求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十六次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 10:59 \| 只看楼主短消息资料字号：小中大 1楼求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）我单位用的是集群服务器服务器1的日志为： [CODE] 2008-05-12,10:27:56 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Windows Component Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher] <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [Rising] <SoundMan><SoundMan.exe> [1] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.] <Anti-Spy Tools><D:\work\ast\ast.exe -min> [超级巡警] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><ieprot.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] <IFEO[taskmgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 [服务管理器] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N> ================================== 服务 [HP Insight Event Notifier / CIMnotify][Stopped/Disabled] <C:\WINDOWS\system32\CIMntfy\cimntfy.exe><Hewlett-Packard Company> [HP Smart Array SAS/SATA Event Notification Service / Cissesrv][Running/Auto Start] <C:\Program Files\HP\Cissesrv\cissesrv.exe><Hewlett-Packard Company> [HP Insight NIC Agents / CpqNicMgmt][Running/Auto Start] <C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe><Hewlett-Packard Company> [HP ProLiant Remote Monitor Service / CpqRcmc][Running/Auto Start] <C:\WINDOWS\system32\cpqrcmc.exe><Hewlett-Packard Company> [HP Version Control Agent / cpqvcagent][Running/Auto Start] <C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe><Hewlett-Packard Company> [HP Insight Foundation Agents / CqMgHost][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe><Hewlett-Packard Company> [HP Insight Server Agents / CqMgServ][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe><Hewlett-Packard Company> [HP Insight Storage Agents / CqMgStor][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe><Hewlett-Packard Company> [Human Intexxxce Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Running/Manual Start] <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [RavAgent / RavAgent][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavAgent.exe"><北京瑞星科技股份有限公司> [Rav Net Alert / RavAlert][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavAlert.exe"><瑞星科技股份发展有限公司> [RavService / RavService][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.> [RavUpdate / RavUpdate][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavUpdate.exe" ><Beijing Rising Technology Co., Ltd.> [RNReport / RNReport][Running/Auto Start] <"C:\Program Files\Rising\Rav\RNReport.exe"><瑞星科技股份发展有限公司> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SQLSERVERAGENT / SQLSERVERAGENT][Running/Manual Start] <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation> [HP ProLiant System Shutdown Service / sysdown][Running/Auto Start] <C:\WINDOWS\system32\sysdown.exe><Hewlett-Packard Company> [HP System Management Homepage / SysMgmtHp][Running/Auto Start] <C:\hp\hpsmh\bin\smhstart.exe><Hewlett-Packard Company> [Help and Support / helpsvc][Stopped/Manual Start] <2 - 系统找不到指定的文件。 ><N/A> ================================== 驱动程序 [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [HP Virtual Bus Device / b06bdrv][Running/Boot Start] <\SystemRoot\system32\DRIVERS\bxvbdx.sys><Broadcom Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [HP iLO Management Channel Intexxxce Driver / CpqCiDrv][Running/Manual Start] <system32\DRIVERS\cpqcidrv.sys><Hewlett-Packard Company> [CPQCISSE / CPQCISSE][Running/Manual Start] <system32\DRIVERS\CPQCISSE.sys><Hewlett-Packard Company> [cpqcissm / cpqcissm][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company> [HP Network Configuration Utility / CPQTeam][Stopped/Manual Start] <system32\DRIVERS\cpqteam.sys><Hewlett-Packard Company> [dohs / dohs][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F0D.tmp><N/A> [drop / drop][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F1A.tmp><N/A> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [fmsq / fmsq][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F17.tmp><N/A> [HBKernel Driver / HBKernel][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\HBKernel.sys><N/A> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HpCISSs2 / HpCISSs2][Running/Boot Start] <\SystemRoot\system32\drivers\HpCISSs2.sys><Hewlett-Packard Company> [hpqilo2 / hpqilo2][Running/Manual Start] <system32\DRIVERS\hpqilo2.sys><Hewlett-Packard Company> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] <system32\DRIVERS\ipinip.sys><N/A> [jtio / jtio][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F1C.tmp><N/A> [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation> [HP NC370 Multifunction Gigabit Server Adapter / l2nd][Running/Manual Start] <system32\DRIVERS\bxnd52x.sys><Broadcom Corporation> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.> [mnsf / mnsf][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F10.tmp><N/A> [Netgroup Packet Filter / NPF][Stopped/Manual Start] <system32\drivers\npf.sys><CACE Technologies> [ping / ping][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F15.tmp><N/A> [ptfs / ptfs][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3F12.tmp><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [ASTDriver / ASTDriver][Running/Manual Start] <\??\D:\work\ast\ASTDriver.sys><Windows (R) Server 2003 DDK provider> [ASTTools / ASTTools][Running/Manual Start] <\??\D:\work\ast\ASTTools.sys><DSW Lab> ================================== 浏览器加载项 [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} <D:\work\ast\SecAddons.dll, 超级巡警> [访问瑞星网站] {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A> [访问卡卡社区] {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A> [ 用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	分享到：

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:01 \| 只看楼主短消息资料字号：小中大 2楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [] {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A> [] {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A> [] {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} <D:\work\ast\SecAddons.dll, 超级巡警> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> ================================== 正在运行的进程 [PID: 300 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 356 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 384 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 436 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 448 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 612 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 768 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 816 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 856 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 896 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 916 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 12] [C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18] [C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14] [C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0] [C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6] [C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31] [C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17] [C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 6] [C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 38] [C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17] [C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26] [C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14] [C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26] [C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 23] [C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66] [C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14] [C:\Program Files\Rising\Rav\ScanElf.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [PID: 952 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1112 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 1352 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1380 / SYSTEM][C:\WINDOWS\system32\netdde.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1528 / SYSTEM][C:\Program Files\HP\Cissesrv\cissesrv.exe] [Hewlett-Packard Company, 6.2.0.32 Build 4 (x86) built by: buildsrv] [PID: 1544 / SYSTEM][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1564 / SYSTEM][C:\WINDOWS\system32\cpqrcmc.exe] [Hewlett-Packard Company, 5.11.2.0 built by: buildsrv] [PID: 1580 / SYSTEM][C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe] [Hewlett-Packard Company, 2.1.8.780] [C:\hp\hpsmh\data\cgi-bin\vcagent\xerces-c_2_4_0.dll] [Apache Software Foundation, 2, 4, 0] [C:\hp\hpsmh\data\cgi-bin\vcagent\Xalan-C_1_7_0.dll] [Apache Software Foundation, 1, 7, 0, 0] [C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_7_0.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\bin\ssleay32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [PID: 1604 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1628 / SYSTEM][C:\WINDOWS\System32\dns.exe] [Microsoft Corporation, 5.2.3790.4171 (srv03_sp2_gdr.071016-1251)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1696 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1720 / SYSTEM][C:\WINDOWS\System32\ismserv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1744 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1836 / SYSTEM][C:\Program Files\Rising\Rav\RavAgent.exe] [北京瑞星科技股份有限公司, 19, 0, 0, 16] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\Strategy.dll] [Rising, 19, 0, 0, 14] [PID: 1860 / SYSTEM][C:\Program Files\Rising\Rav\RavAlert.exe] [瑞星科技股份发展有限公司, 19, 0, 0, 30] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\PlugIn\RptMC.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2] [C:\Program Files\Rising\Rav\PlugIn\AltP936.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 6] [C:\Program Files\Rising\Rav\PlugIn\MalAlrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2] [C:\Program Files\Rising\Rav\PlugIn\TrpPlgIn.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 7] [C:\Program Files\Rising\Rav\RsSnmp.dll] [, 18, 0, 0, 4] [C:\Program Files\Rising\Rav\PlugIn\MBPlgIn.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2] [C:\Program Files\Rising\Rav\PlugIn\NLPlgIn.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 2] [PID: 1892 / SYSTEM][C:\Program Files\Rising\Rav\RavService.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55] [C:\Program Files\Rising\Rav\DLCenter.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 1924 / SYSTEM][C:\Program Files\Rising\Rav\RavUpdate.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26] [C:\Program Files\Rising\Rav\DLCenter.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 1992 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2016 / SYSTEM][C:\Program Files\Rising\Rav\RNReport.exe] [瑞星科技股份发展有限公司, 19, 0, 0, 15] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [PID: 2064 / SYSTEM][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\Cqmghost\hostmib.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cqhstutl.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cpqmgmt\CqMgHost\hostsnmp.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CPQMgmt\CqMgHost\CPQMIB1K.DLL] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqNiMgt\CPQNIMIB.DLL] [N/A, ] [C:\WINDOWS\system32\cpqnimgt\w2kmgdll.dll] [N/A, ] [C:\WINDOWS\system32\cpqnimgt\cqnisnmp.dll] [N/A, ] [C:\WINDOWS\system32\sm2user.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqNiMgt\NICMIB.DLL] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\Cqmgserv\servmib.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cqsrvutl.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cpqmgmt\cqmgserv\servsnmp.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\Cqmgstor\stormib.dll] [N/A, ] [C:\WINDOWS\system32\cqstrutl.dll] [N/A, ] [C:\WINDOWS\system32\cpqmgmt\cqmgstor\storsnmp.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\CqmgStor\iscsimib.dll] [N/A, ] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\sqlsnmp.dll] [Microsoft Corporation, 2000.080.2039.00] [PID: 2096 / SYSTEM][C:\WINDOWS\system32\sysdown.exe] [Hewlett-Packard Company, 1.1.0.0 built by: buildsrv] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2120 / SYSTEM][C:\hp\hpsmh\bin\smhstart.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\domc.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2212 / LOCAL SERVICE][C:\WINDOWS\system32\tlntsvr.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:04 \| 只看楼主短消息资料字号：小中大 3楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2276 / SYSTEM][C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CPQNiMgt\w2kmgdll.dll] [N/A, ] [C:\WINDOWS\system32\bmapi.dll] [Broadcom Corporation, 7, 6, 1, 0] [PID: 2340 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cqsrvutl.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\CPQHLTH.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\SERVALRT.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\CPQSM2.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\sm2user.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cpqsmif.dll] [Hewlett-Packard Company, 1.2.0.0] [PID: 2380 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll] [N/A, ] [C:\WINDOWS\system32\cqstrutl.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQIDE.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMDISK.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMSCSI.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMIDA.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQFCA.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQISCSI.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\STORALRT.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQSAS.dll] [N/A, ] [C:\WINDOWS\system32\CQHSTUTL.DLL] [Hewlett-Packard Company, 7.80.0.0] [PID: 2404 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\athprxy.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.8320.9] [PID: 2476 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\modules\mod_access.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_actions.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_alias.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_cgi.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_dir.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_env.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_imap.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_log_config.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_mime.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_connect.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_http.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_rewrite.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_headers.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_ssl.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\bin\SSLEAY32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_aa.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_config.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\domc.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_bc.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_ui.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_pkcs.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_help.so] [Hewlett-Packard Company, 2.1.8.177] [C:\hp\hpsmh\modules\php4apache2.so] [N/A, ] [C:\hp\hpsmh\modules\php4ts.dll] [The PHP Group, 4.4.6.6] [C:\hp\hpsmh\modules\php_domxml.dll] [N/A, ] [C:\hp\hpsmh\bin\iconv.dll] [Free Software Foundation, 1.9] [PID: 2576 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2760 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2768 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2836 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\modules\mod_access.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_actions.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_alias.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_cgi.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_dir.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_env.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_imap.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_log_config.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_mime.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_connect.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_http.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_rewrite.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_headers.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_ssl.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\bin\SSLEAY32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_aa.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_config.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\domc.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_bc.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_ui.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_pkcs.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_help.so] [Hewlett-Packard Company, 2.1.8.177] [C:\hp\hpsmh\modules\php4apache2.so] [N/A, ] [C:\hp\hpsmh\modules\php4ts.dll] [The PHP Group, 4.4.6.6] [C:\hp\hpsmh\modules\php_domxml.dll] [N/A, ] [C:\hp\hpsmh\bin\iconv.dll] [Free Software Foundation, 1.9] [PID: 2924 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2932 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 4084 / Administrator][C:\WINDOWS\Cluster\clussvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 172 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cqhstutl.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQMHOST.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQPERF.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQSTAT.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQSWV.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQTHRSH.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\HOSTALRT.dll] [Hewlett-Packard Company, 7.80.0.0] [PID: 4160 / Administrator][C:\WINDOWS\cluster\resrcmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\SQSRVRES.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\SQAGTRES.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINDOWS\cluster\gathercl.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\objcreat.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\athprxy.dll] [Microsoft Corporation, 9.107.8320.9] [PID: 4908 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 5216 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 5748 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 5912 / Administrator][C:\Program Files\Rising\Rav\RavTray.exe] [Rising, 19, 0, 0, 16] [C:\Program Files\Rising\Rav\RavUILib.dll] [, 18, 0, 0, 1] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RavTray936.dll] [Rising, 19, 0, 0, 16] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3] [C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1] [PID: 5940 / Administrator][C:\WINDOWS\SoundMan.exe] [1, 1.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 5944 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 5984 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 48] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:05 \| 只看楼主短消息资料字号：小中大 4楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 6096 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00] [PID: 5884 / Administrator][c:\windows\system32\cpqteam.exe] [Hewlett-Packard Company, 8.60.0.11] [c:\windows\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 4504 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 4884 / SYSTEM][C:\WINDOWS\system32\cidaemon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 5412 / Administrator][C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\MICROS~1\MSSQL\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.2039.00] [PID: 5588 / Administrator][C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\ATXCORE.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\ATXCORE.RLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINDOWS\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00] [PID: 4492 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 4304 / Administrator][D:\work\ast\ast.exe] [超级巡警, 1, 8, 6, 110] [D:\work\ast\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\work\ast\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\work\ast\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\work\ast\common.dll] [超级巡警, 1.4.2.27] [D:\work\ast\EngineSDK.dll] [超级巡警, 2.2.2.56] [D:\work\ast\aScanCom.dll] [超级巡警, 2.1.2.42] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [D:\work\ast\AutoRun.dll] [超级巡警, 2.2.2.21] [D:\work\ast\FileAnalyser.dll] [超级巡警, 1.0.1.11] [D:\work\ast\FileForceKiller.dll] [DSW Lab, 1.0.1.0] [D:\work\ast\ManagerProcess.dll] [超级巡警, 1.3.4.13] [D:\work\ast\ManagerService.dll] [超级巡警, 1.0.6.4] [D:\work\ast\Monitor.dll] [超级巡警, 1, 7, 9, 40] [D:\work\ast\PortAssociate.dll] [超级巡警, 1.0.3.7] [D:\work\ast\ssdt.dll] [超级巡警, 1.0.2.4] [D:\work\ast\StateViewer.dll] [超级巡警, 1.0.10.16] [D:\work\ast\tIERepair.dll] [超级巡警, 1, 2, 2, 20] [D:\work\ast\tRubbishClear.dll] [超级巡警, 1.5.2.20] [D:\work\ast\tSecurityOptimize.dll] [超级巡警, 1.1.2.0] [D:\work\ast\zDiagnosticTool.dll] [超级巡警, 1.2.1.3] [D:\work\ast\KillModule.dll] [超级巡警, 1.2.2.24] [D:\work\ast\MScaner.dll] [超级巡警, 1.0.0.26] [D:\work\ast\ScanAd.dll] [超级巡警, 1.0.1.1] [D:\work\ast\SKEngine.dll] [超级巡警, 1.6.5.12] [D:\work\ast\smart.dll] [超级巡警, 1.0.0.31] [D:\work\ast\unarc.dll] [超级巡警, 1.2.5] [D:\work\ast\SScanner.dll] [超级巡警, 1, 0, 0, 3] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [D:\work\ast\ASTShellEx.dll] [超级巡警, 1.5.5.13] [PID: 2864 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 1248 / Administrator][D:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\work\ast\AST.dll] [超级巡警, 1.0.2.10] [D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeSystemtimePrivilege [PID = 5940, C:\WINDOWS\SOUNDMAN.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 4304, D:\WORK\AST\AST.EXE] ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D3E5D) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D3EFD) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D3E5D) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D3EFD) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: D:\work\ast\AST.dll) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: D:\work\ast\AST.dll) ================================== 隐藏进程 N/A ================================== [/CODE] 服务器2的日志为： [CODE] 2008-05-12,10:35:00 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Windows Component Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Component Publisher] <CPQTEAM><cpqteam.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [Rising] <SoundMan><SoundMan.exe> [1] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe] <IFEO[taskmgr.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 [服务管理器] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N> ================================== 服务 [HP Insight Event Notifier / CIMnotify][Stopped/Disabled] <C:\WINDOWS\system32\CIMntfy\cimntfy.exe><Hewlett-Packard Company> [HP Smart Array SAS/SATA Event Notification Service / Cissesrv][Running/Auto Start] <C:\Program Files\HP\Cissesrv\cissesrv.exe><Hewlett-Packard Company> [HP Insight NIC Agents / CpqNicMgmt][Running/Auto Start] <C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe><Hewlett-Packard Company> [HP ProLiant Remote Monitor Service / CpqRcmc][Running/Auto Start] <C:\WINDOWS\system32\cpqrcmc.exe><Hewlett-Packard Company> [HP Version Control Agent / cpqvcagent][Running/Auto Start] <C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe><Hewlett-Packard Company> [HP Insight Foundation Agents / CqMgHost][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe><Hewlett-Packard Company> [HP Insight Server Agents / CqMgServ][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe><Hewlett-Packard Company> [HP Insight Storage Agents / CqMgStor][Running/Auto Start] <C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe><Hewlett-Packard Company> [Human Intexxxce Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [RavService / RavService][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation> [HP ProLiant System Shutdown Service / sysdown][Running/Auto Start] <C:\WINDOWS\system32\sysdown.exe><Hewlett-Packard Company> [HP System Management Homepage / SysMgmtHp][Running/Auto Start] <C:\hp\hpsmh\bin\smhstart.exe><Hewlett-Packard Company> [Help and Support / helpsvc][Stopped/Manual Start] <2 - 系统找不到指定的文件。 ><N/A> ================================== 驱动程序 [ati2mtag / ati2mtag][Running/Manual Start] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [HP Virtual Bus Device / b06bdrv][Running/Boot Start] <\SystemRoot\system32\DRIVERS\bxvbdx.sys><Broadcom Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [HP iLO Management Channel Intexxxce Driver / CpqCiDrv][Running/Manual Start] <system32\DRIVERS\cpqcidrv.sys><Hewlett-Packard Company> [CPQCISSE / CPQCISSE][Running/Manual Start] <system32\DRIVERS\CPQCISSE.sys><Hewlett-Packard Company> [cpqcissm / cpqcissm][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company> [HP Network Configuration Utility / CPQTeam][Stopped/Manual Start] <system32\DRIVERS\cpqteam.sys><Hewlett-Packard Company> [dohs / dohs][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmpF.tmp><N/A> [drop / drop][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp19.tmp><N/A> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [fmsq / fmsq][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp17.tmp><N/A> [HBKernel Driver / HBKernel][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\HBKernel.sys><N/A> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HpCISSs2 / HpCISSs2][Running/Boot Start] <\SystemRoot\system32\drivers\HpCISSs2.sys><Hewlett-Packard Company> [hpqilo2 / hpqilo2][Running/Manual Start] <system32\DRIVERS\hpqilo2.sys><Hewlett-Packard Company> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] <system32\DRIVERS\ipinip.sys><N/A> [jtio / jtio][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp1B.tmp><N/A> [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation> [HP NC370 Multifunction Gigabit Server Adapter / l2nd][Running/Manual Start]
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:06 \| 只看楼主短消息资料字号：小中大 5楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） <system32\DRIVERS\bxnd52x.sys><Broadcom Corporation> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.> [mnsf / mnsf][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp11.tmp><N/A> [Netgroup Packet Filter / NPF][Stopped/Manual Start] <system32\drivers\npf.sys><CACE Technologies> [ping / ping][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp15.tmp><N/A> [ptfs / ptfs][Stopped/Auto Start] <\??\C:\DOCUME~1\ADMINI~1.MOR\LOCALS~1\Temp\tmp13.tmp><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [ASTDriver / ASTDriver][Running/Manual Start] <\??\D:\ast\ASTDriver.sys><Windows (R) Server 2003 DDK provider> [ASTTools / ASTTools][Running/Manual Start] <\??\D:\ast\ASTTools.sys><DSW Lab> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} <D:\ast\SecAddons.dll, 超级巡警> [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD> [访问瑞星网站] {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A> [访问卡卡社区] {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A> [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.> [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD> [] {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A> [] {3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A> [] {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD> [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, > [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, > [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.13.16.324.dll, ShenZhen Thunder Networking Technologies Ltd.> [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} <D:\ast\SecAddons.dll, 超级巡警> [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.39.63.45.dll, ShenZhen Thunder Networking Technologies Ltd.> [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder> [使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> ================================== 正在运行的进程 [PID: 300 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 356 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 384 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 436 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 448 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 640 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 760 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 808 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 848 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 892 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 912 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 12] [C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18] [C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14] [C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0] [C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6] [C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31] [C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17] [C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 6] [C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 38] [C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17] [C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26] [C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14] [C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26] [C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 23] [C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66] [C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [PID: 948 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1104 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 1336 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1456 / SYSTEM][C:\Program Files\HP\Cissesrv\cissesrv.exe] [Hewlett-Packard Company, 6.2.0.32 Build 4 (x86) built by: buildsrv] [PID: 1488 / SYSTEM][C:\WINDOWS\system32\cpqrcmc.exe] [Hewlett-Packard Company, 5.11.2.0 built by: buildsrv] [PID: 1504 / SYSTEM][C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe] [Hewlett-Packard Company, 2.1.8.780] [C:\hp\hpsmh\data\cgi-bin\vcagent\xerces-c_2_4_0.dll] [Apache Software Foundation, 2, 4, 0] [C:\hp\hpsmh\data\cgi-bin\vcagent\Xalan-C_1_7_0.dll] [Apache Software Foundation, 1, 7, 0, 0] [C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_7_0.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\bin\ssleay32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [PID: 1536 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1596 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1632 / SYSTEM][C:\WINDOWS\System32\ismserv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1656 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1732 / SYSTEM][C:\Program Files\Rising\Rav\RavService.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55] [C:\Program Files\Rising\Rav\DLCenter.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 1768 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1812 / SYSTEM][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\Cqmghost\hostmib.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cqhstutl.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cpqmgmt\CqMgHost\hostsnmp.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CPQMgmt\CqMgHost\CPQMIB1K.DLL] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqNiMgt\CPQNIMIB.DLL] [N/A, ] [C:\WINDOWS\system32\cpqnimgt\w2kmgdll.dll] [N/A, ] [C:\WINDOWS\system32\cpqnimgt\cqnisnmp.dll] [N/A, ] [C:\WINDOWS\system32\sm2user.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqNiMgt\NICMIB.DLL] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\Cqmgserv\servmib.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cqsrvutl.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cpqmgmt\cqmgserv\servsnmp.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\Cqmgstor\stormib.dll] [N/A, ] [C:\WINDOWS\system32\cqstrutl.dll] [N/A, ] [C:\WINDOWS\system32\cpqmgmt\cqmgstor\storsnmp.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\CqmgStor\iscsimib.dll] [N/A, ]
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:07 \| 只看楼主短消息资料字号：小中大 6楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\sqlsnmp.dll] [Microsoft Corporation, 2000.080.2039.00] [PID: 1852 / SYSTEM][C:\WINDOWS\system32\sysdown.exe] [Hewlett-Packard Company, 1.1.0.0 built by: buildsrv] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 1904 / SYSTEM][C:\hp\hpsmh\bin\smhstart.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\domc.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2016 / SYSTEM][C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CPQNiMgt\w2kmgdll.dll] [N/A, ] [C:\WINDOWS\system32\bmapi.dll] [Broadcom Corporation, 7, 6, 1, 0] [PID: 2124 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cqsrvutl.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\CPQHLTH.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\SERVALRT.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\CpqMgmt\cqmgserv\CPQSM2.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\sm2user.dll] [Hewlett-Packard Company, 7.80.00.0] [C:\WINDOWS\system32\cpqsmif.dll] [Hewlett-Packard Company, 1.2.0.0] [PID: 2176 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll] [N/A, ] [C:\WINDOWS\system32\cqstrutl.dll] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQIDE.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMDISK.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMSCSI.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQMIDA.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQFCA.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQISCSI.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\STORALRT.dll] [N/A, ] [C:\WINDOWS\system32\CpqMgmt\cqmgstor\CPQSAS.dll] [N/A, ] [C:\WINDOWS\system32\CQHSTUTL.DLL] [Hewlett-Packard Company, 7.80.0.0] [PID: 2200 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\athprxy.dll] [Microsoft Corporation, 9.107.8320.9] [PID: 2292 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\modules\mod_access.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_actions.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_alias.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_cgi.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_dir.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_env.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_imap.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_log_config.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_mime.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_connect.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_http.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_rewrite.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_headers.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_ssl.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\bin\SSLEAY32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_aa.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_config.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\domc.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_bc.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_ui.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_pkcs.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_help.so] [Hewlett-Packard Company, 2.1.8.177] [C:\hp\hpsmh\modules\php4apache2.so] [N/A, ] [C:\hp\hpsmh\modules\php4ts.dll] [The PHP Group, 4.4.6.6] [C:\hp\hpsmh\modules\php_domxml.dll] [N/A, ] [C:\hp\hpsmh\bin\iconv.dll] [Free Software Foundation, 1.9] [PID: 2300 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2436 / Administrator][C:\WINDOWS\Cluster\clussvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2512 / SYSTEM][C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\cqhstutl.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQMHOST.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQPERF.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQSTAT.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQSWV.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\CPQTHRSH.dll] [Hewlett-Packard Company, 7.80.0.0] [C:\WINDOWS\system32\CpqMgmt\cqmghost\HOSTALRT.dll] [Hewlett-Packard Company, 7.80.0.0] [PID: 2568 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2576 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2596 / SYSTEM][C:\hp\hpsmh\bin\hpsmhd.exe] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\bin\libapr.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libaprutil.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libapriconv.dll] [Apache Software Foundation, 0.0.0.0] [C:\hp\hpsmh\bin\libhttpd.dll] [Hewlett-Packard Company, 2.1.8.179] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\hp\hpsmh\modules\mod_access.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_actions.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_alias.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_cgi.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_dir.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_env.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_imap.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_log_config.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_mime.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_connect.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_proxy_http.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_negotiation.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_rewrite.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_setenvif.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_headers.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\modules\mod_ssl.so] [Apache Software Foundation, 2.0.49] [C:\hp\hpsmh\bin\SSLEAY32.dll] [N/A, ] [C:\hp\hpsmh\bin\LIBEAY32.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_aa.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_config.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\domc.dll] [N/A, ] [C:\hp\hpsmh\modules\mod_smh_bc.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_ui.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_pkcs.so] [Hewlett-Packard Company, 2.1.8.179] [C:\hp\hpsmh\modules\mod_smh_help.so] [Hewlett-Packard Company, 2.1.8.177] [C:\hp\hpsmh\modules\php4apache2.so] [N/A, ] [C:\hp\hpsmh\modules\php4ts.dll] [The PHP Group, 4.4.6.6] [C:\hp\hpsmh\modules\php_domxml.dll] [N/A, ] [C:\hp\hpsmh\bin\iconv.dll] [Free Software Foundation, 1.9] [PID: 2844 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2852 / SYSTEM][C:\hp\hpsmh\bin\rotatelogs.exe] [Apache Software Foundation, 2.0.49] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 3944 / Administrator][C:\WINDOWS\cluster\resrcmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\SQSRVRES.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\SQAGTRES.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINDOWS\cluster\gathercl.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\objcreat.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\athprxy.dll] [Microsoft Corporation, 9.107.8320.9] [PID: 4068 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 2088 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 332 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [D:\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 4224 / Administrator][C:\WINDOWS\system32\cpqteam.exe] [Hewlett-Packard Company, 8.60.0.11] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 4240 / Administrator][C:\Program Files\Rising\Rav\RavTray.exe] [Rising, 19, 0, 0, 16] [C:\Program Files\Rising\Rav\RavUILib.dll] [, 18, 0, 0, 1] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\RavTray936.dll] [Rising, 19, 0, 0, 16] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3] [C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1] [PID: 4264 / Administrator][C:\WINDOWS\SoundMan.exe] [1, 1.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\ast\AST.dll] [超级巡警, 1.0.2.10] [PID: 4280 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 4296 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 4308 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 48] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 4340 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00] [PID: 5208 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [PID: 5404 / Administrator][D:\ast\ast.exe] [超级巡警, 1, 8, 6, 110] [D:\ast\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\ast\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\ast\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\ast\common.dll] [超级巡警, 1.4.2.27] [D:\ast\EngineSDK.dll] [超级巡警, 2.2.2.56] [D:\ast\aScanCom.dll] [超级巡警, 2.1.2.42] [D:\ast\AST.dll] [超级巡警, 1.0.2.10] [D:\ast\AutoRun.dll] [超级巡警, 2.2.2.21] [D:\ast\FileAnalyser.dll] [超级巡警, 1.0.1.11] [D:\ast\FileForceKiller.dll] [DSW Lab, 1.0.1.0] [D:\ast\ManagerProcess.dll] [超级巡警, 1.3.4.13] [D:\ast\ManagerService.dll] [超级巡警, 1.0.6.4] [D:\ast\Monitor.dll] [超级巡警, 1, 7, 9, 40] [D:\ast\PortAssociate.dll] [超级巡警, 1.0.3.7] [D:\ast\ssdt.dll] [超级巡警, 1.0.2.4] [D:\ast\StateViewer.dll] [超级巡警, 1.0.10.16] [D:\ast\tIERepair.dll] [超级巡警, 1, 2, 2, 20] [D:\ast\tRubbishClear.dll] [超级巡警, 1.5.2.20] [D:\ast\tSecurityOptimize.dll] [超级巡警, 1.1.2.0] [D:\ast\zDiagnosticTool.dll] [超级巡警, 1.2.1.3] [D:\ast\KillModule.dll] [超级巡警, 1.2.2.24] [D:\ast\MScaner.dll] [超级巡警, 1.0.0.26] [D:\ast\ScanAd.dll] [超级巡警, 1.0.1.1] [D:\ast\SKEngine.dll] [超级巡警, 1.6.5.12] [D:\ast\smart.dll] [超级巡警, 1.0.0.31] [D:\ast\unarc.dll] [超级巡警, 1.2.5] [D:\ast\SScanner.dll] [超级巡警, 1, 0, 0, 3]
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:	发表于： 2008-05-13 11:09 \| 只看楼主短消息资料字号：小中大 7楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志） [PID: 6024 / Administrator][D:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\ast\AST.dll] [超级巡警, 1.0.2.10] [D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [PID: 1372 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17] [D:\ast\AST.dll] [超级巡警, 1.0.2.10] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeSystemtimePrivilege [PID = 4264, C:\WINDOWS\SOUNDMAN.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 5404, D:\AST\AST.EXE] ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003E3A8D) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003E3B2D) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003E3A8D) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003E3B2D) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: D:\ast\AST.dll) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: D:\ast\AST.dll) ================================== 隐藏进程 N/A ================================== [/CODE] 什么软件都用过了，没有什么效果，所以请给位老师帮帮忙，谢谢
kikiyoyo 初生襁褓狮帖子:8 注册: 2006-08-16 来自:

日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京	发表于： 2008-05-13 14:05 \| 短消息资料字号：小中大 8楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）看看这个伪SOUNDMAN http://forum.ikaka.com/topic.asp?board=28&artid=8442120 友情连接：www.jiake168.com(获得国家专利的私家车车身广告官网）邮箱：571wind@163.com（只收样本）
日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京

日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京	发表于： 2008-05-13 14:06 \| 短消息资料字号：小中大 9楼回复：求助：服务器中木马群了，怎么清理不干净！请各位老师帮忙解决（附SREngPS日志）另外，要安装防火墙~~ 安装ARP防火墙友情连接：www.jiake168.com(获得国家专利的私家车车身广告官网）邮箱：571wind@163.com（只收样本）
日不懂啊叱咤花甲狮帖子:14337 注册: 2007-03-08 来自:江苏南京

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT