12   2  /  2  页   跳转

Hack.Exploit.Vml.l怎么解决啊?

收藏
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-07 11:25 | 只看楼主 短消息 资料
字号: 11楼

[PID: 1436 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\MGCSPLM.DLL]  [Panasonic Communications Co., Ltd., 5.07]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1576 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1672 / SYSTEM][D:\Program Files\AVG Anti-Spyware\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
    [D:\Program Files\AVG Anti-Spyware\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 1696 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1776 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 380 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372 / 黎杨][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\Program Files\AVG Anti-Spyware\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\Program Files\AVG Anti-Spyware\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1756 / 黎杨][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
[PID: 2176 / 黎杨][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 2184 / 黎杨][D:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 5, 2, 1001]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [D:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1018]
[PID: 2208 / 黎杨][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
[PID: 2376 / 黎杨][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
[PID: 3368 / 黎杨][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\Program Files\Tencent\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\Tencent\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [C:\Program Files\Tencent\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 95]
    [C:\Program Files\Tencent\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Tencent\QQ\videodevice.dll]  [Tencent, 1, 6, 0, 1]
    [C:\Program Files\Tencent\QQ\inplus.dll]  [Tencent, 1, 6, 0, 0]
    [C:\Program Files\Thunder Network\Thunder\Components\VPShell\RealMediaSplitter.ax]  [Gabest, 1, 0, 1, 0]
    [C:\WINDOWS\system32\l3codecx.ax]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
[PID: 3412 / 黎杨][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-07 11:25 | 只看楼主 短消息 资料
字号: 12楼

[PID: 1680 / 黎杨][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.5604]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.5606]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.30.2002]
    [C:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL]  [Microsoft Corporation, 1.02]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL]  [Microsoft Corporation, 1.1.6215]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3EN.DLL]  [Microsoft Corporation, 3.1.2303]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3SC.DLL]  [Microsoft Corporation, 3.0.1707.0]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\INTLNAME.DLL]  [Microsoft Corporation, 11.0.5315]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\CHDATEST.DLL]  [Microsoft Corporation, 2.00]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\CHMETCNV.DLL]  [Microsoft Corp., 1.00]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\2052\stintl.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL]  [Microsoft Corporation, 5.00.2916.0]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FDATE.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 2148 / 黎杨][C:\Program Files\Tencent\QQ\QQexternal.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2528 / 黎杨][D:\Program Files\清单计价专家\yjys.exe]  [, 5.1.0.3]
    [D:\Program Files\清单计价专家\GetCellValue.Dll]  [, 6.0.0.105]
    [D:\Program Files\清单计价专家\borlndmm.dll]  [Borland Software Corporation, 7.0.4.453]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\Program Files\清单计价专家\RICHED32.DLL]  [Microsoft Corporation, 4.00.994.64]
    [D:\Program Files\清单计价专家\GAPI32.dll]  [Microsoft Corporation, 5.0.1457.3]
    [C:\Program Files\Common Files\Borland Shared\Bde\IDAPI32.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\Bde\IDR20009.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\Bde\BANTAM.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\Bde\idsql32.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\Bde\IDPDX32.DLL]  [N/A, ]
    [C:\Program Files\Common Files\Borland Shared\Bde\idbat32.DLL]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
[PID: 124 / 黎杨][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3121 (xpsp_sp2_gdr.070418-0032)]
[PID: 3120 / 黎杨][C:\Documents and Settings\黎杨\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Documents and Settings\黎杨\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2176, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2184, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2208, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3368, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3412, C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2148, C:\PROGRAM FILES\TENCENT\QQ\QQEXTERNAL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2528, D:\PROGRAM FILES\清单计价专家\YJYS.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-07 11:26 | 只看楼主 短消息 资料
字号: 13楼

附件传不起````没办法  用点笨办法了
gototop
 
爱咔咔
头像
禁止发言
  • 帖子:178
  • 注册: 2007-07-26
  • 来自:
发表于: 2007-08-07 11:39 | 短消息 资料
字号: 14楼

该用户帖子内容已被屏蔽
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-10 08:19 | 只看楼主 短消息 资料
字号: 15楼

额  我辛苦贴上来的啊  没人理偶了
gototop
 
我是流浪猪
头像
自信弱冠狮
  • 帖子:385
  • 注册: 2005-09-09
  • 来自:
发表于: 2007-08-10 09:42 | 短消息 资料
字号: 16楼

日志不全,驱动呢?
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-13 08:39 | 只看楼主 短消息 资料
字号: 17楼

驱动程序
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\A320RAID.SYS><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[AAR1210 / AAR1210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AAR1210.SYS><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AARSI3X.SYS><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ADPU160M.SYS><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ADPU320.SYS><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6280.SYS><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC67162.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6890.SYS><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC68X5.SYS><ACARD Technology Corp.>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ALIIDE.SYS><Acer Laboratories Inc.>
[AMDBUSDR / AMDBUSDR][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\AMDBUSDR.SYS><AMD>
[AMDEIDE / AMDEIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\AMDEIDE.SYS><AMD>
[asc / asc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\D:\Program Files\AVG Anti-Spyware\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BB-RUN / BB-RUN][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\BB-RUN.SYS><Promise Technology, Inc.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[DONTGO / DONTGO][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\DONTGO.SYS><Promise Technology, Inc.>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\DPTI2O.SYS><Microsoft Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[FASTSX / FASTSX][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTTRAK.SYS><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTTX2K.SYS><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[fevspt1 / fevspt10][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fevspt10.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HPT366 / HPT366][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT366.SYS><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT371.SYS><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT374.SYS><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT3XX.SYS><HighPoint Technologies, Inc.>
[HPTMV / HPTMV][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPTMV.SYS><HighPoint Technologies, Inc.>
[HPTPRO / HPTPRO][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPTPRO.SYS><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Running/Boot Start]
  <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ITERAID.SYS><Integrated Technology Express, Inc.>
[m5228 / m5228][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
  <\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[M5289 / M5289][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\M5289.SYS><ALi Corporation>
[MEGAIDE / MEGAIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MEGAIDE.SYS><LSI Logic Corporation.>
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-13 08:39 | 只看楼主 短消息 资料
字号: 18楼

[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MRAID35X.SYS><American Megatrends Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[PNP680 / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP680.SYS><Silicon Image, Inc.>
[PNP680R / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP680R.SYS><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\QL12160.SYS><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112.SYS><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112R.SYS><Silicon Image, Inc.>
[SI3114 / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114.SYS><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114R.SYS><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124.SYS><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124R.SYS><Silicon Image, Inc>
[SIFILTER / SIFILTER][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SIWINACC.SYS><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISRAID.SYS><Silicon Integrated Systems>
[SISRAID1 / SISRAID1][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISRAID1.SYS><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISRAID2.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPTRAK / SPTRAK][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SPTRAK.SYS><Promise Technology, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[ULSATA / ULSATA][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ULSATA.SYS><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ULSATA2.SYS><Promise Technology, Inc.>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ULTRA.SYS><Promise Technology, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\VIAMRAID.SYS><VIA Technologies inc,.ltd>
[VIAPDSK / VIAPDSK][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\VIAPDSK.SYS><VIA Technologies, Inc.>
[viaraid / viaraid][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Running/Boot Start]
  <\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
  <\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[W2KADV / W2KADV][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\W2KADV.SYS><ConnectCom Solutions, Inc.>
[wsants7 / wsants78][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wsants78.sys><N/A>
gototop
 
晓伟工作室
头像
初生襁褓狮
  • 帖子:53
  • 注册: 2007-07-31
  • 来自:
发表于: 2007-08-13 09:32 | 短消息 资料
字号: 19楼

楼主,装个ARP防火墙试试。。仅对局域网的兄弟姐妹说,因为本人深受该病毒滋扰。。不过已经解决了。
gototop
 
198488
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2005-01-31
  • 来自:
发表于: 2007-08-13 11:02 | 只看楼主 短消息 资料
字号: 20楼

哦  我试下嘛
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT