瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】主页设置为空白页,但是启动后自动跳到“5617网站”

12   1  /  2  页   跳转

【求助】主页设置为空白页,但是启动后自动跳到“5617网站”

收藏
灰灰狼尾巴
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-09-06
  • 来自:
发表于: 2006-08-07 21:05 | 只看楼主 短消息 资料
字号: 1楼

【求助】主页设置为空白页,但是启动后自动跳到“5617网站”

最近瑞星报告发现Blaster Rpc Exploit漏洞攻击。同时,每次启动浏览器都会跳到5617网站,重新设置过internet选项,而且使用魔法兔子锁定空白页为主页,还是没有用~为什么呢,我的主页设置没有问题啊-啊--啊!!
    瑞星也扫不出毒!!泪奔~
最后编辑2007-02-28 23:39:04
分享到:
gototop
 
山形依旧
头像
自信弱冠狮
  • 帖子:461
  • 注册: 2004-11-22
  • 来自:
发表于: 2006-08-07 21:07 | 短消息 资料
字号: 2楼

扫个LOG上来看一下
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-08-07 21:13 | 短消息 资料
字号: 3楼

请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 21:53 | 短消息 资料
字号: 4楼

55555555555我也是,那个flash.5617.com真讨厌!
瑞星查不出毒的,防火墙更新到最新也没用T-T
IE防漏墙也没提示。。。
偶老公帮我在url黑名单里添加了:
*.5617.com
*.5617.com/*
*.5617.com/*/*
还是会弹出来~~~
gototop
 
oarbznd
头像
初生襁褓狮
  • 帖子:143
  • 注册: 2007-02-26
  • 来自:
发表于: 2007-02-28 21:58 | 短消息 资料
字号: 5楼

try

==================

中恶意流氓,除了查杀恶意软件,ie和注册表修复功能也要用用,用卡卡和瑞星先试试看,不行的话在

用恶意软件清理助手 2.52 Build 可以试一试,再卸载

http://www.onlinedown.net/soft/42382.htm

和360安全卫士的删除恶意软件功能 www.360safe.com 可以试一试,(再卸载)

和兔子都试一试 再卸载
http://www.pctutu.com/soft/index.html

Ad-Aware SE Plus v1.06R1  删除恶意广告
http://www.crsky.com/soft/102.html

黄山IE修复专家 8.35  口碑也不错
http://www.onlinedown.net/soft/18437.htm

江民在线查毒
http://online.jiangmin.com/chadu.asp

金山在线查毒
http://shadu.duba.net/

开机时按F8安全模式

而且通过KAKA看看"进程管理"(通过发行者和时间)和系统启动项管理有没可疑的

若可疑文件被隐藏,双击我的电脑-工具-文件夹选项-查看-"显示所有文件和文件夹"---且把“隐藏受保护的系统文

件”的勾去掉--应用--确定


------
日志

HijackThis V1.99.1 汉化版
http://www.skycn.com/soft/15753.html

System Repair Engineer 2.3.13.690 正式版
http://www.newhua.com/soft/25562.htm
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 22:10 | 短消息 资料
字号: 6楼

[CODE]

2007-02-28,21:51:32

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; G:\PWINXP05\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <a6b6edb36a5ac12e3c648924c3c698b4><; "E:\gametool\d120jx210.12012.0.exe" -t 12012.0>  [N/A]
    <MSMSGS><; "G:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <MsnMsgr><; "G:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\WINDOWS\system32\a1g.exe>  [Microsoft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><; soundman.exe>  [Avance Logic, Inc.]
    <runeip><G:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Adobe Photo Downloader><"G:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe">  [Adobe Systems Incorporated]
    <TkBellExe><; G:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot>  [RealNetworks, Inc.]
    <Advanced Tools Check><; G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE>  [N/A]
    <assistse><; "G:\PROGRA~1\3721\assistse.exe">  [N/A]
    <AVWeb><; >  [N/A]
    <BigDogPath><; G:\PWINXP05\VM_STI.EXE USB PC Camera 301P>  [N/A]
    <ccApp><; "G:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [N/A]
    <dmcd><; C:\WINDOWS\system32\dmcd.exe>  [N/A]
    <dudu><; C:\WINDOWS\system32\dudu.exe>  [N/A]
    <helper.dll><; G:\PWINXP05\system32\rundll32.exe G:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <IMJPMIG8.1><; G:\PWINXP05\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <MsnQun><; G:\Program Files\MsnQun\MsnQun.exe>  [N/A]
    <NeroCheck><; G:\PWINXP05\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <NvCplDaemon><; RUNDLL32.EXE G:\PWINXP05\System32\NvCpl.dll,NvStartup>  [N/A]
    <NvMediaCenter><; RUNDLL32.EXE G:\PWINXP05\System32\NvMcTray.dll,NvTaskbarInit>  [N/A]
    <nwiz><; nwiz.exe /install>  [N/A]
    <PHIME2002A><; G:\PWINXP05\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; G:\PWINXP05\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <popo2004><; >  [N/A]
    <sp><; rundll32 G:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall>  [N/A]
    <StormCodec_Helper><; "G:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <Symantec NetDriver Monitor><; G:\PROGRA~1\SYMNET~1\SNDMon.exe>  [(Verified)Symantec Corporation]
    <Thunder><; "G:\Program Files\Sandai Technologies Inc\Thunder\ThunderShell.exe" /s>  [N/A]
    <yassistse><; "G:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
    <YLive.exe><; G:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><G:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><G:\PWINXP05\system32\userinit.exe,C:\WINDOWS\system32\a1g.exe,>  [N/A]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><G:\PWINXP05\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 22:11 | 短消息 资料
字号: 7楼

启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <G:\PWINXP05\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <G:\PWINXP05\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe><Symantec Corporation>
[Portable Media Serial Number / WmdmPmSp][Running/Auto Start]
  <G:\PWINXP05\System32\svchost.exe -k netsvcs-->G:\PWINXP05\System32\mspmspsv.dll><Microsoft Corporation>

==================================
驱动程序
[ahjhifdi / ahjhifdi][Stopped/System Start]
  <\??\G:\PWINXP05\system32\drivers\ahjhifdi.sys><N/A>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <System32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[fcdibfdc / fcdibfdc][Stopped/System Start]
  <\??\G:\PWINXP05\system32\drivers\fcdibfdc.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\G:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\G:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[oreans32 / oreans32][Stopped/System Start]
  <\??\G:\PWINXP05\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[RapFile / RapFile][Stopped/Manual Start]
  <\??\G:\PWINXP05\System32\drivers\RapFile.sys><Internet Security Systems, Inc.>
[RapNet / RapNet][Stopped/Manual Start]
  <\??\G:\PWINXP05\System32\drivers\RapNet.sys><Internet Security Systems, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Disabled]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\G:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[VIA AGP Bus Filter / viaagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAPFD / VIAPFD][Running/System Start]
  <\SystemRoot\System32\Drivers\VIAPFD.SYS><VIA Technologies. Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 22:12 | 短消息 资料
字号: 8楼

浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <g:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[shdoc1c.dll]
  {969BF939-52D0-45BE-99D8-C08746C90171} <C:\WINDOWS\system32\shdoc1c.dll, Microsoft>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <G:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <G:\PWINXP05\System32\msdxm.ocx, Microsoft Corporation>
[BitComet工具栏]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <G:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <G:\PWINXP05\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Minesweeper Flags Class]
  {2917297F-F02B-4B9D-81DF-494B6333150B} <G:\PWINXP05\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <G:\PWINXP05\DOWNLO~1\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <G:\PWINXP05\System32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <G:\PWINXP05\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <G:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\100~1.138\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <G:\PWINXP05\System32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <G:\PWINXP05\DOWNLO~1\INPUTC~1.DLL, >
[pcastup Class]
  {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} <G:\Program Files\PCAST\pCastCtl\pcastupdate.dll, N/A>
[MessengerStatsClient Class]
  {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <G:\PWINXP05\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <G:\PWINXP05\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <G:\PWINXP05\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[BoBo P2P多媒体网络点播/广播/直播系统 V3]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <G:\PWINXP05\DOWNLO~1\CONFLICT.1\BOBO_A~1.OCX, 广州易播信息科技有限公司>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <G:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[&使用迅雷下载]
  <G:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <G:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <G:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <G:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 22:12 | 短消息 资料
字号: 9楼

正在运行的进程
[PID: 1020][E:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [E:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [E:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [E:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [E:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [E:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [E:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [E:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [E:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [E:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [E:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [E:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [E:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[PID: 1648][G:\PWINXP05\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [G:\PWINXP05\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\shdoc1c.dll]  [Microsoft, 1.00]
[PID: 1680][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1984][G:\PWINXP05\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2000][G:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 4]
    [G:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 128][E:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 172][E:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [E:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [E:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 184][G:\PWINXP05\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2352][G:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3668][G:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [G:\PWINXP05\System32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [g:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [g:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [G:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\WINDOWS\system32\shdoc1c.dll]  [Microsoft, 1.00]
    [G:\PWINXP05\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2124][G:\Documents and Settings\eau\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [G:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
gototop
 
37370207
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-02-28
  • 来自:
发表于: 2007-02-28 22:13 | 短消息 资料
字号: 10楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["G:\PWINXP05\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================


[/CODE]



终于发完了~刚扫的SREngLOG.log
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT