoft Corporation, 2.61.7326.0]
[C:\Program Files\Common Files\System\OLE DB\SQLOLEDB.RLL] [Microsoft Corporation, 2000.080.0380]
[C:\WINNT\system32\DBNETLIB.DLL] [Microsoft Corporation, 2000.080.0380.00]
[C:\WINNT\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 1388][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 1420][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1428][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.6664]
[PID: 980][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.5512.0]
[C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.5512.0]
[PID: 856][C:\WINNT\system32\WINDOW~1\Server\nspm.exe] [Microsoft Corporation, 4.1.00.3917]
[C:\WINNT\system32\WINDOW~1\Server\nmsa.dll] [Microsoft Corporation, 4.1.00.3917]
[C:\WINNT\system32\Windows Media\Server\nsodbc.dll] [Microsoft Corporation, 4.1.00.3917]
[C:\WINNT\system32\Windows Media\Server\mdsprx.dll] [Microsoft Corporation, 4.1.00.3917]
[C:\WINNT\system32\imaadp32.acm] [Microsoft Corporation, 5.00.2195.6612]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msg711.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msgsm32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINNT\system32\tsd32.dll] [, ]
[C:\WINNT\system32\lhacm.acm] [Microsoft Corporation, 4.4.3385]
[C:\WINNT\system32\msg723.acm] [Microsoft Corporation, 4.4.3385]
[C:\WINNT\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINNT\system32\msaud32.acm] [Microsoft Corporation, 4.1.00.3927]
[C:\WINNT\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINNT\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINNT\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINNT\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[C:\WINNT\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 2.80]
[C:\WINNT\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 43]
[C:\WINNT\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[PID: 1620][C:\WINNT\system32\WINDOW~1\Server\nsum.exe] [Microsoft Corporation, 4.1.00.3930]
[C:\WINNT\system32\Windows Media\Server\accesscontrol.dll] [Microsoft Corporation, 4.1.00.3917]
[PID: 1632][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\system32\SQLUNIRL.dll] [Microsoft Corporation, 2000.080.0380.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\system32\odbcbcp.dll] [Microsoft Corporation, 2000.080.0380.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINNT\System32\SQLSRV32.dll] [Microsoft Corporation, 2000.080.0380.00]
[C:\WINNT\System32\sqlsrv32.rll] [Microsoft Corporation, 2000.080.0380.00]
[C:\WINNT\system32\DBNETLIB.DLL] [Microsoft Corporation, 2000.080.0380.00]
[C:\WINNT\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]

吉祥财神 - 2007-11-14 8:49:00

[PID: 240][C:\WINNT\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984]
[PID: 1880][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 1348][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINNT\system32\ALSNDMGR.CPL] [Realtek Semiconductor Corp., 2.1.09]
[C:\WINNT\system32\LICCPA.CPL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\powercfg.cpl] [Microsoft Corporation, 5.00.3502.6601]
[C:\WINNT\system32\U8SMSConfig.CPL] [, 1, 0, 0, 1]
[C:\WINNT\system32\nvtuicpl.cpl] [NVIDIA Corporation, 6.14.10.4403]
[C:\WINNT\system32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.4403]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\PYJJU.IME] [北京六合源软件技术有限公司, 2, 2, 0, 4]
[PID: 936][C:\Program Files\rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20]
[C:\Program Files\rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\Program Files\rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 1536][E:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 6, 4, 3001]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[E:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[E:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 3, 1001]
[E:\Program Files\360safe\live.dll] [360safe.com, 1, 0, 1, 1021]
[PID: 1548][E:\Program Files\360safe\antiarp\antiarp.exe] [奇虎网, 1, 0, 0, 2001]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 1876][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 1868][C:\Program Files\rising\rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.7]
[C:\WINNT\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\rising\rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\rising\rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[PID: 376][C:\WINNT\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1316][E:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[E:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2180][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 812, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1096, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1336, C:\WINNT\SYSTEM32\U8SMSSRV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1368, C:\WINNT\SYSTEM32\SERVERNT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 980, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1632, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1536, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1536, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1548, E:\PROGRAM FILES\360SAFE\ANTIARP\ANTIARP.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: E:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: E:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛