12345   4  /  5  页   跳转

【求助】中木马群

收藏
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-09 23:02 | 只看楼主 短消息 资料
字号: 31楼

我今早5点左右(6点?)已经把System64.Sys还有scandisk.dll 强制删除.但是启动服务项没改OTL- -;)即这些米改...
(用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”,

服务
[283C1FD2 / 283C1FD2][Stopped/Auto Start]
<C:\WINDOWS\System32\1A7AFEDC.EXE -k><Microsoft Corporation>

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>)

然后刚刚再再次出现更郁闷的状况,蓝屏,然后是键盘一个接着一个失效= =....都只好在别的机子上论坛了OTL.

浏览器加载项
[(&X)X163]
<C:/WINDOWS/Web/X163.htm, N/A><---这个加载项是我加的所以确定无事啦哈哈
——————————————————————————————
现在又在杀毒啦~~等一下杀完把服务启动项改好再把SRENG日志放上.
PS...大量未知病毒浮现..晕...
gototop
 
ZENKL
头像
初生襁褓狮
  • 帖子:35
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-09 23:09 | 短消息 资料
字号: 32楼

什么世道!!这么多的病毒哦!!!哎~~~~
gototop
 
celery0926
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-06-09 23:13 | 短消息 资料
字号: 33楼

谢谢指点,还忘了说一件事
今天扫毒的时候基本没有木马了,都是蠕虫,数目也少了
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031635.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031636.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031637.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031638.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031639.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031640.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031641.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031642.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031643.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031644.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031645.EXE本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031646.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031647.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031648.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031649.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031650.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031651.exe本机
Worm.Viking.tk删除成功2007-06-09 19:30手动扫描H:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78A0031652.exe本机
gototop
 
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-09 23:44 | 只看楼主 短消息 资料
字号: 34楼

Trojan.PSW.OnlineGames.cee删除成功2007-06-09 17:12手动扫描C:\WINDOWS\system32netsrvcs.dll>>pecompact2x
Trojan.PSW.QQPass.tmq删除成功2007-06-09 17:16手动扫描C:\WINDOWSrising893.exe>>upx_a
Trojan.PSW.OnlineGames.cee删除成功2007-06-09 17:30手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0034165.dll>>pecompact2x
Trojan.PSW.QQPass.tmq删除成功2007-06-09 17:30手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0034168.exe>>upx_a
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描csrss.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描winlogon.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描services.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描lsass.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描svchost.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描svchost.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描svchost.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描svchost.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描Explorer.EXE>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描spoolsv.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描SOUNDMAN.EXE>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描runiep.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描StatusClient.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描alg.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:17登录系统后扫描ctfmon.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:24手动扫描winlogon.exe>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.IMMSG.TBMSG.fp清除成功2005-06-09 22:24手动扫描Explorer.EXE>>C:\WINDOWS\System32\1C689C9A.DLL
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32til.ttc>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32csv.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32weftl.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32checkfile.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32wtfsm.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32htysx.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32wuhdd.dll>>upack0.34
Trojan.Delf.rww删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32zwgfx.dll>>upack0.34
Trojan.PSW.WLOnline.jgx删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32nwizwlwzs.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2005-06-09 22:28手动扫描C:\WINDOWS\system32nwizwlwzs.dll
Trojan.PSW.Agent.kat删除成功2007-06-09 22:33手动扫描C:\WINDOWSrising238.exe>>upx_a
Dropper.Fsrpau.a删除成功2007-06-09 22:34手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T90HPHFK7[1].exe>>upack0.34
Trojan.PSW.QQPass.tms删除成功2007-06-09 22:35手动扫描C:\Program Files\Internet Explorer\PLUGINSSystem64.Jmp>>upx_a
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032961.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032962.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032963.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032964.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032965.dll>>upack0.34
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032966.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032967.dll
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0031616.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0031617.dll
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032994.dll>>upack0.34
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0031702.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0031704.dll
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032697.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP79A0032698.dll
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035192.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035193.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035194.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035195.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035196.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035197.dll>>upack0.34
Trojan.Delf.rww删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035198.dll>>upack0.34
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035199.exe>>upack0.36
Trojan.PSW.WLOnline.jgx删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035200.dll
Trojan.PSW.Agent.kat删除成功2007-06-09 22:41手动扫描C:\System Volume Information\_restore{55E8A74F-2872-4276-B138-B10F12586850}\RP80A0035202.exe>>upx_a
新的小兵们...
gototop
 
celery0926
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-03-30
  • 来自:
发表于: 2007-06-09 23:51 | 短消息 资料
字号: 35楼

刚刚又扫了一遍,终于没有毒了
感谢高手的指点,也愿楼主的电脑早日康复啊
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-06-09 23:56 | 短消息 资料
字号: 36楼

【回复“小物挖哈哈”的帖子】

你也关闭系统还原吧。

大量病毒在那系统还原里。
gototop
 
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-10 00:39 | 只看楼主 短消息 资料
字号: 37楼

关闭了这次,然后关闭服务,但是你建议我关闭的第二项服务不见了0_0.然后再用WINDOES清理助手扫描,又找到3个小兵....

希望这一次它真的能平静了- =
gototop
 
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-11 02:01 | 只看楼主 短消息 资料
字号: 38楼

- =今天晚上..又来了。...(貌似因为妈妈,又中了新病毒)瑞星监控先是被强制停止,先断网杀毒杀了30几个,然后尝试进入安全模式杀毒,然而出现在面前的却是蓝屏STOP: 0x0000007B(0xF8952640,OxC0000034,0x00000000,0x00000000)...然后只好回到正常启动的XP.一开始发现冰刃和SRENG都使用不能- -.先是手动检查RUN,停了大约4个可疑进程.(但是几个的对应源头,居然搜索为空).然后重启,发现这次手动开启瑞星监控后终于自动开了OTL.然后修改SRENG名字,发现可以使用.以下是SRENG报告= =;)

5555555555555555真倒霉啊.......
gototop
 
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-11 02:05 | 只看楼主 短消息 资料
字号: 39楼


2007-06-11,01:35:40

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <StatusClient><C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto>  [Hewlett-Packard]
    <TomcatStartup><C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe>  [Hewlett-Packard]
    <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [N/A]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll>  [N/A]
    <{C54C4AFB-8A2A-6C1E-BA41-C10F02940702}><C:\WINDOWS\System32\5E15.dll>  []

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> E:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C:\WINDOWS\System32\HPZipm12.exe><HP>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Disabled]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>

==================================
gototop
 
小物挖哈哈
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2007-06-09
  • 来自:
发表于: 2007-06-11 02:05 | 只看楼主 短消息 资料
字号: 40楼

浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\System32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[(&X)X163]
  <C:/WINDOWS/Web/X163.htm, N/A>

==================================
正在运行的进程
[PID: 380][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 456][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 480][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 692][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 736][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 752][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 872][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 980][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 29]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 60]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 32]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[PID: 1036][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\RichDll.dll]  [N/A, ]
[PID: 1572][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.09]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 1588][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 1600][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 1648][C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe]  [Hewlett-Packard, 00.00.13]
    [C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\hpptui0.dll]  [Hewlett-Packard, 01.00.35]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 1752][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 200][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 372][C:\WINDOWS\System32\cmd.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 620][C:\WINDOWS\Logo1_.exe]  [, 1.0.0.0]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]
[PID: 1780][E:\komono\sreng2\S.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\5E15.dll]  [N/A, ]

==================================
gototop
 
<<上一主题|下一主题>>
12345   4  /  5  页   跳转
页面顶部
Powered by Discuz!NT