瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 坛主进来下下啊 关于木马群 shualai.exe

1   1  /  1  页   跳转

坛主进来下下啊 关于木马群 shualai.exe

收藏
我叫池郁凡
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-01
  • 来自:
发表于: 2007-05-01 19:42 | 只看楼主 短消息 资料
字号: 1楼

坛主进来下下啊 关于木马群 shualai.exe

安全模式 把 注册表中的 run-shualai.exe 删除了
把windows中相关的删除了

包括木马群 winform  cmdbsc 等等

没有想到的就是木马群很庞大勒

重启联网 整个木马又被重新下载下来

郁闷 再生能力太强了哦

新木马 瑞星杀不了呢!

希望瑞星赶快 下次更新就可以查杀最好不过!

QQ287403609
最后编辑2007-05-03 10:03:48
分享到:
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-05-01 19:57 | 短消息 资料
字号: 2楼

扫SRE日志上来...
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-05-01 20:24 | 短消息 资料
字号: 3楼

下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
gototop
 
我叫池郁凡
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-01
  • 来自:
发表于: 2007-05-03 00:44 | 只看楼主 短消息 资料
字号: 4楼



2005-05-03,00:19:55

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[宽带连接]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\宽带连接.lnk -->  [N/A]><N>

==================================
服务
[2663ABDF / 2663ABDF][Stopped/Auto Start]
  <C:\WINDOWS\system32\2663ABDF.EXE -d><Microsoft Corporation>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[IPSEC Client / BRGNS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\OLYNL.DLL,Export 1087><N/A>
[Network Security / ClipArt][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wbgho.dll><Microsoft Corporation>
[CoolWare / CoolWare][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\struts.dll><>
[Fast Client / fast][Stopped/Auto Start]
  <C:\WINDOWS\system32\7a07.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows svcs RunThem / svcs][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\winp\snet.dll>< >
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><N/A>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[bejfpw0 / bejfpw00][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\bejfpw00.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[lbhv / lbhvq][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\lbhvq.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rgpikere / rgpikere][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\rgpikere.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
gototop
 
我叫池郁凡
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-01
  • 来自:
发表于: 2007-05-03 00:44 | 只看楼主 短消息 资料
字号: 5楼

浏览器加载项
[Thunder Browser Helper]
  {4970DA76-DB06-4EB9-AAB5-77AF0CC77310} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <f:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\Program Files\VnetPlugin\anprins.dll, 中国电信股份有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[搜索]
  {0FCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4c43rsnc.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Thunder Browser Helper]
  {4970DA76-DB06-4EB9-AAB5-77AF0CC77310} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Jpeg Class]
  {4970DA77-DB06-4EB9-AAB5-77AF0CC77310} <C:\WINDOWS\system32\37a0.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <d:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[YOKHttpFilter Class]
  {686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\Program Files\yok\adblock.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YOKAdBlock Class]
  {718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\Program Files\yok\adblock.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[]
  {9F7A09E6-144C-4C43-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4c43rsnc.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {D40D01E4-0378-430A-A890-382CB46B97B1} <C:\WINDOWS\system32\udtlphzyjytst.dll, N/A>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <d:\Program Files\Tencent\QQ\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[&使用迅雷下载]
  <F:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
gototop
 
我叫池郁凡
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-05-01
  • 来自:
发表于: 2007-05-03 00:44 | 只看楼主 短消息 资料
字号: 6楼

正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\2663ABDF.DLL]  [Microsoft Corporation, ]
[PID: 1348][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\itqqt.dll]  [N/A, ]
    [C:\WINDOWS\system32\2663ABDF.DLL]  [Microsoft Corporation, ]
    [c:\progra~1\winp\stub.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\winp\play.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\pdkpri.dll]  [N/A, ]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 1780][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\WINDOWS\system32\2663ABDF.DLL]  [Microsoft Corporation, ]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [c:\progra~1\winp\stub.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\winp\play.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\pdkpri.dll]  [N/A, ]
[PID: 440][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\winp\stub.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\winp\play.dll]  [ , 1, 0, 0, 6]
[PID: 552][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\winp\stub.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\winp\play.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 7788][C:\Documents and Settings\Administrator\桌面\seg\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [c:\progra~1\winp\stub.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\winp\play.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        localhost
127.0.0.1        popwin.9983.com
61.152.169.246    www.kuaiso.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.724tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    quxiuu.com
61.152.169.246    www.quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    down.97725.com
61.152.169.246    www.54699.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    d.77276.com
61.152.169.246    do.77276.com
61.152.169.246    i.96981.com
61.152.169.246    wm.103715.com
61.152.169.246    www.138505.com
61.152.169.246    cool.47555.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.wwwlm.net
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    dm1.yiall.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.hyap98.com
61.152.169.246    www.51liulan.cn
61.152.169.246    s.gcuj.com
61.152.169.246    long.down988.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    w.vvcyin.com
61.152.169.246    cc.wzxqy.com
61.152.169.246    ip.315hack.com
61.152.169.246    ip.54liumang.com
61.152.169.246    www.41ip.com
61.152.169.246    xulao.com
61.152.169.246    www.xulao.com
61.152.169.246    www.heixiou.com
61.152.169.246    www.9cyy.com
61.152.169.246    adnx.yygou.cn
61.152.169.246    www1.cw988.cn
61.152.169.246    www2.cw988.cn
61.152.169.246    www.asdwc.com
61.152.169.246    ceoww.com
61.152.169.246    boolom.com
61.152.169.246    www.boolom.com
61.152.169.246    www.tellumore.com
61.152.169.246    www.o1wg.com
61.152.169.246    www.qq756.com
61.152.169.246    ll.chinasese.net
61.152.169.246    www.cnwangmeng.cn
61.152.169.246    0.82211.net
61.152.169.246    rising.whatthishome.com
61.152.169.246    www.canqiou.com
61.152.169.246    www.if56.cn
61.152.169.246    woai777.com
61.152.169.246    www.cz-kc.com
61.152.169.246    www.f1ash8.net
61.152.169.246    new.hackpp.com
61.152.169.246    ad.taoip.cn
61.152.169.246    www.game53.com
61.152.169.246    up.boolom.com
61.152.169.246    t.gcuj.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A
gototop
 
独孤剑客
头像
飘泊而立狮
  • 帖子:620
  • 注册: 2005-08-15
  • 来自:
发表于: 2007-05-03 08:50 | 短消息 资料
字号: 7楼

host表一定要修改.127.0.0.1 popwin.9983.com
61.152.169.246 www.kuaiso.com
61.152.169.246 www.my6688.cn
61.152.169.246 www.union123.com
61.152.169.246 www.ktan.cn
61.152.169.246 www.2t2t.cn
61.152.169.246 www.cq530.com
61.152.169.246 www.365tc.com
61.152.169.246 ad.qucha.net
61.152.169.246 www.tan8.cn
61.152.169.246 www.itjj.net
61.152.169.246 www.start188.com
61.152.169.246 www.at58.cn
61.152.169.246 union.yxad.com
61.152.169.246 www.iptan.com
61.152.169.246 www.ip2008.net
61.152.169.246 www.yqif.com
61.152.169.246 www.2t2t.cn
61.152.169.246 www.688ip.com
61.152.169.246 www.17tc.com
61.152.169.246 www.zztan.com
61.152.169.246 www.5tanip.com
61.152.169.246 www.16tc.com
61.152.169.246 www.163se.net
61.152.169.246 www.724tc.com
61.152.169.246 www1.6tan.com
61.152.169.246 www2.6tan.com
61.152.169.246 www.6tan.com
61.152.169.246 quxiuu.com
61.152.169.246 www.quxiuu.com
61.152.169.246 www.23b.cn
61.152.169.246 www.ookkw.com
61.152.169.246 www.97725.com
61.152.169.246 down.97725.com
61.152.169.246 www.54699.com
61.152.169.246 web.77276.com
61.152.169.246 www.77276.com
61.152.169.246 d.77276.com
61.152.169.246 do.77276.com
61.152.169.246 i.96981.com
61.152.169.246 wm.103715.com
61.152.169.246 www.138505.com
61.152.169.246 cool.47555.com
61.152.169.246 www.437799.com
61.152.169.246 www.168080.com
61.152.169.246 www.baidu8.org
61.152.169.246 d.qbbd.com
61.152.169.246 w.qbbd.com
61.152.169.246 www.npjxjy.com
61.152.169.246 www.wwwlm.net
61.152.169.246 new2.jixie123.cn
61.152.169.246 www.18dmm.com
61.152.169.246 www.souxse.cn
61.152.169.246 dm1.yiall.com
61.152.169.246 www.nze21.com
61.152.169.246 www.puma163.com
61.152.169.246 www.hyap98.com
61.152.169.246 www.51liulan.cn
61.152.169.246 s.gcuj.com
61.152.169.246 long.down988.cn
61.152.169.246 x.vvcyin.com
61.152.169.246 w.vvcyin.com
61.152.169.246 cc.wzxqy.com
61.152.169.246 ip.315hack.com
61.152.169.246 ip.54liumang.com
61.152.169.246 www.41ip.com
61.152.169.246 xulao.com
61.152.169.246 www.xulao.com
61.152.169.246 www.heixiou.com
61.152.169.246 www.9cyy.com
61.152.169.246 adnx.yygou.cn
61.152.169.246 www1.cw988.cn
61.152.169.246 www2.cw988.cn
61.152.169.246 www.asdwc.com
61.152.169.246 ceoww.com
61.152.169.246 boolom.com
61.152.169.246 www.boolom.com
61.152.169.246 www.tellumore.com
61.152.169.246 www.o1wg.com
61.152.169.246 www.qq756.com
61.152.169.246 ll.chinasese.net
61.152.169.246 www.cnwangmeng.cn
61.152.169.246 0.82211.net
61.152.169.246 rising.whatthishome.com
61.152.169.246 www.canqiou.com
61.152.169.246 www.if56.cn
61.152.169.246 woai777.com
61.152.169.246 www.cz-kc.com
61.152.169.246 www.f1ash8.net
61.152.169.246 new.hackpp.com
61.152.169.246 ad.taoip.cn
61.152.169.246 www.game53.com
61.152.169.246 up.boolom.com
61.152.169.246 t.gcuj.com
其他地按照顶置贴办.
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-05-03 10:08 | 短消息 资料
字号: 8楼

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng (就是你扫日志的软件)
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll> []

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
2663ABDF / 2663ABDF
IPSEC Client / BRGNS
Network Security / ClipArt
CoolWare / CoolWare
Fast Client / fast
Windows svcs RunThem / svcs



双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
然后删除
C:\WINDOWS\system32\2663ABDF.EXE
C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE
C:\WINDOWS\SYSTEM32\WBEM\OLYNL.DLL
C:\WINDOWS\system32\wbgho.dll
C:\WINDOWS\system32\struts.dll
C:\WINDOWS\system32\7a07.exe
C:\PROGRA~1\winp
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\pdkpri.dll] [N/A, ]
C:\WINDOWS\system32\2663ABDF.DLL
C:\WINDOWS\system32\itqqt.dll
gototop
 
特攻队2
头像
锋芒艾服狮
  • 帖子:1126
  • 注册: 2006-08-25
  • 来自:深圳市
发表于: 2007-05-03 10:13 | 短消息 资料
字号: 9楼

<C:\WINDOWS\system32\7a07.exe><N/A>
这个有疑点?什么来的?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT