瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 今天用瑞星杀出了好多病毒,用HijackThis检查了一下,请高手帮忙看一下!

12   1  /  2  页   跳转

今天用瑞星杀出了好多病毒,用HijackThis检查了一下,请高手帮忙看一下!

收藏
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-08-30 22:46 | 只看楼主 短消息 资料
字号: 1楼

今天用瑞星杀出了好多病毒,用HijackThis检查了一下,请高手帮忙看一下!

在这里先谢了!!
Logfile of HijackThis v1.99.1
Scan saved at 22:33:23, on 2006-8-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe
D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\gougou\桌面\HijackThis.exe

O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5002.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O3 - Toolbar: 实用搜索工具条V2.0 - {75D82598-4A3C-419e-99D2-3EB56D09CFD0} - C:\Program Files\UtilToolBar\utilbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT]  中文上网
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {3676996C-D8C6-4356-B4BE-3A80400C606E} ({3676996C-D8C6-4356-B4BE-3A80400C606E}) - http://www.vod588.com/BoBo_ActiveX_1.19b.ocx
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

进程列表:
Process list saved on 22:34:45, on 2006-8-30
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid]    [full path to filename]        [file version]    [company name]
452    C:\WINDOWS\System32\smss.exe        5.1.2600.2180    Microsoft Corporation
524    C:\WINDOWS\system32\winlogon.exe        5.1.2600.2180    Microsoft Corporation
568    C:\WINDOWS\system32\services.exe        5.1.2600.2180    Microsoft Corporation
580    C:\WINDOWS\system32\lsass.exe        5.1.2600.2180    Microsoft Corporation
732    C:\WINDOWS\system32\Ati2evxx.exe        6.14.10.4105   
748    C:\WINDOWS\system32\svchost.exe        5.1.2600.2180    Microsoft Corporation
880    C:\Program Files\Rising\Rav\CCenter.exe        18.0.0.3    Beijing Rising Technology Co., Ltd.
904    C:\WINDOWS\System32\svchost.exe        5.1.2600.2180    Microsoft Corporation
1220    c:\program files\rising\rfw\rfwsrv.exe        4.0.0.32    Beijing Rising Technology Co., Ltd.
1336    C:\WINDOWS\system32\spoolsv.exe        5.1.2600.2696    Microsoft Corporation
1660    C:\WINDOWS\system32\drivers\CDAC11BA.EXE        4.20.30.0    Macrovision
1764    C:\WINDOWS\system32\svchost.exe        5.1.2600.2180    Microsoft Corporation
996    C:\WINDOWS\Explorer.EXE        6.0.2900.2180    Microsoft Corporation
1356    c:\program files\rising\rfw\RfwMain.exe        4.0.0.52    Beijing Rising Technology Co., Ltd.
272    C:\WINDOWS\System32\svchost.exe        5.1.2600.2180    Microsoft Corporation
372    C:\Program Files\Rising\Rav\RavTask.exe        18.0.0.22    Beijing Rising Technology Co., Ltd.
404    C:\Program Files\Rising\Rav\Ravmon.exe        18.0.1.33    Beijing Rising Technology Co., Ltd.
1188    C:\WINDOWS\system32\ctfmon.exe        5.1.2600.2180    Microsoft Corporation
1784    C:\Program Files\Rising\Rav\Ravmond.exe        18.0.1.35    Beijing Rising Technology Co., Ltd.
2128    C:\Program Files\Rising\Rav\RavStub.exe        18.0.0.16    Beijing Rising Technology Co., Ltd.
2332    C:\Program Files\Rising\Rav\Rav.exe        18.0.0.75    Beijing Rising Technology Co., Ltd.
2356    C:\Program Files\Rising\Rav\RsAgent.exe        18.0.0.12    Beijing Rising Technology Co., Ltd.
2376    C:\WINDOWS\msagent\AgentSvr.exe        2.0.0.3422    Microsoft Corporation
2664    C:\WINDOWS\system32\conime.exe        5.1.2600.2180    Microsoft Corporation
2712    D:\Program Files\Tencent\TT\TTraveler.exe        3.0.0.250    腾讯公司
3020    D:\Program Files\Tencent\QQ\QQ.exe        0.0.0.0    TENCENT
3056    D:\Program Files\Tencent\QQ\TIMPlatform.exe        0.3.1.8    tencent
344    D:\Program Files\Tencent\QQ\QQ.exe        0.0.0.0    TENCENT
2252    D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe        1.6.6.529    淘宝(中国)软件有限公司
2632    D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe        1.6.6.529    淘宝(中国)软件有限公司
2836    C:\WINDOWS\system32\rundll32.exe        5.1.2600.2180    Microsoft Corporation
1112    C:\Documents and Settings\gougou\桌面\HijackThis.exe        1.99.0.1    Soeperman Enterprises Ltd.
1428    C:\WINDOWS\system32\NOTEPAD.EXE        5.1.2600.2180    Microsoft Corporation


不知道有什么问题~ !请帮忙看一下~

最后编辑2006-09-06 12:08:02
分享到:
gototop
 
秋日里的蓝天
头像
卡卡技术团队
  • 帖子:7349
  • 注册: 2004-09-30
  • 来自:
发表于: 2006-08-30 23:01 | 短消息 资料
字号: 2楼

O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
请下载LSPFix和WinsockXPFix这两个软件,
小软件下载
http://free5.ys168.com/?ufwihgu168
  重新启动电脑, 进入安全模式。运行LSPFix.exe,删除:
quartz32.dll
说明:
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时,请关闭所有IE界面和文件夹界面后运行LSPFix。运行后,
把要修复的那一个O10项从左边转到右边,点“Finish”即可。
修复后重启计算机,如果无法上网,请运行WinsockXPFix,
让它修复一下。

运行Hijackthis,把下面的选中打上钩,修复
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5002.dll
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\BaiDu\bar\BaiduBar.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer

删除:C:\WINDOWS\system32\spoolsv\spoolsv.exe
gototop
 
艾玛
头像
大版主
  • 帖子:18894
  • 注册: 2004-01-01
  • 来自:
卡卡名人堂论坛9周年纪念
发表于: 2006-08-30 23:03 | 短消息 资料
字号: 3楼

O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL
以上的修复,删除相关文件



O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
这一项似乎你处理过,但未清除干净.



O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll


quartz32.dll这个清理需搜索一下处理方法的贴子,然后处理.
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-08-30 23:24 | 只看楼主 短消息 资料
字号: 4楼

谢谢 秋日里的蓝天 和版主 艾玛 的帮忙,我现在还在用瑞星杀毒,我尝试下按照你们的方法处理一下!
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-08-30 23:43 | 只看楼主 短消息 资料
字号: 5楼

还有请教一下,我的电脑会突然关机,这时开机电源和硬盘灯都亮就是启动不了,要关机隔一段时间才能正常启动.而且电脑不能用"开始"=>重新启动热启动.请问是不是病毒的问题.
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-08-31 00:41 | 短消息 资料
字号: 6楼

建议楼主修复后重启。
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-09-03 04:54 | 只看楼主 短消息 资料
字号: 7楼

2006-09-03,04:07:26

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <WangWang><; "d:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [淘宝(中国)软件有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-09-03 04:54 | 只看楼主 短消息 资料
字号: 8楼

浏览器加载项
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5002.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[{3676996C-D8C6-4356-B4BE-3A80400C606E}]
  {3676996C-D8C6-4356-B4BE-3A80400C606E} <C:\WINDOWS\DOWNLO~1\BOBO_A~1.OCX, 17BoBo.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5002.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\gougou\APPLIC~1\ppStream\100~1.139\POWERP~1.DLL, PPStream Inc.>
[实用搜索工具条V2.0]
  {75D82598-4A3C-419E-99D2-3EB56D09CFD0} <C:\Program Files\UtilToolBar\utilbar.dll, Shanghai Leysin Technology Co, Ltd.>
[PPRich]
  {9D966685-3D58-4170-B008-05BD7C1628B0} <C:\PROGRA~1\PPRich\PPRich.ocx, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-09-03 04:55 | 只看楼主 短消息 资料
字号: 9楼

正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 568][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 580][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 736][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 748][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 816][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 900][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 948][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1092][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
gototop
 
奔跑的西马
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2006-08-30
  • 来自:
发表于: 2006-09-03 04:56 | 只看楼主 短消息 资料
字号: 10楼

[PID: 1188][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [c:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1408][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1796][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.030>
[PID: 1880][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [d:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 101, 20>
[PID: 1888][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1904][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1912][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 788][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 864][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1624][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2204][D:\Program Files\Tencent\TT\TTraveler.exe]  <腾讯公司><3.0.0.250>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [D:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [D:\Program Files\Tencent\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2300][C:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2680][C:\WINDOWS\system32\mmc.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2828][C:\WINDOWS\system32\DfrgNtfs.exe]  <Microsoft Corp. and Executive Software International, Inc.><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3164][C:\WINDOWS\system32\DfrgFat.exe]  <Microsoft Corp. and Executive Software International, Inc.><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3212][D:\PROGRA~1\Tencent\TT\TCPlus.exe]  <腾讯公司><2.0.0.21>
    [D:\PROGRA~1\Tencent\TT\TDMANA~1.DLL]  <腾讯公司><2.0.0.21>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [D:\PROGRA~1\Tencent\TT\TDTask.dll]  <腾讯公司><2.0.0.21>
[PID: 3344][C:\WINDOWS\system32\DfrgFat.exe]  <Microsoft Corp. and Executive Software International, Inc.><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3408][C:\WINDOWS\system32\DfrgFat.exe]  <Microsoft Corp. and Executive Software International, Inc.><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3492][C:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 3512][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
[PID: 240][D:\常用工具\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT