瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】木马WebLockLib C:\WINDOWS\system32\nt.sys

1234   1  /  4  页   跳转

【求助】木马WebLockLib C:\WINDOWS\system32\nt.sys

收藏
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 13:04 | 只看楼主 短消息 资料
字号: 1楼

【求助】木马WebLockLib C:\WINDOWS\system32\nt.sys

用卡卡助手查杀恶意软件找到的,杀了之后重起就又有了,怎么办?

附件附件:

下载次数:1359
文件类型:image/pjpeg
文件大小:
上传时间:2006-11-17 13:04:23
描述:



最后编辑2007-02-07 21:24:09
分享到:
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 13:07 | 只看楼主 短消息 资料
字号: 2楼

木马克星分析报告:2006-11-17 12:56:43
==================================================
内存中的进程:
[System Process]
alg.exe
CCenter.exe
Client.exe
csrss.exe
ctfmon.exe
Explorer.EXE
Iparmor.exe
lsass.exe
qq.exe
RavMon.exe
RavMonD.exe
RavStub.exe
RavTask.exe
RfwMain.exe
rfwProxy.exe
rfwsrv.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
System
taskmgr.exe
TTraveler.exe
winlogon.exe
C:\windows\system32\advapi32.dll
C:\windows\system32\appHelp.dll
C:\windows\system32\CLBCATQ.DLL
C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
C:\windows\system32\comdlg32.dll
C:\windows\system32\COMRes.dll
C:\windows\system32\CRYPT32.dll
C:\windows\system32\CRYPTUI.dll
C:\windows\system32\DNSAPI.dll
C:\windows\system32\GDI32.dll
F:\Iparmor\getportlistxp.dll
C:\windows\system32\hnetcfg.dll
F:\Iparmor\hookhookdll.dll
C:\windows\system32\IMAGEHLP.dll
C:\windows\system32\ImgUtil.dll
C:\windows\system32\IMM32.DLL
F:\Iparmor\Iparmor.exe
C:\windows\system32\iphlpapi.dll
C:\windows\system32\jscript.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\LPK.DLL
C:\windows\system32\MFC42.DLL
C:\windows\system32\MFC42LOC.DLL
C:\windows\system32\midimap.dll
C:\windows\system32\mlang.dll
C:\windows\system32\mpr.dll
C:\windows\system32\MSACM32.dll
C:\windows\system32\msacm32.drv
C:\Program Files\Common Files\System\msadc\msadco.dll
C:\Program Files\Common Files\System\msadc\msadcor.dll
C:\windows\system32\MSASN1.dll
C:\windows\system32\MSCTF.dll
C:\windows\system32\msctfime.ime
C:\windows\system32\MSDART.DLL
C:\windows\system32\Mshtml.dll
C:\WINDOWS\system32\msimtf.dll
C:\windows\system32\msls31.dll
C:\windows\system32\msv1_0.dll
C:\windows\system32\msvcrt.dll
C:\windows\system32\mswsock.dll
C:\windows\system32\netapi32.dll
C:\windows\system32\ntdll.dll
C:\windows\system32\ole32.dll
C:\windows\system32\oleaut32.dll
C:\windows\system32\oledlg.dll
C:\windows\system32\olepro32.dll
C:\windows\system32\pngfilt.dll
C:\windows\system32\PSAPI.DLL
C:\windows\system32\rasadhlp.dll
C:\windows\system32\RASAPI32.DLL
C:\windows\system32\rasman.dll
C:\Program Files\Rising\Rav\RavScrCh.dll
C:\windows\system32\RICHED20.DLL
C:\windows\system32\RPCRT4.dll
C:\windows\system32\rtutils.dll
C:\windows\system32\Secur32.dll
C:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\shdocvw.dll
C:\windows\system32\shell32.dll
C:\windows\system32\SHLWAPI.dll
F:\Iparmor\socketinit.dll
C:\windows\system32\SXS.DLL
C:\windows\system32\TAPI32.dll
C:\windows\system32\urlmon.dll
C:\windows\system32\user32.dll
C:\windows\system32\USERENV.dll
C:\windows\system32\USP10.dll
C:\windows\system32\uxtheme.dll
C:\windows\system32\vbscript.dll
C:\windows\system32\version.dll
C:\windows\system32\wdmaud.drv
C:\windows\system32\wininet.dll
C:\windows\system32\winmm.dll
C:\windows\system32\winspool.drv
C:\windows\system32\WINTRUST.dll
C:\windows\system32\WLDAP32.dll
C:\windows\system32\WS2_32.dll
C:\windows\system32\WS2HELP.dll
C:\windows\System32\wshtcpip.dll
C:\windows\system32\wsock32.dll
C:\windows\system32\xpsp2res.dll
C:\windows\system32\ADVAPI32.dll
E:\QQTang\ATL.DLL
E:\QQTang\audiere.dll
E:\QQTang\boost_python.dll
E:\QQTang\client.exe
C:\windows\system32\comctl32.dll
E:\QQTang\Core.dll
C:\windows\system32\DCIMAN32.dll
C:\windows\system32\DDRAW.dll
C:\windows\system32\DINPUT.dll
E:\QQTang\displaySw.dll
C:\windows\system32\dsound.dll
C:\windows\system32\Macromed\Flash\Flash9.ocx
E:\QQTang\gameUI.dll
C:\windows\system32\HID.DLL
C:\WINDOWS\system32\iepeers.dll
C:\windows\system32\IMM32.dll
C:\windows\system32\KsUser.dll
E:\QQTang\MFC42.DLL
C:\WINDOWS\system32\mshtmled.dll
E:\QQTang\MSVCP60.dll
C:\windows\system32\MSVCRT.dll
C:\windows\System32\mswsock.dll
C:\windows\system32\NETAPI32.dll
E:\QQTang\NetCenter.dll
C:\windows\system32\OLEAUT32.dll
C:\windows\system32\psapi.dll
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 13:08 | 只看楼主 短消息 资料
字号: 3楼

E:\QQTang\python23.dll
E:\QQTang\QQTAvatar.dll
E:\QQTang\QQTDir.dll
E:\QQTang\QQTDownloadCenter.dll
E:\QQTang\QQTEncoder.dll
E:\QQTang\QQTHelp.dll
E:\QQTang\QQTModules.dll
E:\QQTang\QQTPing.dll
E:\QQTang\QQTPPP.dll
E:\QQTang\QQTShop2ND.dll
E:\QQTang\QQTStatistic.dll
E:\QQTang\QQTTempDll.dll
E:\QQTang\QQTWebMgr.dll
C:\windows\system32\SHELL32.dll
C:\windows\system32\USER32.dll
C:\windows\system32\VERSION.dll
C:\windows\system32\winabc.ime
C:\windows\system32\WININET.dll
C:\windows\system32\WINMM.dll
C:\windows\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\windows\system32\WSOCK32.dll
E:\QQTang\zlib1.dll
C:\windows\AppPatch\AcGenral.DLL
C:\windows\system32\ctfmon.exe
C:\windows\system32\MSUTB.dll
C:\windows\system32\ShimEng.dll
C:\windows\system32\UxTheme.dll
C:\windows\system32\ACTIVEDS.dll
C:\windows\system32\Actxprxy.dll
C:\windows\system32\adsldpc.dll
C:\windows\system32\ATL.DLL
C:\WINDOWS\system32\BatMeter.dll
C:\windows\system32\browselc.dll
C:\windows\system32\BROWSEUI.dll
C:\WINDOWS\system32\credui.dll
C:\windows\System32\CSCDLL.dll
C:\windows\System32\cscui.dll
C:\windows\System32\davclnt.dll
C:\windows\System32\drprov.dll
C:\windows\Explorer.EXE
C:\windows\system32\folderui.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\windows\system32\LINKINFO.dll
C:\windows\system32\MLANG.dll
C:\windows\system32\MPR.dll
C:\windows\system32\MPRAPI.dll
C:\WINDOWS\system32\MSCTF.dll
C:\windows\system32\MSGINA.dll
C:\windows\system32\msi.dll
C:\windows\system32\MSIMG32.dll
C:\WINDOWS\system32\msutb.dll
C:\windows\system32\mydocs.dll
C:\windows\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\windows\System32\NETUI0.dll
C:\windows\System32\NETUI1.dll
C:\windows\System32\ntlanman.dll
C:\windows\system32\ntshrui.dll
C:\windows\system32\ODBC32.dll
C:\windows\system32\odbcint.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\Program Files\WinRAR\rarext.dll
C:\windows\system32\RASAPI32.dll
C:\windows\system32\RASDLG.dll
C:\windows\system32\RavExt.dll
C:\windows\system32\rsaenh.dll
C:\Program Files\Rising\Rav\RSCOMMON.DLL
C:\WINDOWS\system32\rtutils.dll
C:\windows\System32\SAMLIB.dll
C:\windows\system32\shdoclc.dll
C:\windows\system32\SHDOCVW.dll
C:\WINDOWS\system32\stobject.dll
C:\windows\system32\themeui.dll
C:\windows\system32\webcheck.dll
C:\windows\system32\WINSTA.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\windows\system32\asycfilt.dll
D:\QQ\BasicCtrlDll.dll
D:\QQ\BQQApplication.dll
C:\windows\system32\browseui.dll
D:\QQ\CameraDll.dll
D:\QQGame\CmdCenter.dll
D:\QQ\CommercesMng.dll
D:\QQGame\COMToolKit.dll
D:\QQGame\Core.dll
D:\QQ\CQQApplication.dll
D:\QQ\FlashAvatarDll.dll
D:\QQGame\GameLogAidMgr.dll
D:\QQGame\GameLogCore.Dll
C:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
D:\QQ\GroupConnection.dll
D:\QQGame\HelpDll.dll
D:\QQ\HostingMgr.dll
D:\QQ\ImageOle.dll
D:\QQ\LoginCtrl.dll
D:\QQ\LongConnection.dll
D:\QQ\MFC42.DLL
C:\windows\system32\msadp32.acm
C:\windows\system32\MSVCP60.dll
C:\windows\system32\MSVFW32.dll
D:\QQGame\NetCenter.dll
D:\QQ\NewSkin.dll
C:\windows\system32\OLEPRO32.DLL
D:\QQ\PersonalDesktop.dll
D:\QQ\QQ.exe
D:\QQ\QQAddr.dll
D:\QQ\QQAllInOne.dll
D:\QQ\QQAPI.dll
D:\QQ\QQAvatar.dll
D:\QQ\QQBaseClassInDll.dll
D:\QQ\QQConfigPlugin.dll
D:\QQ\QQCustomFace.dll
D:\QQGame\QQGameAvatar.dll
D:\QQ\QQGroupMng.dll
D:\QQ\QQHelperDll.dll
D:\QQ\QQMainFrame.dll
D:\QQ\QQPet.dll
D:\QQ\QQPlugin.dll
D:\QQ\QQRes.dll
D:\QQ\QQSceneMng.dll
D:\QQ\QQSpace.dll
D:\QQ\QQSysMsgMng.dll
D:\QQ\QQUdpGetFileLib.dll
D:\QQ\QRingMng.dll
D:\QQGame\ResEx.dll
D:\QQ\RICHED20.dll
D:\QQ\RICHED32.DLL
D:\QQ\SCCore.dll
D:\QQ\UserDefinedHead.dll
C:\Program Files\rising\rav\BWList.dll
C:\Program Files\rising\rav\CfgDll.dll
C:\windows\system32\perfproc.dll
C:\Program Files\rising\rav\PngDll.dll
C:\Program Files\rising\rav\RavMon.exe
C:\Program Files\rising\rav\RSAPPMGR.DLL
C:\Program Files\rising\rav\RSCOMMON.DLL
C:\Program Files\rising\rav\RsCommX.dll
C:\Program Files\rising\rav\RsGuiLib.dll
C:\windows\system32\wtsapi32.dll
C:\Program Files\Rising\Rav\BWList.dll
C:\Program Files\Rising\Rav\CfgDll.dll
C:\Program Files\Rising\Rav\engine.dll
C:\Program Files\Rising\Rav\expscan.dll
C:\Program Files\Rising\Rav\ExtFile.dll
C:\Program Files\Rising\Rav\ExtMail.dll
C:\Program Files\Rising\Rav\ExtOLE.dll
C:\Program Files\Rising\Rav\HOOKSYS.dll
C:\Program Files\Rising\Rav\HookWeb.dll
C:\Program Files\Rising\Rav\libload.dll
C:\Program Files\Rising\Rav\MailMon.dll
C:\Program Files\Rising\Rav\MemMon.dll
C:\Program Files\Rising\Rav\mPorts.dll
C:\Program Files\Rising\Rav\NvFile.dll
C:\Program Files\Rising\Rav\PostTrt.dll
C:\Program Files\Rising\Rav\psapi.dll
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\regmon.dll
C:\Program Files\Rising\Rav\RSAPPMGR.DLL
C:\Program Files\Rising\Rav\RsCommX.dll
C:\Program Files\Rising\Rav\RsLog.dll
C:\Program Files\Rising\Rav\RsPPsys.dll
C:\Program Files\Rising\Rav\RSUnpack.dll
C:\Program Files\Rising\Rav\ScanEx.dll
C:\Program Files\Rising\Rav\ScanExec.dll
C:\Program Files\Rising\Rav\ScanMac.dll
C:\Program Files\Rising\Rav\Scanner.dll
C:\Program Files\Rising\Rav\ScanSct.dll
C:\Program Files\Rising\Rav\SpamEng.dll
C:\Program Files\Rising\Rav\UnExe.dll
C:\Program Files\Rising\Rav\Unpacker.dll
C:\Program Files\Rising\Rav\VirusLib.dll
C:\windows\system32\odbccp32.dll
C:\Program Files\Rising\Rav\RavTask.exe
C:\windows\system32\VBAJET32.DLL
C:\windows\system32\Apphelp.dll
c:\program files\rising\rfw\PngDll.dll
c:\program files\rising\rfw\RfwMain.exe
c:\program files\rising\rfw\RSCOMMON.DLL
c:\program files\rising\rfw\RsGuiLib.dll
C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
C:\windows\system32\taskmgr.exe
C:\windows\system32\UTILDLL.dll
C:\windows\system32\VDMDBG.dll
C:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\windows\system32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\windows\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\DCIMAN32.dll
C:\WINDOWS\system32\DDRAW.dll
C:\WINDOWS\system32\ddrawex.dll
C:\windows\system32\dssenh.dll
C:\windows\system32\expsrv.dll
C:\windows\system32\HLINK.DLL
C:\windows\system32\kakatool.dll
C:\windows\system32\MFC42u.DLL
C:\Program Files\Common Files\System\ado\msado15.dll
C:\windows\system32\mshtml.dll
C:\windows\system32\Msimg32.dll
C:\WINDOWS\system32\msjet40.dll
C:\WINDOWS\system32\msjetoledb40.dll
C:\WINDOWS\system32\MSJINT40.DLL
C:\WINDOWS\system32\msjter40.dll
C:\WINDOWS\system32\msjtes40.dll
C:\windows\system32\msratelc.dll
C:\windows\system32\MSRATING.dll
C:\WINDOWS\system32\mswstr10.dll
C:\windows\system32\msxml3.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\windows\system32\OLEACC.dll
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
D:\TT\PersonalDesktop.dll
D:\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll
C:\windows\system32\RESUTILS.DLL
C:\windows\system32\schannel.dll
D:\TT\TTraveler.exe
C:\windows\system32\WINHTTP.dll
C:\WINDOWS\system32\WSOCK32.dll
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 13:09 | 只看楼主 短消息 资料
字号: 4楼

==================================================
启动项目:
C:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\PROGRAM FILES\RISING\RAV\RAVPROXY.EXE
"C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
"C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
C:\WINDOWS\SYSTEM32\CTFMON.EXE
desktop.ini

==================================================
系统服务列表:
Abiosdsk
system32\DRIVERS\ACPI.sys
ACPIEC
system32\drivers\aec.sys
\SystemRoot\System32\drivers\afd.sys
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\System32\alg.exe
System32\DRIVERS\aliide.sys
system32\DRIVERS\amdk7.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
asc3350p
system32\DRIVERS\asyncmac.sys
system32\DRIVERS\atapi.sys
Atdisk
system32\DRIVERS\atmarpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\audstub.sys
System32\DRIVERS\BaseTDI.SYS
BattC
Beep
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
cbidf2k
cd20xrnt
Cdaudio
Cdfs
system32\DRIVERS\cdrom.sys
Changer
%SystemRoot%\system32\cisvc.exe
%SystemRoot%\system32\clipsrv.exe
System32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ContentFilter
ContentIndex
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost -k DcomLaunch
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\disk.sys
%SystemRoot%\System32\dmadmin.exe /com
System32\drivers\dmboot.sys
System32\drivers\dmio.sys
System32\drivers\dmload.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\DMusic.sys
%SystemRoot%\system32\svchost.exe -k NetworkService
system32\drivers\drmkaud.sys
\SystemRoot\System32\Drivers\dtscsi.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\services.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
\??\C:\Program Files\Rising\Rav\ExpScan.sys
Fastfat
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\fdc.sys
system32\DRIVERS\fetnd5.sys
Fips
system32\DRIVERS\flpydisk.sys
system32\DRIVERS\fltMgr.sys
system32\DRIVERS\fsvga.sys
Fs_Rec
system32\DRIVERS\ftdisk.sys
system32\DRIVERS\gameenum.sys
system32\DRIVERS\msgpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\hidusb.sys
\??\C:\Program Files\Rising\Rav\HOOKCONT.sys
\??\C:\Program Files\Rising\Rav\HookReg.sys
\??\C:\Program Files\Rising\Rav\HookSys.sys
\??\C:\Program Files\Rising\Rfw\HookUrl.sys
System32\Drivers\HTTP.sys
%SystemRoot%\System32\svchost.exe -k HTTPFilter
i2omgmt
system32\DRIVERS\i8042prt.sys
system32\DRIVERS\imapi.sys
C:\WINDOWS\system32\imapi.exe
inetaccs
Inport
System32\DRIVERS\intelide.sys
system32\DRIVERS\Ip6Fw.sys
system32\DRIVERS\ipfltdrv.sys
system32\DRIVERS\ipinip.sys
system32\DRIVERS\ipnat.sys
system32\DRIVERS\ipsec.sys
system32\DRIVERS\irenum.sys
ISAPISearch
system32\DRIVERS\isapnp.sys
system32\DRIVERS\kbdclass.sys
system32\drivers\kmixer.sys
KSecDD
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
lbrtfdc
ldap
LicenseService
%SystemRoot%\system32\svchost.exe -k LocalService
System32\DRIVERS\MegaIDE.sys
\??\C:\Program Files\Rising\Rav\MEMSCAN.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
mnmdd
C:\WINDOWS\system32\mnmsrvc.exe
Modem
system32\DRIVERS\mouclass.sys
MountMgr
\??\c:\program files\rising\rfw\mProcRs.sys
system32\DRIVERS\mrxdav.sys
system32\DRIVERS\mrxsmb.sys
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 13:09 | 只看楼主 短消息 资料
字号: 5楼

C:\WINDOWS\system32\msdtc.exe
Msfs
C:\WINDOWS\system32\msiexec.exe /V
system32\drivers\MSKSSRV.sys
system32\drivers\MSPCLOCK.sys
system32\drivers\MSPQM.sys
system32\DRIVERS\mssmbios.sys
system32\drivers\msmpu401.sys
Mup
NDIS
system32\DRIVERS\ndistapi.sys
system32\DRIVERS\ndisuio.sys
system32\DRIVERS\ndiswan.sys
NDProxy
system32\DRIVERS\netbios.sys
system32\DRIVERS\netbt.sys
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
nm
system32\DRIVERS\npf.sys
Npfs
\??\E:\珊瑚虫QQ\npkcrypt.sys
Ntfs
%SystemRoot%\system32\lsass.exe
%SystemRoot%\system32\svchost.exe -k netsvcs
Null
system32\DRIVERS\nv4_mini.sys
system32\DRIVERS\nwlnkflt.sys
system32\DRIVERS\nwlnkfwd.sys
\??\C:\windows\system32\drivers\nwlnksipx.sys
system32\DRIVERS\parport.sys
PartMgr
ParVdm
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\pci.sys
PCIDump
System32\DRIVERS\pciide.sys
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
PerfDisk
PerfNet
PerfOS
PerfProc
%SystemRoot%\system32\services.exe
system32\Drivers\pnp01075.sys
%SystemRoot%\system32\lsass.exe
PortProxy
system32\DRIVERS\raspptp.sys
system32\DRIVERS\processr.sys
%SystemRoot%\system32\lsass.exe
system32\DRIVERS\psched.sys
system32\DRIVERS\ptilink.sys
System32\Drivers\PxHelp20.sys
system32\DRIVERS\rasacd.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\rasl2tp.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\raspppoe.sys
system32\DRIVERS\raspti.sys
system32\DRIVERS\rdbss.sys
System32\DRIVERS\RDPCDD.sys
RDPDD
system32\DRIVERS\rdpdr.sys
RDPNP
RDPWD
C:\WINDOWS\system32\sessmgr.exe
system32\DRIVERS\redbook.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k LocalService
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
%SystemRoot%\system32\locator.exe
%SystemRoot%\system32\svchost -k rpcss
system32\drivers\RsBoot.sys
"C:\Program Files\Rising\Rav\CCenter.exe"
\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys
\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys
"C:\Program Files\Rising\Rav\Ravmond.exe"
%SystemRoot%\system32\rsvp.exe
system32\DRIVERS\RTL8139.SYS
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\secdrv.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\serenum.sys
system32\DRIVERS\serial.sys
\SystemRoot\system32\SetupNT.sys
Sfloppy
%SystemRoot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087
Simbad
system32\drivers\splitter.sys
%SystemRoot%\system32\spoolsv.exe
System32\Drivers\sptd.sys
\SystemRoot\system32\DRIVERS\sr.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\srv.sys
%SystemRoot%\system32\svchost.exe -k LocalService
\??\C:\Program Files\DFVSX\net\SSIKRNL.sys
%SystemRoot%\system32\svchost.exe -k imgsvc
system32\DRIVERS\swenum.sys
system32\drivers\swmidi.sys
C:\WINDOWS\system32\dllhost.exe /Processid:{14C22421-EDF3-43EA-B0FD-8710C5F29675}
system32\drivers\sysaudio.sys
%SystemRoot%\system32\smlogsvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\DRIVERS\tcpip.sys
TDPIPE
TDTCP
system32\DRIVERS\termdd.sys
%SystemRoot%\System32\svchost -k DComLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\tlntsvr.exe
TosIde
%SystemRoot%\system32\svchost.exe -k netsvcs
TSDDD
system32\DRIVERS\tunmp.sys
Udfs
system32\DRIVERS\update.sys
%SystemRoot%\system32\svchost.exe -k LocalService
%SystemRoot%\System32\ups.exe
system32\DRIVERS\usbccgp.sys
system32\DRIVERS\usbehci.sys
system32\DRIVERS\usbhub.sys
system32\DRIVERS\USBSTOR.SYS
system32\DRIVERS\usbuhci.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
\SystemRoot\System32\drivers\vga.sys
system32\DRIVERS\viaagp.sys
system32\DRIVERS\viaide.sys
system32\drivers\viaudios.sys
VolSnap
%SystemRoot%\System32\vssvc.exe
VxD
%SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC
system32\DRIVERS\wanarp.sys
WDICA
system32\drivers\wdmaud.sys
%SystemRoot%\system32\svchost.exe -k LocalService
%systemroot%\system32\svchost.exe -k netsvcs
Winsock
WinSock2
WinTrust
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
WmiApRpl
C:\WINDOWS\system32\wbem\wmiapsrv.exe
\SystemRoot\System32\drivers\ws2ifsl.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%systemroot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\windows\system32\drivers\xinstall.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\ymzi9sp.sys
{9A075C6E-5809-4FA4-8B28-E8CFBBCC2496}
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 18:32 | 只看楼主 短消息 资料
字号: 6楼

HijackThis_815汉化版扫描日志 V1.99.1
保存于 13:29:54, 日期 2006-11-17
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\windows\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\rising\rav\RavMon.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\taskmgr.exe
D:\TT\TTraveler.exe
D:\QQ\QQ.exe
F:\反病毒\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\windows\system32\xunleibho_v14.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\rising\rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\rising\rav\RavMon.exe
O4 - 启动项HKLM\\Run: [popproxy] C:\Program Files\rising\Rav\RavProxy.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\RuunServices:[csrss] C:\WINDOWS\csrss.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\讯雷\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\讯雷\getallurl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{44B31DF1-E0D6-4010-9DA3-77A9F1A35EF2}: NameServer = 202.101.172.46 202.101.172.47
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Registry Protector (SHipING) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2006-11-17 18:35 | 短消息 资料
字号: 7楼

C:\WINDOWS\csrss.exe
http://forum.ikaka.com/topic.asp?board=28&artid=7040084
gototop
 
6981313
头像
强壮不惑狮
  • 帖子:880
  • 注册: 2006-04-24
  • 来自:
发表于: 2006-11-17 18:37 | 短消息 资料
字号: 8楼

修复:
O4 - HKCU\..\RuunServices:[csrss] C:\WINDOWS\csrss.exe
安全模式下,显示隐藏文件和文件夹,删除:

C:\WINDOWS\csrss.exe

另扫SRENG日志传上来,估计这个是驱动级的.
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 19:11 | 只看楼主 短消息 资料
字号: 9楼

2006-11-17,18:58:13

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <csrss><C:\WINDOWS\csrss.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTimer><C:\Program Files\rising\rav\RavTimer.exe>  [N/A]
    <RavMon><C:\Program Files\rising\rav\RavMon.exe>  [Beijing Rising Technology Co., Ltd.]
    <popproxy><C:\Program Files\rising\Rav\RavProxy.exe>  [N/A]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\windows\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Storage Center / Patterns]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\windows\system32\spted.dll><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[System Event Notification / SENS]
  <C:\windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\kkyxgfni.dll><N/A>
[Registry Protector / SHipING]
  <C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
驱动程序
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dtscsi / dtscsi]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MegaIDE / MegaIDE]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\E:\珊瑚虫QQ\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
  <\??\C:\windows\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[PNP01270 / PNP01270]
  <\SystemRoot\system32\Drivers\pnp01075.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SetupNT / SetupNT]
  <\SystemRoot\system32\SetupNT.sys><N/A>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SSIKRNL / SSIKRNL]
  <\??\C:\Program Files\DFVSX\net\SSIKRNL.sys><N/A>
[TrojanFindDriverNT / TrojanFindDriverNT]
  <\??\C:\windows\system32\NtDriver.sys><N/A>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\viaudios.sys><VIA Technologies, Inc.>
gototop
 
demen
头像
拙长孩提狮
  • 帖子:71
  • 注册: 2005-07-19
  • 来自:
发表于: 2006-11-17 19:11 | 只看楼主 短消息 资料
字号: 10楼

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\windows\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\windows\system32\macromed\Shockwave 10\Download.dll, Macromedia, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\windows\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\windows\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\windows\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <D:\讯雷\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\讯雷\getallurl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <C:\Program Files\BitSpirit\bsurl.htm, N/A>
gototop
 
<<上一主题|下一主题>>
1234   1  /  4  页   跳转
页面顶部
Powered by Discuz!NT