瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.DL.Agent.ycu这种病毒怎么杀啊?

1   1  /  1  页   跳转

Trojan.DL.Agent.ycu这种病毒怎么杀啊?

收藏
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:14 | 只看楼主 短消息 资料
字号: 1楼

Trojan.DL.Agent.ycu这种病毒怎么杀啊?

ToT,小电中了这种病毒,主页被强制修改了。
在网上查了下,照人说的下载unlocker软件。 进入C:\ WINDOWS\system32\drivers 里找到 hrnrbayb.sys文件(瑞星提示病毒文件)先解锁后删除。然后在开始-运行-输入regedit 打开注册表编辑器,分别在
HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services
HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
下找到以病毒文件名命名的项并删除(这是删除病毒文件的注册项)
我删除了文件,在注册表里也删除了,可是主页还是被强制修改。注册表里也重新出现该病毒的注册信息。ToT,现在该怎么办啊?请高手指教。ToT,麻烦请讲解得通俗点,偶小白一只 。
最后编辑2007-02-26 20:13:48
分享到:
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:17 | 只看楼主 短消息 资料
字号: 2楼

现在瑞星杀毒没有病毒提示。
日志文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <{9A68001C-05DC-2052-0715-040308200056}><"C:\Program Files\Common Files\{9A68001C-05DC-2052-0715-040308200056}\Update.exe" te-110-12-0000158>  [N/A]
    <{00000000-05DC-C:\-0715-040308200000}><"C:\Program Files\Common Files\{00000000-05DC-C:\-0715-040308200000}\Update.exe" >  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Hcontrol><C:\WINDOWS\ATK0100\Hcontrol.exe>  [(Verified)]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <Power_Gear><; C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1>  [N/A]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <UnlockerAssistant><C:\Program Files\Unlocker\UnlockerAssistant.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
    <WinlogonNotify: Sebring><C:\WINDOWS\System32\LgNotify.dll>  [Intel Corporation]

==================================
启动文件夹
[Power4 Gear]
  <C:\Documents and Settings\SLBoy\「开始」菜单\程序\启动\Power4 Gear.lnk --> C:\PROGRA~1\ASUS\POWER4~1\BATTER~1.EXE [ASUSTeK Computer Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[ewido security suite control / ewido security suite control][Running/Auto Start]
  <C:\Program Files\ewido\security suite\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard][Stopped/Disabled]
  <C:\Program Files\ewido\security suite\ewidoguard.exe><ewido networks>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
  <C:\WINDOWS\System32\RpcS.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:18 | 只看楼主 短消息 资料
字号: 3楼

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATKXPDisplayName / ATKXPDisplayName][Running/Manual Start]
  <System32\DRIVERS\ATKACPI.sys><>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BisonCam, USB2.0 / Cam5603C][Stopped/Manual Start]
  <System32\Drivers\Bs350u2.sys><Bison Elec. Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[ewido security suite driver / ewido security suite driver][Running/System Start]
  <\??\C:\Program Files\ewido\security suite\guard.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[hpn / hpn][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[hrnrbay / hrnrbayb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hrnrbayb.sys><N/A>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <System32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X][Running/Auto Start]
  <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <System32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[WLAN Transport / s24trans][Running/Auto Start]
  <System32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[VCD VNC Virtual Network Adapter / vcddev][Running/Manual Start]
  <System32\DRIVERS\vcdvnic.sys><VNN B.J.>
[Virtual CD-ROM Device Driver / vcdrom][Stopped/System Start]
  <\??\C:\Program Files\xpvcdcp_21\WinxpVirtualCDControlPanel\VCdRom.sys><N/A>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51][Stopped/Manual Start]
  <System32\DRIVERS\w22n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <, N/A>
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:21 | 只看楼主 短消息 资料
字号: 4楼

正在运行的进程
[PID: 676][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 760][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\LgNotify.dll]  [Intel Corporation, 8, 0, 0, 167]
[PID: 828][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 840][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1072][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1088][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1136][C:\WINDOWS\System32\S24EvMon.exe]  [Intel Corporation , 8, 0, 0, 167]
[PID: 1308][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1336][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1352][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[PID: 1400][C:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [C:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [C:\Program Files\Rising\Rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [C:\Program Files\Rising\Rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1628][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1700][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1888][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1916][C:\Program Files\ewido\security suite\ewidoctrl.exe]  [ewido networks, 3, 0, 0, 1]
    [C:\Program Files\ewido\security suite\lang.dll]  [privat, 1, 0, 0, 1]
[PID: 1944][C:\WINDOWS\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1980][C:\WINDOWS\System32\RegSrvc.exe]  [Intel Corporation, 8, 0, 0, 167]
[PID: 436][C:\WINDOWS\system32\ZCfgSvc.exe]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\PfMgrApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\WConfig.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\WiFiAdap.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\PsGuiMgr.dll]  [Intel Corporation., 8, 0, 0, 167]
    [C:\WINDOWS\system32\C1XStngs.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\Intel\PROSetWireless\PROSet\CHS\ZcSvcCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
    [C:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
    [C:\WINDOWS\system32\S24MUDLL.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\Intel\PROSetWireless\PROSet\CHS\C1XStCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:21 | 只看楼主 短消息 资料
字号: 5楼

[PID: 556][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 844][C:\WINDOWS\System32\1XConfig.exe]  [Intel, 8, 0, 0, 167]
    [C:\WINDOWS\System32\IntelAE5.dll]  [Meetinghouse Data Communications, 1, 42, 19, 1]
    [C:\WINDOWS\System32\SSLEAY32.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LIBEAY32.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1960][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\xunleibho_v8.dll]  [, 4, 5, 1, 33]
[PID: 472][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 66]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 548][C:\WINDOWS\ATK0100\Hcontrol.exe]  [, 1043, 2, 15, 36]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, N/A]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 36]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 17]
    [C:\WINDOWS\System32\SbrngAPI.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\PfMgrApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\WConfig.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\WiFiAdap.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\C1XStngs.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\System32\S24MUDLL.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 728][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3.0.0.3792]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 736][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 908][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1124][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1260][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 20, 100, 1123]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1328][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1660][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1812][C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe]  [ASUSTeK Computer Inc., 1043, 6, 15, 110]
    [C:\Program Files\ASUS\Power4 Gear\ATKMETHOD.dll]  [ASUSTeK Computer Inc., 1043, 6, 15, 110]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1964][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 36]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2480][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2976][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\xunleibho_v8.dll]  [, 4, 5, 1, 33]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[PID: 500][C:\Program Files\WinRAR\WinRAR.exe]  [Eugene Roshal, 3.30]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 4052][C:\DOCUME~1\SLBoy\LOCALS~1\Temp\Rar$EX00.859\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:22 | 只看楼主 短消息 资料
字号: 6楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.powernum123.com
127.0.0.1 www.powernum123.com.cn
127.0.0.1 powernum123.com
127.0.0.1 powernum123.com.cn
127.0.0.1 www.chebl.com
127.0.0.1 www.chebl.cn
127.0.0.1 www.chebl.com.cn
127.0.0.1 chebl.com
127.0.0.1 chebl.com.cn
127.0.0.1 chebl.cn
127.0.0.1 www.chebuluo.com.cn
127.0.0.1 www.chebuluo.com
127.0.0.1 www.chebuluo.cn
127.0.0.1 chebuluo.com.cn
127.0.0.1 chebuluo.com
127.0.0.1 chebuluo.cn
127.0.0.1 www.17sp.com
127.0.0.1 www.17sp.com.cn
127.0.0.1 17sp.com
127.0.0.1 17sp.com.cn
127.0.0.1 www.feikong.com
127.0.0.1 www.feikong.com.cn
127.0.0.1 www.feikong.cn
127.0.0.1 feikong.com
127.0.0.1 feikong.com.cn
127.0.0.1 feikong.cn
127.0.0.1 www.hacong.com
127.0.0.1 hacong.com
127.0.0.1 www.xbxb*****com
127.0.0.1 www.sobt.com
127.0.0.1 www.sobt.com.cn
127.0.0.1 www.sobt.cn
127.0.0.1 www.sobt.net
127.0.0.1 sobt.com
127.0.0.1 sobt.com.cn
127.0.0.1 sobt.cn
127.0.0.1 sobt.net

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
dyingdream
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-26 20:23 | 只看楼主 短消息 资料
字号: 7楼

ToT,请高手给看一下,我不想重装系统啊ToT
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT