瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Worm.Win32.Agent.yzy 瑞星杀不掉 请大家帮忙

1   1  /  1  页   跳转

Worm.Win32.Agent.yzy 瑞星杀不掉 请大家帮忙

收藏
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:06 | 只看楼主 短消息 资料
字号: 1楼

Worm.Win32.Agent.yzy 瑞星杀不掉 请大家帮忙

Worm.Win32.Agent.yzy
瑞星杀不掉 请大家帮忙~~

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2007-11-06 22:46:58
分享到:
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:27 | 只看楼主 短消息 资料
字号: 2楼

[CODE]

2007-11-04,19:08:38

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <Alert><C:\Program Files\Starsoftcomm\StarCenter\alert.exe>  []
    <StarCenter><C:\Program Files\Starsoftcomm\StarCenter\StarCenter.exe>  [starsoftcomm]
    <AutoUpd><C:\Program Files\Starsoftcomm\StarCenter\UpdTray.exe>  []
    <CmUCRRun><C:\WINDOWS\system32\CmUCReye.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"D:\瑞星防火墙\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RavTask><"D:\rising\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [TENCENT]
    <runeip><"D:\瑞星卡卡\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <miniqqlive><"d:\QQLive\MiniQQLive.exe">  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:27 | 只看楼主 短消息 资料
字号: 3楼

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\limeng\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Tencent\QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\limeng\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[A68732DB / A68732DB][Stopped/Auto Start]
  <C:\WINDOWS\system32\4273F0F0.EXE -k><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\瑞星防火墙\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\瑞星防火墙\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\rising\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CMIUCR.SYS CM220 Card Reader Driver / CMISTOR][Running/Manual Start]
  <system32\DRIVERS\cmiucr.SYS><C-Media Corporation>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\瑞星防火墙\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/System Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\D:\瑞星防火墙\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SCBACK / SCBACK][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\SCBACK.SYS><StarSoftComm>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SSCFLTXP / SSCFLTXP][Running/Boot Start]
  <\SystemRoot\System32\drivers\SSCFLTXP.SYS><Windows (R) 2000 DDK provider>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[ScreenCapture Class]
  {B4D9857D-8A55-4442-A577-6B3ED5D4E41B} <C:\WINDOWS\system32\FMO.dll, Tencent Inc.>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ\AddEmotion.htm, N/A>
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:28 | 只看楼主 短消息 资料
字号: 4楼

==================================
正在运行的进程
[PID: 424 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4107]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\DD7978BB.DLL]  [Microsoft Corporation, ]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 880 / SYSTEM][D:\rising\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 27]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1024 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1036 / SYSTEM][d:\瑞星防火墙\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.45]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\瑞星防火墙\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\瑞星防火墙\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [d:\瑞星防火墙\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\瑞星防火墙\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [d:\瑞星防火墙\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.37]
    [d:\瑞星防火墙\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\瑞星防火墙\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [d:\瑞星防火墙\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1076 / SYSTEM][D:\RISING\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.55]
    [D:\RISING\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\RISING\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\RISING\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\RISING\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.27]
    [D:\RISING\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [D:\RISING\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
    [D:\RISING\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\RISING\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\RISING\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 20]
    [D:\rising\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\RISING\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\rising\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\rising\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.32]
    [D:\rising\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\rising\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [D:\rising\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [D:\rising\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [D:\RISING\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\rising\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\rising\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\rising\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [D:\rising\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\rising\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\rising\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\rising\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\rising\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [D:\rising\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [D:\rising\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [D:\rising\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
[PID: 1132 / SYSTEM][d:\瑞星防火墙\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.24]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\瑞星防火墙\psapi.dll]  [Microsoft Corporation, 4.00]
    [D:\瑞星防火墙\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [d:\瑞星防火墙\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1472 / SYSTEM][d:\瑞星防火墙\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\瑞星防火墙\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1648 / limeng][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
[PID: 1764 / limeng][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\documents and settings\limeng\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll]  [, 1, 0, 0, 169]
    [C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL]  [Microsoft Corporation, 6.00.9586.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [Tencent, 5, 0, 1, 18]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\rising\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:28 | 只看楼主 短消息 资料
字号: 5楼

[PID: 1868 / SYSTEM][D:\RISING\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [D:\RISING\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1940 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 2040 / limeng][d:\瑞星防火墙\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.31]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\瑞星防火墙\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [D:\瑞星防火墙\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\瑞星防火墙\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\瑞星防火墙\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [d:\瑞星防火墙\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\瑞星防火墙\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\瑞星防火墙\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [d:\瑞星防火墙\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 440 / limeng][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 476 / limeng][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 3, 001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 480 / limeng][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 0, 2, 6]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 628 / limeng][C:\Program Files\Starsoftcomm\StarCenter\alert.exe]  [, 1, 0, 0, 182]
    [C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL]  [Microsoft Corporation, 6.00.9586.0]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 968 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 996 / limeng][C:\Program Files\Starsoftcomm\StarCenter\StarCenter.exe]  [starsoftcomm, 1, 0, 0, 189]
    [C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL]  [Microsoft Corporation, 6.00.9586.0]
    [C:\Program Files\Starsoftcomm\StarCenter\SmartBackup.dll]  [SSC, 1, 0, 1, 201]
    [C:\Program Files\Starsoftcomm\StarCenter\drvKernel.dll]  [, 1, 0, 0, 176]
    [C:\Program Files\Starsoftcomm\StarCenter\SC_SystemProtect.DLL]  [N/A, ]
    [C:\Program Files\Starsoftcomm\StarCenter\Asset.DLL]  [, 1, 0, 0, 170]
    [C:\Program Files\Starsoftcomm\StarCenter\DiskMonitor.DLL]  [, 1, 0, 0, 168]
    [C:\Program Files\Starsoftcomm\StarCenter\DrvMonitor.DLL]  [, 1, 0, 0, 171]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll]  [, 1, 0, 0, 169]
    [C:\Program Files\Starsoftcomm\StarCenter\SSCRegAc.dll]  [, 1, 0, 0, 168]
    [C:\Program Files\Starsoftcomm\StarCenter\SoftFunc.dll]  [, 1, 0, 0, 167]
    [C:\Program Files\Starsoftcomm\StarCenter\Encrypt.dll]  [N/A, ]
    [C:\Program Files\Starsoftcomm\StarCenter\sscac.dll]  [N/A, ]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1184 / limeng][C:\Program Files\Starsoftcomm\StarCenter\UpdTray.exe]  [, 1, 0, 0, 2]
    [C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL]  [Microsoft Corporation, 6.00.9586.0]
[PID: 1252 / limeng][C:\WINDOWS\system32\CmUCReye.exe]  [, 1, 0, 0, 36]
    [c:\documents and settings\limeng\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 700 / limeng][D:\rising\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [D:\rising\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\rising\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\rising\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\rising\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\rising\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1052 / limeng][D:\rising\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.98]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\rising\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\rising\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\rising\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\rising\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\rising\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [D:\rising\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [D:\rising\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [D:\rising\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\rising\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\rising\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\rising\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\rising\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [D:\rising\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1516 / limeng][D:\瑞星卡卡\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
[PID: 2028 / limeng][D:\QQLive\MiniQQLive.exe]  [Tencent, 6.00.3432.6]
    [D:\QQLive\LiveUtlt.dll]  [Tencent, 6.00.3432.6]
    [D:\QQLive\log.dll]  [N/A, ]
    [D:\QQLive\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\QQLive\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\QQLive\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\QQLive\XMLParser.dll]  [Tencent, 6.00.3432.6]
    [D:\QQLive\ExceptCatch.dll]  [Tencent, 6.00.3432.6]
    [D:\QQLive\Skin.dll]  [Tencent, 6.00.3432.6]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [d:\QQLive\ADManage.dll]  [Tencent, 6.00.3432.6]
    [d:\QQLive\Proxy.dll]  [Tencent, 6.00.3432.6]
    [d:\QQLive\Encrypt.dll]  [Tencent, 6.00.3432.6]
    [d:\QQLive\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [d:\QQLive\LiveAPI.dll]  [Tencent, 6.00.3432.6]
    [d:\QQLive\P2PDownload.dll]  [Tencent, 6.00.3432.6]
    [d:\QQLive\vqqsdl.dll]  [Tencent Technology (Shenzhen) Company Limited, 2, 0, 107, 10]
[PID: 2148 / limeng][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-04 19:29 | 只看楼主 短消息 资料
字号: 6楼

[PID: 2472 / limeng][D:\Tencent\QQ\QQ.exe]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQHelperDll.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\BasicCtrlDll.dll]  [TENCENT, 7, 1, 518, 1751]
    [D:\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Tencent\QQ\QQAPI.dll]  [TENCENT, 7,1,518,1751]
    [d:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [D:\Tencent\QQ\LoginCtrl.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\LoginCtrlRes.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQRes.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Tencent\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [D:\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [D:\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\Tencent\QQ\NewSkin.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\MailSummary.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQSpace.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Tencent\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQGroupMng.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQAllInOne.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\Tencent\QQ\CameraDll.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\UserDefinedHead.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [D:\Tencent\QQ\LongConnection.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQConfigPlugin.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [D:\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [D:\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [D:\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Tencent\QQ\PhoneAPI.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Tencent\QQ\QQPet.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQFileTransfer.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\GroupConnection.dll]  [TENCENT, 7,1,518,1751]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [D:\Tencent\QQ\ImageOle.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQLiveQMng.dll]  [TENCENT, 7,1,518,1751]
    [D:\rising\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\Tencent\QQ\CommercesMng.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\PersonalDesktop.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 3, 0]
    [D:\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\Tencent\QQ\QQMagicFace.dll]  [TENCENT, 7,1,518,1751]
    [D:\Tencent\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 96]
    [D:\Tencent\QQ\QQDoctor\TSFSCAN.DAT]  [Tencent, 2007, 10, 9, 6]
    [C:\Program Files\Tencent\QQDownload\qqdownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 1, 100, 82]
    [C:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [D:\Tencent\QQ\QQDoctor\TSVulMdw.DAT]  [TENCENT, 2007, 4, 26, 2]
    [D:\Tencent\QQ\QQDoctor\TSVulChk.DAT]  [Tencent, 2007, 9, 10, 36]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 2620 / limeng][D:\Tencent\QQ\TIMPlatform.exe]  [TENCENT, 7,0,431,1723]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [d:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2812 / SYSTEM][C:\WINDOWS\system32\wbem\wmiapsrv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 2948 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3496 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\瑞星防火墙\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\瑞星防火墙\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1040 / limeng][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3296 / limeng][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3000 / limeng][D:\常用软件\讯雷\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.3.0.220]
    [D:\常用软件\讯雷\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [D:\常用软件\讯雷\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 71]
    [D:\常用软件\讯雷\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [D:\常用软件\讯雷\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\常用软件\讯雷\Program\asyn_dns.dll]  [N/A, ]
    [D:\常用软件\讯雷\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [D:\常用软件\讯雷\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\常用软件\讯雷\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
    [D:\常用软件\讯雷\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\常用软件\讯雷\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 0, 11]
    [D:\常用软件\讯雷\Components\InMedia\iEmbed04.dll]  [ , 2, 3, 0, 37]
    [D:\常用软件\讯雷\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 8]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [D:\rising\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\常用软件\讯雷\Program\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 55]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll]  [, 1, 0, 0, 169]
    [c:\documents and settings\limeng\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
[PID: 5432 / limeng][C:\Documents and Settings\limeng\桌面\新建文件夹 (2)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5620 / limeng][C:\Documents and Settings\limeng\桌面\新建文件夹 (2)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 22]
    [D:\瑞星卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Documents and Settings\limeng\桌面\新建文件夹 (2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 440, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 476, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 480, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 628, C:\PROGRAM FILES\STARSOFTCOMM\STARCENTER\ALERT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 996, C:\PROGRAM FILES\STARSOFTCOMM\STARCENTER\STARCENTER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1184, C:\PROGRAM FILES\STARSOFTCOMM\STARCENTER\UPDTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1516, D:\瑞星卡卡\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2028, D:\QQLIVE\MINIQQLIVE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3000, D:\常用软件\讯雷\PROGRAM\THUNDER5.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2007-11-04 20:24 | 短消息 资料
字号: 7楼

LZ,看看这个
请大家参考http://forum.ikaka.com/topic.asp?board=28&artid=8362073
gototop
 
琼台听雨
头像
自信弱冠狮
  • 帖子:464
  • 注册: 2007-02-07
  • 来自:
发表于: 2007-11-04 22:27 | 短消息 资料
字号: 8楼

auto.exe最近泛滥成灾
gototop
 
圈圈毛
头像
初生襁褓狮
  • 帖子:39
  • 注册: 2007-09-24
  • 来自:
发表于: 2007-11-04 23:47 | 短消息 资料
字号: 9楼

手动删除:按照杀软给出病毒对应的文件名和路径,开始--运行--regedit,打开注册表,用光标选取注册表中的“我的电脑”,菜单--编辑--查找,从头到尾查找这文件的项目,右键--删除,F3继续,直至查完删完,最后再删除硬盘文件
gototop
 
电力猫
头像
初生襁褓狮
  • 帖子:192
  • 注册: 2004-07-19
  • 来自:
发表于: 2007-11-06 22:58 | 只看楼主 短消息 资料
字号: 10楼

谢谢大家
我试试看!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT