瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 各位高手,救救我吧,中了威金和另外一个木马病毒,杀不了啊

1   1  /  1  页   跳转

各位高手,救救我吧,中了威金和另外一个木马病毒,杀不了啊

收藏
梦幻stardust
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2006-06-28
  • 来自:
发表于: 2007-03-23 19:09 | 只看楼主 短消息 资料
字号: 1楼

各位高手,救救我吧,中了威金和另外一个木马病毒,杀不了啊

我部电脑中了威金以后重装过,将所有的EXE文件都删了,可是故障依旧,还有个未知的木马,也是杀不了,每次都弹出些黄色网页,郁闷下面是日志
[CODE]

2007-03-23,18:50:43

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><H:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"H:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
    <NvMediaCenter><RUNDLL32.EXE H:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <MSPY2002><H:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <NvCplDaemon><RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows XP Publisher]
    <nwiz><nwiz.exe /install>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <RavTask><"H:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"H:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <WebThunder><H:\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <StormCodec_Helper><"H:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <runeip><H:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <DXDllRegExe><H:\WINDOWS\System32\dxdllreg.exe >  [(Verified)Microsoft Windows Component Publisher]
    <QQDoctor><E:\tencent\QQDoctor\QQDoctor.exe>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"H:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
    <WoptiClean><rundll32.exe "H:\Wopti\WoptiCleanDll.dll",CleanNextBoot "H:\Wopti\\WoptiClean">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><H:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
[Microsoft Office]
  <H:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> H:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[腾讯QQ]
  <H:\Documents and Settings\ling-yenxi\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\tencent\qq\QQ.exe [TENCENT]><N>

==================================
服务
[69425B38 / 69425B38][Stopped/Auto Start]
  <H:\WINDOWS\System32\69425B38.EXE -service><Microsoft Corporation>
[CF7B5938 / CF7B5938][Stopped/Auto Start]
  <H:\WINDOWS\System32\CF7B5938.EXE -service><N/A>
[DNS CL1ENT / DNSCL1ENT][Running/Auto Start]
  <H:\WINDOWS\system32\NETW0R~1.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <H:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <H:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[HTTP Secure Manager / Investor][Running/Auto Start]
  <H:\WINDOWS\System32\svchost.exe -k netsvcs-->H:\WINDOWS\System32\cbucg.dll><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <H:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <h:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <h:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"H:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"H:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Routing Protect Access / SOCEESe][Running/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
最后编辑2007-03-23 23:43:39
分享到:
gototop
 
梦幻stardust
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2006-06-28
  • 来自:
发表于: 2007-03-23 19:10 | 只看楼主 短消息 资料
字号: 2楼

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bipu / bipug][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bipug.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\I:\INSTALL\GMSIPCI.SYS><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\H:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\h:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\H:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <H:\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <H:\BitComet\tools\BitCometBHO_1.1.3.19.dll, BitComet>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <h:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <H:\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[ExtIE Class]
  {F58AB49F-BBDB-4DAB-98F6-D269AC7AD57D} <H:\WINDOWS\system32\BR0WSER.DLL, msoft>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <H:\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\tencent\qq\QQ.EXE, TENCENT>
[&Radio]
  {8E718888-423F-11D2-876E-00A0C9082467} <H:\WINDOWS\System32\msdxm.ocx, >
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <H:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <H:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <H:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <H:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用BitComet下载]
  <res://H:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://H:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://H:\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
  <H:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <H:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\tencent\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <H:\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <H:\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\tencent\qq\SendMMS.htm, N/A>
gototop
 
梦幻stardust
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2006-06-28
  • 来自:
发表于: 2007-03-23 19:10 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 504][\??\H:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 532][\??\H:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [H:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 576][H:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 588][H:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 768][H:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 836][H:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [h:\windows\system32\cbucg.dll]  [Microsoft Corporation, 5.1.2600.0]
    [H:\WINDOWS\System32\WINHTTP.dll]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 932][H:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 960][H:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1288][H:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1664][H:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [H:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [H:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1760][h:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51]
    [h:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [h:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [h:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 1920][H:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.0.19]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 2016][H:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [H:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 184][H:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 868][E:\tencent\qq\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [E:\tencent\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 2700][H:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 10, 11, 9]
    [H:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [H:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 11, 20, 10]
    [H:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [H:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [H:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 6, 2, 14]
    [H:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [H:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 8, 18, 1]
    [H:\Program Files\ChinaNet\SysPlug\93d07ada-d3ac-485a-85eb-12ca3cee8375\Vnetsafe114.DLL]  [, 1, 0, 0, 1]
    [H:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 10, 19, 16]
    [H:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [H:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2006, 9, 6, 15]
    [H:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [H:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2006, 12, 13, 16]
    [H:\PROGRA~1\ChinaNet\PageFram.ocx]  [Workgroup, 2006, 12, 11, 17]
    [H:\PROGRA~1\ChinaNet\ACCOUN~1.OCX]  [Workgroup, 2006, 10, 31, 16]
    [H:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 10, 30, 16]
    [H:\PROGRA~1\ChinaNet\NOTIFY~1.OCX]  [Workgroup, 2006, 9, 15, 16]
    [H:\PROGRA~1\ChinaNet\IcosBar.ocx]  [Workgroup, 2006, 9, 25, 9]
    [H:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 9, 8, 17]
    [H:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [H:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 12, 26, 9]
    [H:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [H:\WINDOWS\System32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [H:\WINDOWS\System32\pthreadVC.dll]  [N/A, ]
    [H:\WINDOWS\System32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [H:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [H:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 11, 20, 11]
    [H:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [H:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [H:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 12, 26, 9]
    [H:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [ , 2006, 9, 18, 10]
    [H:\PROGRA~1\ChinaNet\Favorite.ocx]  [, 2006, 12, 26, 10]
    [H:\PROGRA~1\ChinaNet\VNETSE~1.OCX]  [, 2006, 10, 31, 16]
    [H:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2006, 8, 29, 15]
    [H:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [H:\Program Files\ChinaNet\Base64.dll]  [N/A, ]
    [H:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2560][H:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [H:\WINDOWS\System32\69425B38.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [H:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3888][H:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [H:\WINDOWS\system32\B1OS.DLL]  [mcsoft, 1, 0, 0, 0]
[PID: 2288][H:\Documents and Settings\ling-yenxi\My Documents\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [H:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [H:\PROGRA~1\MICROS~2\Office10\MCPS.DLL]  [Microsoft Corporation, 10.0.2625]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-03-23 20:54 | 短消息 资料
字号: 4楼

[69425B38 / 69425B38][Stopped/Auto Start]
<H:\WINDOWS\System32\69425B38.EXE -service><Microsoft Corporation>
[CF7B5938 / CF7B5938][Stopped/Auto Start]
<H:\WINDOWS\System32\CF7B5938.EXE -service><N/A>
[DNS CL1ENT / DNSCL1ENT][Running/Auto Start]
<H:\WINDOWS\system32\NETW0R~1.EXE><N/A>
H:\WINDOWS\System32\69425B38.DLL
gototop
 
修罗撒旦
头像
健康舞勺狮
  • 帖子:300
  • 注册: 2006-09-18
  • 来自:
发表于: 2007-03-23 21:12 | 短消息 资料
字号: 5楼

hh.exe
winhlp32.exe
还要搜索这两个东西,删除..

打开注册表,找到相应键值删除
gototop
 
梦幻stardust
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2006-06-28
  • 来自:
发表于: 2007-03-23 23:53 | 只看楼主 短消息 资料
字号: 6楼

太感谢你们了,谢谢
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT