中了aotu.exe病毒删不掉,而且一打开网页就有病毒,请高手指点 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中了aotu.exe病毒删不掉,而且一打开网页就有病毒,请高手指点

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

中了aotu.exe病毒删不掉,而且一打开网页就有病毒,请高手指点

fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:	发表于： 2007-07-07 01:40 \| 只看楼主短消息资料字号：小中大 1楼中了aotu.exe病毒删不掉,而且一打开网页就有病毒,请高手指点病毒有 Trojan.PSW.Win32.OnlineGames.dav Trojan.PSW.Win32.WoWar.sb Trojan.PSW.Win32.WoWar.sb [1].exe>>upack0.39 等等附件: 文件名:75004320077713002.txt 下载次数:176 文件类型:application/octet-stream 文件大小: 上传时间:2007-7-7 1:40:19 描述: 2007-07-07 18:14:15
fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:	分享到：

fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:	发表于： 2007-07-07 01:42 \| 只看楼主短消息资料字号：小中大 2楼瑞星卡卡电脑诊断日志 v1.20 (2007-7-7 1:29:58) 北京瑞星科技股份有限公司注释:[A]表示该文件存在自启动关联; [M]表示该文件在内存中; + 注册表自运行项目 + Win32 Services + HKLM\System\CurrentControlSet\Services 4ABE2F0A [A ] 1. c:\windows\system32\27399081.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, RfwProxySrv [A ] 2. c:\program files\rising\rfw\rfwproxy.exe Beijing Rising Technology Co., Ltd. Rising Personal Proxy Service .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 60 94 40 00 68 60 85 40 00 64 RfwService [A ] 3. c:\program files\rising\rfw\rfwsrv.exe Beijing Rising Technology Co., Ltd. Rising Personal FireWall Service .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 70 AC 41 00 68 80 94 41 00 64 rpcapd [A ] 4. c:\program files\winpcap\rpcapd.exe .text,.rdata,.data, 55 8B EC 6A FF 68 A8 E1 40 00 68 08 B4 40 00 64 RsCCenter [A ] 5. c:\program files\rising\rav\ccenter.exe Beijing Rising Technology Co., Ltd. CCenter .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64 RsRavMon [A ] 6. c:\program files\rising\rav\ravmond.exe Beijing Rising Technology Co., Ltd. RavMond .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64 + Kernel Drivers + HKLM\System\CurrentControlSet\Services BaseTDI [A ] 7. c:\windows\system32\drivers\basetdi.sys Beijing Rising Technology Co., Ltd. basetdi .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35 cmuda [A ] 8. c:\windows\system32\drivers\cmuda.sys C-Media Inc C-Media Audio WDM Driver .text,_LTEXT,_PTEXT,.data,.data1,_LDATA,_PDATA,PAGE,INIT,.rsrc,.reloc, 56 8B 74 24 08 57 68 D2 44 0B 00 FF 74 24 14 56 ExpScaner [A ] 9. c:\program files\rising\rav\expscan.sys ExpScan.sys .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83 HookCont [A ] 10. c:\program files\rising\rav\hookcont.sys Rising HookCont .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7 HookReg [A ] 11. c:\program files\rising\rav\hookreg.sys .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9 HookSys [A ] 12. c:\program files\rising\rav\hooksys.sys Rising Hooksys .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC HookUrl [A ] 13. c:\program files\rising\rfw\hookurl.sys Beijing Rising Technology Co., Ltd. HookUrl .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C MEMSCAN [A ] 14. c:\program files\rising\rav\memscan.sys 瑞星软件有限公司 MemScan Driver .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45 mProcRs [A ] 15. c:\program files\rising\rfw\mprocrs.sys Beijing Rising Technology Co., Ltd. Rising Personal FireWall mprocrs.sys .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75 New0 [A ] 16. c:\windows\system32\new.sys .text,.rdata,INIT,.reloc, 55 8B EC 83 EC 1C 68 60 02 01 00 E8 68 01 00 00 NPF [A ] 17. c:\windows\system32\drivers\npf.sys Politecnico di Torino NPF Driver - TME extensions .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8D 6C 24 90 81 EC 84 00 00 00 53 56 33 DB 57 npkcrypt [A ] 18. c:\program files\tencent\qq\npkcrypt.sys INCA Internet Co., Ltd. nProtect KeyCrypt Driver .text,.rdata,.data,INIT,.rsrc,.reloc, 51 53 56 E8 6F 2C 00 00 A3 28 46 01 00 E8 EC 2B RsAntiSpyware [A ] 19. c:\windows\system32\drivers\rsboot.sys Beijing Rising Technology Co., Ltd. Anti-RootKit Driver .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D RsFwDrv [A ] 20. c:\program files\rising\rfw\rsfwdrv.sys Beijing Rising Technology Co., Ltd. nt_fwdrv .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0 RsNTGDI [A ] 21. c:\windows\system32\drivers\rsntgdi.sys Beijing Rising Technology Co., Ltd. RsNTGDI .text,.rdata,INIT,.rsrc,.reloc, 55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:

fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:	发表于： 2007-07-07 01:43 \| 只看楼主短消息资料字号：小中大 3楼 RSPPSYS [A ] 22. c:\program files\rising\rav\rsppsys.sys Rising RSPPSYS.SYS .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB Secdrv [A ] 23. c:\windows\system32\drivers\secdrv.sys .text,.data,INIT,.reloc, 55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45 sisagp [A ] 24. c:\windows\system32\drivers\sisagpx.sys Silicon Integrated Systems Corporation SiS AGPv3.5 Filter .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc, 55 8B EC 83 EC 28 53 8B 5D 0C 66 8B 03 66 05 02 SiSkp [A ] 25. c:\windows\system32\drivers\srvkp.sys Silicon Integrated Systems Corporation SiS VGA Driver Manager .text,.rdata,.data,INIT,.rsrc,.reloc, A1 10 24 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1 SNPSTD3 [A ] 26. c:\windows\system32\drivers\snpstd3.sys PC Camera driver .text,.rdata,.data,INIT,.rsrc,.reloc, 55 8B EC 83 EC 3C 57 6A 0F 59 33 C0 6A 3C 8D 7D + Internet Explorer + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll Adobe Systems Incorporated Adobe Acrobat IE Helper Version 7.0 for ActiveX .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89 {889D2FEB-5411-4565-8998-1DD2C5261283} [AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll Thunder Networking Technologies,LTD XunLeiBHO .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89 + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Exec [A ] 29. c:\program files\thunder network\thunder\thunder.exe Thunder Networking Technologies,LTD .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 F8 36 40 00 68 70 29 40 00 64 Script [A ] 30. c:\windows\web\related.htm + Explorer + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved RISING [A ] 31. c:\windows\system32\ravext.dll Beijing Rising Technology Co., Ltd. Rising Shell Ext Module .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 ScriptDropShellExt [A ] 32. c:\program files\acd systems\roboenhancer\scriptdropshellext.dll RoboEnhancer ScriptDropShellExt Module .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 WinRAR shell extension [A ] 33. c:\program files\winrar\rarext.dll .text,.data,.tls,.idata,.edata,.rsrc,.reloc, + Logon + HKLM\Software\Microsoft\Windows\CurrentVersion\Run RavTask [A ] 34. c:\program files\rising\rav\ravtask.exe Beijing Rising Technology Co., Ltd. RavTimer .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64 RfwMain [A ] 35. c:\program files\rising\rfw\rfwmain.exe Beijing Rising Technology Co., Ltd. Rising Personal FireWall Main Program .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64 runeip [AM] 36. c:\program files\rising\antispyware\runiep.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware Monitor .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64 + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce RavStub [AM] 37. c:\program files\rising\rav\ravstub.exe Beijing Rising Technology Co., Ltd. Rising RavStub .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64 KKDelay [A ] 38. c:\program files\rising\antispyware\runonce.exe Beijing Rising Technology Co., Ltd. RunOnce Application .text,.rdata,.data,.rsrc, 6A 60 68 18 51 40 00 E8 7F 0D 00 00 BF 94 00 00 + Boot Execute + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order BootExecute [A ] 39. c:\windows\system32\bsmain.exe Beijing Rising Technology Co., Ltd. BootScan .text,.data,.rsrc,.reloc, 55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64 [A ] 40. c:\windows\system32\kknative.exe Beijing Rising Technology Co., Ltd. NativeAp .text,.data,.rsrc,.reloc, 68 00 00 00 01 E8 91 F1 FF FF 6A 00 E8 A0 FF FF + Image Hijacks + HKCR\.html htmlfile\Edit\Command [A ] 41. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9 htmlfile\Print\Command [A ] 41. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9 + HKCR\.htm htmlfile\Edit\Command [A ] 41. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9 htmlfile\Print\Command [A ] 41. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9 + HKCR\.mp3 Audio.MP3\open\Command [A ] 42. c:\program files\ttplayer\ttplayer.exe Alen Soft 千千静听 .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 60 EA 4A 00 68 C0 6D 4A 00 64 Audio.MP3\PlayList\Command [A ] 42. c:\program files\ttplayer\ttplayer.exe Alen Soft 千千静听 .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 60 EA 4A 00 68 C0 6D 4A 00 64 + 其他自启动项目 + c:\autorun.inf open [A ] 43. c:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 43. c:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 43. c:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, + d:\autorun.inf open [A ] 44. d:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 44. d:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 44. d:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, + e:\autorun.inf open [A ] 45. e:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 45. e:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 45. e:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, + f:\autorun.inf open [A ] 46. f:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 46. f:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 46. f:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, + g:\autorun.inf open [A ] 47. g:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 47. g:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 47. g:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, + h:\autorun.inf open [A ] 48. h:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shellexecute [A ] 48. h:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2, shell\Auto\command [A ] 48. h:\auto.exe Microsoft Corporation \|8?0,\|8?1,\|8?2,
fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:

fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:	发表于： 2007-07-07 01:44 \| 只看楼主短消息资料字号：小中大 4楼 + 系统活动模块 + 000001c8(456) smss.exe + 00000200(512) wuauclt.exe + 0000021c(540) csrss.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000234(564) winlogon.exe 72C80000[00008000] [ M] 50. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24 00DC0000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000260(608) services.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 0000026c(620) lsass.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000310(784) svchost.exe 00BD0000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000330(816) svchost.exe 00900000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000384(900) svchost.exe 017E0000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 000003b0(944) svchost.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 000003f0(1008) svchost.exe 00600000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000544(1348) Explorer.EXE 01560000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 01610000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, 72C80000[00008000] [ M] 50. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24 02600000[0000E000] [AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll Adobe Systems Incorporated Adobe Acrobat IE Helper Version 7.0 for ActiveX .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89 7C340000[00056000] [ M] 52. c:\windows\system32\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF 23700000[0001A000] [ M] 53. c:\program files\rising\rav\rscommon.dll Beijing Rising Technology Co., Ltd. Rising Common Function Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 02290000[00019000] [AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll Thunder Networking Technologies,LTD XunLeiBHO .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89 222B0000[00009000] [ M] 54. c:\program files\thunder network\thunder\components\resworker\dsbho_00.dll DsBho .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 22280000[0000C000] [ M] 55. c:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll Thunder Networking Technologies,LTD DataProcessor .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 + 0000055c(1372) wscntfy.exe 00890000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 + 000005d0(1488) spoolsv.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 000005ec(1516) NOTEPAD.EXE 10000000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 + 00000628(1576) RavStub.exe 00400000[00018000] [AM] 37. c:\program files\rising\rav\ravstub.exe Beijing Rising Technology Co., Ltd. Rising RavStub .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64 10000000[0001B000] [ M] 56. c:\program files\rising\rav\rscommx.dll rising RsCommX .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 23700000[0001A000] [ M] 53. c:\program files\rising\rav\rscommon.dll Beijing Rising Technology Co., Ltd. Rising Common Function Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 00A60000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000734(1844) runiep.exe 00400000[00012000] [AM] 36. c:\program files\rising\antispyware\runiep.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware Monitor .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64 00C20000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 000007e0(2016) svchost.exe 10000000[00012000] [ M] 49. c:\windows\system32\666f796b.dll Microsoft Corporation ??0,??1,??2, + 00000af8(2808) iexplore.exe 10000000[0000E000] [AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll Adobe Systems Incorporated Adobe Acrobat IE Helper Version 7.0 for ActiveX .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89 7C340000[00056000] [ M] 52. c:\windows\system32\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF 00F40000[00019000] [AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll Thunder Networking Technologies,LTD XunLeiBHO .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89 222B0000[00009000] [ M] 54. c:\program files\thunder network\thunder\components\resworker\dsbho_00.dll DsBho .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 22280000[0000C000] [ M] 55. c:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll Thunder Networking Technologies,LTD DataProcessor .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 011C0000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 02A70000[00019000] [ M] 57. c:\program files\rising\rav\ravscrch.dll Beijing Rising Technology Co., Ltd. RavScrCh Module .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 30000000[002EF000] [ M] 58. c:\windows\system32\macromed\flash\flash9c.ocx Adobe Systems, Inc. Adobe Flash Player 9.0 r45 .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 C8 C9 1C 30 E8 67 EB FF FF 33 C0 40 89 72C80000[00008000] [ M] 50. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24 73900000[0002D000] [ M] 59. c:\windows\system32\jpwb.ime 常诚研制极品五笔输入法版本6.6 .text,.data,.sgroup,.ShareDa,.rsrc,.reloc, 55 8B EC 83 EC 30 8B 45 0C 53 56 57 33 FF 2B C7 + 00000ce8(3304) Ras.exe 00400000[0013D000] [ M] 60. c:\program files\rising\antispyware\ras.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware .text,.rdata,.data,.rsrc, 55 8B EC 6A FF 68 90 3A 4C 00 68 70 B7 4A 00 64 10000000[000A0000] [ M] 61. c:\program files\rising\antispyware\rasgui.dll Beijing Rising Technology Co., Ltd. RasGUI .text,.rdata,.data,.rsrc,.reloc, 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 01260000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89 + 00000d78(3448) ctfmon.exe 10000000[0001B000] [ M] 51. c:\program files\rising\antispyware\ieprot.dll Beijing Rising Technology Co., Ltd. IE Protector .text,.rdata,.data,.rsrc,.reloc, 6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
fatang 初生襁褓狮帖子:42 注册: 2006-09-14 来自:

旅者初生襁褓狮帖子:13 注册: 2003-05-20 来自:	发表于： 2007-07-07 08:18 \| 短消息资料字号：小中大 5楼没用，我试了好多办法都弄不掉，这个病毒一开机就自动联网下载病毒。导致机子病毒越来越多。好像是叫“木马下载器”病毒吧。
旅者初生襁褓狮帖子:13 注册: 2003-05-20 来自:

勇者¤斗恶龙初生襁褓狮帖子:3 注册: 2007-07-07 来自:	发表于： 2007-07-07 11:42 \| 短消息资料字号：小中大 6楼先把网线拔了
勇者¤斗恶龙初生襁褓狮帖子:3 注册: 2007-07-07 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2007-07-07 11:46 \| 短消息资料字号：小中大 7楼下载 System Repair Engineer， http://www.kztechs.com/sreng/download.html 1 解压缩sreng2.zip 2 把SREngPS.EXE改名为111.com运行 3 智能扫描=》扫描=》保存报告 4 把日志以自己Q号为名传共享
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

八戒归来初生襁褓狮帖子:20 注册: 2005-03-14 来自:	发表于： 2007-07-07 11:51 \| 短消息资料字号：小中大 8楼 1.下个AVG。安装了。 2.安全模式下，删掉AUTO文件，包括一个叫autorun.inf的，好象是这个。删不掉的话用工具删。通常会自动创建。 3.在各个盘建两空白文件夹。一个叫auto.exe 一个叫autorun.inf. 把他们改为只读，隐藏。 4.用AVG杀木马。 5.杀毒
八戒归来初生襁褓狮帖子:20 注册: 2005-03-14 来自:

八戒归来初生襁褓狮帖子:20 注册: 2005-03-14 来自:	发表于： 2007-07-07 11:53 \| 短消息资料字号：小中大 9楼这方法只能治标，不能治本。好象有些木马隐藏的好厉害，查不出来。但至少，暂时不会发作。
八戒归来初生襁褓狮帖子:20 注册: 2005-03-14 来自:

haohe的fans 叱咤花甲狮帖子:2818 注册: 2007-06-17 来自:	发表于： 2007-07-07 13:40 \| 短消息资料字号：小中大 10楼 ========Content======== http://www.kztechs.com/sreng/download.html 下载System Repair Engineer 1 解压缩sreng2.zip 2 运行SREng.exe 3 智能扫描=》扫描=》保存报告 4 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来） 5 扫日志的时候尽量把不必要的软件关闭如QQ TM等
haohe的fans 叱咤花甲狮帖子:2818 注册: 2007-06-17 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT