瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 遨游浏览器被哈宝劫持,打开verycd首页,就每隔几秒自动弹出一次哈宝网页

1   1  /  1  页   跳转

遨游浏览器被哈宝劫持,打开verycd首页,就每隔几秒自动弹出一次哈宝网页

收藏
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-09 23:22 | 只看楼主 短消息 资料
字号: 1楼

遨游浏览器被哈宝劫持,打开verycd首页,就每隔几秒自动弹出一次哈宝网页

遨游浏览器被哈宝劫持,打开verycd首页,就每隔几秒自动弹出一次哈宝网页。

浏览器被哈宝劫持,不断弹出哈宝和可乐吧的页面 .在浏览器里面设置为禁止也不行.
每隔几秒钟就打开一次 http://resource.habbo.cn/login/landingpage.html?partner=verycd&isp=sybanner2
http://goto.kele8.com:8080/countlink.asp?typeid=100266.不到20分钟,就打开了50余个窗口,真是不堪忍受!!在此特告知众网友,特别小心了.顺便声讨该网的恶劣行径.并请杀毒软件厂家和大家一起探讨,如何制止该现象继续危害网络



先是打开这个goto.kele8.com可恶的地址,然后跳转到哈宝的网页

附件附件:

下载次数:752
文件类型:image/pjpeg
文件大小:
上传时间:2007-1-9 23:22:30
描述:
预览信息:EXIF信息



最后编辑2007-01-23 07:13:15
分享到:
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2007-01-09 23:26 | 短消息 资料
字号: 2楼

推荐使用360安全卫士清理一下流氓

.360下载地址:
http://www.360safe.com/
http://www.xdowns.com/soft/8/9/2006/Soft_31554.html
使用后删除360安全卫士
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-09 23:29 | 只看楼主 短消息 资料
字号: 3楼

引用:
【红夜鬼1的贴子】推荐使用360安全卫士清理一下流氓

.360下载地址:
http://www.360safe.com/
http://www.xdowns.com/soft/8/9/2006/Soft_31554.html
使用后删除360安全卫士


………………

谢谢, 可是不起作用,查不到这个大流氓.
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2007-01-09 23:34 | 短消息 资料
字号: 4楼

请下载SREng2(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/download.html
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-23 07:13 | 只看楼主 短消息 资料
字号: 5楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <S3TRAY2><S3Tray2.exe>  [(Verified)S3 Graphics, Inc.]
    <TrackPointSrv><tp4serv.exe>  [(Verified)IBM Corporation]
    <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <TP4EX><tp4ex.exe>  [IBM Corporation]
    <QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [N/A]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <RfwMain><"d:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><d:\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> 
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-23 07:15 | 只看楼主 短消息 资料
字号: 6楼

[Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[卡巴斯基反病毒软件6.0 / AVP][Running/Manual Start]
  <"D:\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[O&O Defrag / O&O Defrag][Stopped/Auto Start]
  <C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"d:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-23 07:18 | 只看楼主 短消息 资料
字号: 7楼



  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <System32\DRIVERS\AGRSM.sys><Agere Systems>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Fast Ethernet / b57w2k][Running/Manual Start]
  <System32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[cdawdm / cdawdm][Running/System Start]
  <System32\DRIVERS\CDAWDM.sys><N/A>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]




  <\??\d:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <System32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Lucent Technologies Soft Modem / LucentSoftModem][Stopped/Manual Start]
  <System32\DRIVERS\LTSM.sys><Lucent Technologies>
[Memctl / Memctl][Stopped/Manual Start]
  <\??\D:\Personal\Temp\Rar$EX04.748\AMIWin\Memctl.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\Rising\Rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[NSC Infrared Device Driver / NSCIRDA][Stopped/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RamDiskXP / RamDiskXP][Stopped/Auto Start]
  <System32\Drivers\RamDiskXP.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Rising\Rav\RSPPSYS.sys><Rising>
[S3SSavage / S3SSavage][Stopped/Manual Start]
  <System32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[SmartCd / SmartCd][Stopped/Manual Start]
  <System32\Drivers\SmartCd.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[st3bus28 / st3bus28][Running/Manual Start]
  <System32\DRIVERS\st3bus28.sys><Generic>
[st3mp28 / st3mp28][Running/Manual Start]
  <System32\DRIVERS\st3mp28.sys><Generic>
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-23 07:21 | 只看楼主 短消息 资料
字号: 8楼

[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
  <System32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP][Running/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 302 / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbvm302.sys><VM>

==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\360safe\safemon\safemon.dll, >
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FlashGet\flashget.exe, Amaze Soft>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[Microsoft ProgressBar Control, version 5.0 (SP2)]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\WINDOWS\system32\comctl32.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\FlashGet\jccatch.dll, Amaze Soft>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\360safe\safemon\safemon.dll, >
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <D:\Microsoft Office\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
  {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <D:\Microsoft Office\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[使用网际快车下载]
  <D:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 644][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 788][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\System32\ibmpmsvc.exe]  [N/A, N/A]
[PID: 1004][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][d:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\FlashGet\fgiebar.dll]  [Amaze Soft, 1, 2, 0, 0]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[PID: 1516][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1548][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1780][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1968][C:\WINDOWS\system32\tp4serv.exe]  [IBM Corporation, 3.09]
    [C:\WINDOWS\system32\tp4uires.dll]  [N/A, N/A]
[PID: 1976][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Oemdspif.dll]  [ATI Technologies, Inc., 4.12.0007]
[PID: 1992][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE]  [N/A, N/A]
    [C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll]  [N/A, N/A]
    [C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
[PID: 448][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, N/A]
[PID: 488][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  [IBM Corporation, 1.06]
[PID: 532][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
[PID: 584][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9466]
[PID: 852][C:\WINDOWS\System32\QCONSVC.EXE]  [N/A, N/A]
[PID: 1012][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1480][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1380][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][d:\Rising\Rav\RAVTASK.EXE]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [d:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [d:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 548][d:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [d:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [d:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [d:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [d:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [d:\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [d:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [d:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [d:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [d:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [d:\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [d:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [d:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [d:\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [d:\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [d:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [d:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [d:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [d:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [d:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 35]
    [d:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [d:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [d:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [d:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
gototop
 
goldping308
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2005-07-04
  • 来自:
发表于: 2007-01-23 07:22 | 只看楼主 短消息 资料
字号: 9楼

[d:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [d:\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [d:\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 15]
    [d:\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
    [d:\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [d:\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[PID: 2500][d:\Rising\Rav\RAVMON.EXE]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [d:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [d:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [d:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [d:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 2908][d:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [d:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1704][D:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 30]
    [D:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [d:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\CHENHU4.IME]  [chenhu, 5.7]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 2356][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [d:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [d:\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 2840][d:\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [d:\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 3608][d:\360safe\360Safe.exe]  [奇虎网, 3, 0, 1, 3002]
    [d:\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 2, 1000]
    [d:\360safe\AntiEng.dll]  [360Safe.com, 3, 0, 1, 2001]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [d:\360safe\CleanHis.dll]  [奇虎网, 3, 0, 0, 1001]
    [d:\360safe\AntiActi.dll]  [360Safe.com, 2, 0, 0, 3000]
    [d:\360safe\safeext.dll]  [360Safe.com, 1, 0, 0, 1020]
    [d:\360safe\live.dll]  [360safe.COM, 1, 0, 0, 1011]
    [d:\360safe\LeakCheck.dll]  [360Safe.com, 2, 0, 0, 2001]
[PID: 2312][d:\360safe\safemon\360tray.exe]  [奇虎网, 1, 0, 1, 1002]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [d:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 1001]
    [d:\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 2, 1000]
[PID: 3304][D:\FlashGet\flashget.exe]  [Amaze Soft, 1, 6, 0, 0]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 3000][D:\Personal\Temp\sreng2.zip 的临时目录 5\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [d:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA  错误: LoadLibraryA
RVA  错误: LoadLibraryExA
RVA  错误: LoadLibraryExW
RVA  错误: LoadLibraryW
入口点错误:CreateProcessA
入口点错误:CreateProcessW

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT