瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】中了灰鸽子Backdoor.Gpigeon.iqj,求高手帮忙杀毒

1   1  /  1  页   跳转

【求助】中了灰鸽子Backdoor.Gpigeon.iqj,求高手帮忙杀毒

收藏
荒原野狼
头像
初生襁褓狮
  • 帖子:58
  • 注册: 2005-12-06
  • 来自:
发表于: 2006-10-16 20:30 | 只看楼主 短消息 资料
字号: 1楼

【求助】中了灰鸽子Backdoor.Gpigeon.iqj,求高手帮忙杀毒

病毒位置是在C:\Documents and Settings\xiaoxu\Local Settings\Temp\E_4\krnln.fnr
病毒名称是:Backdoor.Gpigeon.iqj
下面是我用瑞星听诊器扫描的报告,不知有用不?求高手帮忙,不胜感激!
未知家族病毒分析
扫描结果:
C:\Program Files\Internet Explorer\IEXPLORE.EXE --> 与 Backdoor.Gpigeon 71%相似.


系统活动进程
C:\WINDOWS\SYSTEM32\GSICON.EXE
C:\WINDOWS\SYSTEM32\GCPL_CHINESESIMP.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
D:\我的下载\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDSXX.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDXXX.DLL

C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DSLAGENT.EXE
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\VBPTASK.EXE
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\VBCFG.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\RITDLL.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\MFC42.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\FARTCP.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\VBIOCTL.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\FSSTI.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\MULTIDSK.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\GBANDBIG.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\CRTERP.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\FS_RIT.DLL
C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\DISKMSG.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\VPRPROC.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\WDMAUD.DRV
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
ATIPTA = C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
SoundMan = SOUNDMAN.EXE
farstone = (NULL)
GSICONEXE = GSICON.EXE
DSLAGENTEXE = DSLAGENT.EXE USB
RestoreIT! = "C:\PROGRAM FILES\PHOENIX\RECOVERPRO_XP\VBPTASK.EXE" VBSTART
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\DHARMA5.SCR


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{54EBD53A-9BC1-480B-966A-843A333CA162}? = NULL
{A5366673-E8CA-11D3-9CD9-0090271D075B} = NULL
{A5366673-E8CA-11D3-9CD9-0090271D075B}? = NULL


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{68230BB3-FED7-476D-8F76-887B001D2C99}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{68230BB3-FED7-476D-8F76-887B001D2C99}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{174B6658-D65C-4B9B-AF06-0FA69450140A}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{174B6658-D65C-4B9B-AF06-0FA69450140A}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8904B849-2578-4646-832F-BD2996D17EC6}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8904B849-2578-4646-832F-BD2996D17EC6}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{58599840-A7FC-4B73-8861-5E019E00E7D6}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{58599840-A7FC-4B73-8861-5E019E00E7D6}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{36AE929E-FE49-4F3B-8270-D05D5099947D}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{36AE929E-FE49-4F3B-8270-D05D5099947D}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C58846B3-1149-4453-89CE-4907F8B97AC1}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C58846B3-1149-4453-89CE-4907F8B97AC1}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
Application Managements = C:\WINDOWS\WINDOWS CATALOG6.CMD
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
ATI Smart = C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{B103F70D-5C35-4C15-AE21-3C844F5B971F}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
最后编辑2006-10-16 23:06:18
分享到:
gototop
 
荒原野狼
头像
初生襁褓狮
  • 帖子:58
  • 注册: 2005-12-06
  • 来自:
发表于: 2006-10-16 20:31 | 只看楼主 短消息 资料
字号: 2楼

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
Arp1394 = C:\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
basic2 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_BSC2.SYS
Bridge = C:\WINDOWS\SYSTEM32\DRIVERS\BRIDGE.SYS
BridgeMP = C:\WINDOWS\SYSTEM32\DRIVERS\BRIDGE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ExpScaner = C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
Fallback = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FALL.SYS
FBAPI = C:\WINDOWS\SYSTEM32\DRIVERS\FBAPI.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
Fsks = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FSKS.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gafwload = C:\WINDOWS\SYSTEM32\DRIVERS\GAFWLOAD.SYS
glausb = C:\WINDOWS\SYSTEM32\DRIVERS\GLAUSB.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
hidusb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
HookReg = C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
HookSys = C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
HookUrl = C:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
hsf_msft = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_MSFT.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
K56 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_K56K.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
MEMSCAN = C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
mProcRs = C:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
New0 = C:\WINDOWS\SYSTEM32\NEW.SYS
NIC1394 = C:\WINDOWS\SYSTEM32\DRIVERS\NIC1394.SYS
npkcrypt = D:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
ohci1394 = C:\WINDOWS\SYSTEM32\DRIVERS\OHCI1394.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
Rksample = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_SAMP.SYS
RMSPPPOE = C:\WINDOWS\SYSTEM32\DRIVERS\RMSPPPOE.SYS
RsFwDrv = C:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\R8139N51.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sisagp = C:\WINDOWS\SYSTEM32\DRIVERS\SISAGPX.SYS
SoftFax = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_FAXX.SYS
SPEEDCD = C:\WINDOWS\SYSTEM32\DRIVERS\SPEEDCD.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Tones = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_TONE.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
V124 = C:\WINDOWS\SYSTEM32\DRIVERS\HSF_V124.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wanusb = C:\WINDOWS\SYSTEM32\DRIVERS\GWAUSB.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-10-16 20:34 | 短消息 资料
字号: 3楼

看这个没有用……路径是临时文件夹,清理后去我的e盘mizuki.ys168.com下载Hijackthis扫个日志上来,工具在软件文件夹里
gototop
 
荒原野狼
头像
初生襁褓狮
  • 帖子:58
  • 注册: 2005-12-06
  • 来自:
发表于: 2006-10-16 20:41 | 只看楼主 短消息 资料
字号: 4楼

HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:31:30, 日期 2006-10-16
操作系统:  Windows XP SP1 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Phoenix\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\WinRAR\WinRAR.exe
F:\应用软件\Hijackthis1991zww\HijackThis1991zww.exe

O1 - Hosts: 218.5.72.87 www.cnww.net
O1 - Hosts: 218.5.72.87 cnww.net
O1 - Hosts: 218.5.72.87 www.a5a5.net
O1 - Hosts: 218.5.72.87 a5a5.net
O1 - Hosts: 218.5.72.87 www.49m2.com
O1 - Hosts: 218.5.72.87 49m2.com
O1 - Hosts: 218.5.72.87 www.45800.com
O1 - Hosts: 218.5.72.87 45800.com
O1 - Hosts: 218.5.72.87 www.kan234.com
O1 - Hosts: 218.5.72.87 kan234.com
O1 - Hosts: 218.5.72.87 www.yyadsl.com
O1 - Hosts: 218.5.72.87 yyadsl.com
O1 - Hosts: 218.5.72.87 www.dh988.com
O1 - Hosts: 218.5.72.87 dh988.com
O1 - Hosts: 218.5.72.87 www.vodm.com
O1 - Hosts: 218.5.72.87 vodm.com
O1 - Hosts: 218.5.72.87 www.vod99.com
O1 - Hosts: 218.5.72.87 vod99.com
O1 - Hosts: 218.5.72.87 www.fh55.com
O1 - Hosts: 218.5.72.87 fh55.com
O1 - Hosts: 218.5.72.87 www.lg2000.com
O1 - Hosts: 218.5.72.87 lg2000.com
O1 - Hosts: 218.5.72.87 www.1tui.net
O1 - Hosts: 218.5.72.87 1tui.net
O1 - Hosts: 218.5.72.87 www.fff8.org
O1 - Hosts: 218.5.72.87 fff8.org
O1 - Hosts: 218.5.72.87 www.v778.com
O1 - Hosts: 218.5.72.87 v778.com
O1 - Hosts: 218.5.72.87 www.16700.com
O1 - Hosts: 218.5.72.87 16700.com
O1 - Hosts: 218.5.72.87 www.zz258.com
O1 - Hosts: 218.5.72.87 zz258.com
O1 - Hosts: 218.5.72.87 www.06638.com
O1 - Hosts: 218.5.72.87 06638.com
O1 - Hosts: 218.5.72.87 www.07321.com
O1 - Hosts: 218.5.72.87 07321.com
O1 - Hosts: 218.5.72.87 www.ok5558.com
O1 - Hosts: 218.5.72.87 ok5558.com
O1 - Hosts: 218.5.72.87 www.67809.com
O1 - Hosts: 218.5.72.87 67809.com
O1 - Hosts: 218.5.72.87 www.16700.net
O1 - Hosts: 218.5.72.87 16700.net
O1 - Hosts: 218.5.72.87 www.ktv789.com
O1 - Hosts: 218.5.72.87 ktv789.com
O1 - Hosts: 218.5.72.87 www.kancm.com
O1 - Hosts: 218.5.72.87 kancm.com
O1 - Hosts: 218.5.72.87 www.22298.com
O1 - Hosts: 218.5.72.87 22298.com
O1 - Hosts: 218.5.72.87 www.www3.iii88.com
O1 - Hosts: 218.5.72.87 www3.iii88.com
O1 - Hosts: 218.5.72.87 www.eee114.com.cn
O1 - Hosts: 218.5.72.87 eee114.com.cn
O1 - Hosts: 218.5.72.87 www.ziyue.com
O1 - Hosts: 218.5.72.87 ziyue.com
O1 - Hosts: 218.5.72.87 www.movie001.com
O1 - Hosts: 218.5.72.87 movie001.com
O1 - Hosts: 218.5.72.87 www.vod21.cn
O1 - Hosts: 218.5.72.87 vod21.cn
O1 - Hosts: 218.5.72.87 www.dy526.com
O1 - Hosts: 218.5.72.87 dy526.com
O1 - Hosts: 218.5.72.87 www.qq500.org
O1 - Hosts: 218.5.72.87 qq500.org
O1 - Hosts: 218.5.72.87 www.dy6.com
O1 - Hosts: 218.5.72.87 dy6.com
O1 - Hosts: 218.5.72.87 www.ti.comwww.7sou8sou.com
O1 - Hosts: 218.5.72.87 ti.comwww.7sou8sou.com
O1 - Hosts: 218.5.72.87 www.800911.com
O1 - Hosts: 218.5.72.87 800911.com
O1 - Hosts: 218.5.72.87 www.ameimei.com
O1 - Hosts: 218.5.72.87 ameimei.com
O1 - Hosts: 218.5.72.87 www.gotosing.com
O1 - Hosts: 218.5.72.87 gotosing.com
O1 - Hosts: 218.5.72.87 www.cnybi.com.cn
O1 - Hosts: 218.5.72.87 cnybi.com.cn
O1 - Hosts: 218.5.72.87 www.13cctv.com
O1 - Hosts: 218.5.72.87 13cctv.com
O1 - Hosts: 218.5.72.87 www.dy002.com
O1 - Hosts: 218.5.72.87 dy002.com
O1 - Hosts: 218.5.72.87 www.qmzw.com.cn
O1 - Hosts: 218.5.72.87 qmzw.com.cn
O1 - Hosts: 218.5.72.87 www.bookhot.com.cn
O1 - Hosts: 218.5.72.87 bookhot.com.cn
O1 - Hosts: 218.5.72.87 www.58996.com
O1 - Hosts: 218.5.72.87 58996.com
O1 - Hosts: 218.5.72.87 www.wymmm.net
O1 - Hosts: 218.5.72.87 wymmm.net
O1 - Hosts: 218.5.72.87 www.baidu158.com
O1 - Hosts: 218.5.72.87 baidu158.com
O1 - Hosts: 218.5.72.87 www.kkze.com
O1 - Hosts: 218.5.72.87 kkze.com
O1 - Hosts: 218.5.72.87 www.14cctv.com
O1 - Hosts: 218.5.72.87 14cctv.com
O1 - Hosts: 218.5.72.87 www.17cctv.com
O1 - Hosts: 218.5.72.87 17cctv.com
O1 - Hosts: 218.5.72.87 www.38k38.com
O1 - Hosts: 218.5.72.87 38k38.com
O1 - Hosts: 218.5.72.87 www.34mm.com
O1 - Hosts: 218.5.72.87 34mm.com
O1 - Hosts: 218.5.72.87 www.003009.com
O1 - Hosts: 218.5.72.87 003009.com
O1 - Hosts: 218.5.72.87 www.003004.com
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [GSICONEXE] GSICON.EXE
O4 - 启动项HKLM\\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - 启动项HKLM\\Run: [RestoreIT!] "C:\Program Files\Phoenix\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\PROGRA~1\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\PROGRA~1\FLASHGET\jc_all.htm
O9 - 浏览器额外的按钮: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - d:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - https://www.95599.cn/platform/pub/cab/ABC.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C14D003A-DA41-4FEE-8204-62A94EAA29D1} (GLWebAvt Control) - http://bbs.ourgame.com/image/GLWebAvt.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C58846B3-1149-4453-89CE-4907F8B97AC1}: NameServer = 61.233.154.33 211.98.4.1
O18 - 列举现有的协议: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - d:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll
O23 - NT 服务: Application Layer Servicev (Application Managements) - Unknown owner - C:\WINDOWS\Windows.exe (file missing)
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
gototop
 
荒原野狼
头像
初生襁褓狮
  • 帖子:58
  • 注册: 2005-12-06
  • 来自:
发表于: 2006-10-16 20:42 | 只看楼主 短消息 资料
字号: 5楼

好了,传上来了,谢谢您啊,我是真让这病毒打败了。
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-10-16 20:49 | 短消息 资料
字号: 6楼

修复
O23 - NT 服务: Application Layer Servicev (Application Managements) - Unknown owner - C:\WINDOWS\Windows.exe (file missing)
和没用的01项
开始,运行,regedit展开注册表,查找C:\WINDOWS\Windows.exe删除
gototop
 
荒原野狼
头像
初生襁褓狮
  • 帖子:58
  • 注册: 2005-12-06
  • 来自:
发表于: 2006-10-16 23:14 | 只看楼主 短消息 资料
字号: 7楼

汗,终于登录进来了。楼上的大哥,我怎么在注册表里没找到那个文件啊?病毒依然在,只要一运行相关联的那个程序,病毒就跳出来了。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT