12   2  /  2  页   跳转

[求助] 怎样杀POPNTS木马

收藏
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-01 17:27 | 只看楼主 短消息 资料
字号: 11楼

回复:怎样杀POPNTS木马

{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[S3CS Class]
  {EA7B1E6F-5308-11D7-BAFF-00E04C397613} <C:\Program Files\OrgCodeLogin\SSSCS.dll, >
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program files\Tencent\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 500 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 592 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 916 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
[PID: 1008 / SYSTEM][C:\Program Files\Rising\Ris\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\Program Files\Rising\Ris\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1016 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 1076 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 1136 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 1196 / SYSTEM][C:\Program Files\Rising\Ris\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Ris\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [C:\Program Files\Rising\Ris\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21]
    [C:\Program Files\Rising\Ris\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Ris\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.80]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [C:\Program Files\Rising\Ris\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [C:\Program Files\Rising\Ris\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
gototop
 
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-01 17:27 | 只看楼主 短消息 资料
字号: 12楼

回复:怎样杀POPNTS木马

[C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [C:\Program Files\Rising\Ris\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\Ris\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [C:\Program Files\Rising\Ris\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\ZLhp1018.DLL]  [Zenographics, Inc., 5, 60, 430, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ZIMFPrnt.DLL]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\system32\ZIMF.dll]  [Zenographics, Inc., 5, 70, 616, 0]
    [C:\WINDOWS\system32\ZTAG.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDNT5UI.DLL]  [Zenographics, Inc., 0, 3, 2911, 1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDDM.DLL]  [Zenographics, Inc., 6, 20, 1611, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDDMUI.DLL]  [Zenographics, Inc., 6, 2, 411, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSR.dll]  [Zenographics, Inc., 6, 20, 1625, 0]
[PID: 1400 / SYSTEM][C:\Program Files\Rising\Ris\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Ris\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[PID: 1436 / SYSTEM][C:\Program Files\Rising\Ris\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
    [C:\Program Files\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
    [C:\Program Files\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
    [C:\Program Files\Rising\Ris\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\mvengine.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\SysMail.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\ur023.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\scanmac.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[PID: 1444 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 1760 / SYSTEM][C:\Program Files\Rising\Ris\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
gototop
 
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-01 17:27 | 只看楼主 短消息 资料
字号: 13楼

回复:怎样杀POPNTS木马

[C:\Program Files\Rising\Ris\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 1792 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 652 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 1588 / Administrator][C:\Program Files\Rising\Ris\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\Rising\Ris\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\Program Files\Rising\Ris\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 26]
    [C:\Program Files\Rising\Ris\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [C:\Program Files\Rising\Ris\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.90]
    [C:\Program Files\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [C:\Program Files\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 9]
    [C:\Program Files\Rising\Ris\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
[PID: 1688 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.42]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
    [C:\Program Files\Rising\AntiSpyware\pscan.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.60]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1132 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
[PID: 2020 / Administrator][C:\PROGRA~1\FOUNDE~1\AM32.exe]  [, 2, 2, 0, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\PROGRA~1\FOUNDE~1\Am32Res.dll]  [, 2, 1, 0, 0]
    [C:\PROGRA~1\FOUNDE~1\plkcom32.dll]  [, 2, 1, 0, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\PROGRA~1\FOUNDE~1\SCANDRV.DLL]  [Plustek Inc., 3, 1, 8, 0]
    [C:\PROGRA~1\FOUNDE~1\SCNDRVU.DRV]  [, 2, 1, 2, 7]
[PID: 1740 / Administrator][C:\Program Files\Rising\AntiSpyware\knownsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.14]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 4000 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1428 / Administrator][D:\Program files\Tencent\QQ.exe]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQBaseClassInDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQHelperDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\BasicCtrlDll.dll]  [TENCENT, 8,0,978,1833]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program files\Tencent\QQAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\LoginCtrl.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\LoginCtrlRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQRes.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\CQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQMainFrame.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\UnReadMsgMgr.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQAllInOne.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\Program files\Tencent\CameraDll.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\FlashAvatarDll.dll]  [, 1, 0, 0, 1]
    [D:\Program files\Tencent\NewSkin.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\MailSummary.dll]  [TENCENT, 8,0,978,1833]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [D:\Program files\Tencent\QQSpace.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\UserDefinedHead.dll]  [TENCENT, 8,0,978,1833]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
gototop
 
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-01 17:28 | 只看楼主 短消息 资料
字号: 14楼

回复:怎样杀POPNTS木马

[D:\Program files\Tencent\OEMApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQAvatar.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQKnowledgeSearch.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQGroupMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQConfigPlugin.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQCustomFace.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQSysMsgMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\ImageOle.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QRingMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQLiveQMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQPet.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\LongConnection.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\PhoneAPI.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program files\Tencent\QQSceneMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\GroupConnection.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\BQQApplication.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\CommercesMng.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\PersonalDesktop.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\Program files\Tencent\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 27]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.60]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program files\Tencent\QQMagicFace.dll]  [TENCENT, 8,0,978,1833]
    [D:\Program files\Tencent\QQFileTransfer.dll]  [TENCENT, 8,0,978,1833]
[PID: 3636 / Administrator][D:\Program files\Tencent\TXPlatform.exe]  [Tencent, 1, 5, 225, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
[PID: 304 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
[PID: 1716 / Administrator][C:\Program Files\arswp\ArSwp.exe]  [ArSwp.com, 2, 8, 2, 1115]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\arswp\plugin\ArFix.dll]  [ArSwp.Com, 2, 5, 0, 0]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3836 / Administrator][C:\Program Files\Windows Media Player\wmplayer.exe]  [Microsoft Corporation, 10.00.00.3802]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.60]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\Program Files\Windows Media Player\Visualizations\MediaPlayer_10.dll]  [MediaPlayer_10, 1, 0, 2, 7]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
[PID: 984 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
[PID: 2548 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 3344 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\SRE5adef2a7.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\JPWB.IME]  [日月科技, 4.00.950]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll]  [Sinfor, 1, 0, 0, 8]
    [C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll]  [, 1, 0, 4, 37]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll(, ProxyIE Module)
MSAFD Tcpip [UDP/IP]
    C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll(, ProxyIE Module)
MSAFD Tcpip [RAW/IP]
    C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll(, ProxyIE Module)
RSVP UDP Service Provider
    C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll(, ProxyIE Module)
RSVP TCP Service Provider
    C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll(, ProxyIE Module)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 592, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2020, C:\PROGRA~1\FOUNDE~1\AM32.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1716, C:\PROGRAM FILES\ARSWP\ARSWP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\ARSWP\ARSWP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 984, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2548, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.984\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-01 17:30 | 只看楼主 短消息 资料
字号: 15楼

回复:怎样杀POPNTS木马

我不知道您所说的日志是不是这个

错了可别生气,我怕砖头儿
gototop
 
lwqsjh
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2009-02-25
  • 来自:
发表于: 2009-03-02 08:30 | 只看楼主 短消息 资料
字号: 16楼

回复:怎样杀POPNTS木马

aaccbbdd
小妹妹,赶快的帮帮我吧
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT