机器飙到木马了.连瑞星防火墙一打开都显示发送错误报告. 大虾们帮帮忙啊.
进程里有个叫system Idle p....的名称的老是占99 cpu使用空间..help help..

加我QQ 我远程你看.651453924。。。谢谢啊..

引用:

【轩辕小聪的贴子】进程里有个叫system Idle p....的名称的老是占99 cpu 这个是完全正常的。 提示是什么样的，截个图上来。 ...........................

这个有问题么?

引用:

【安逸和平的贴子】这个有问题么? ...........................

就是啊..我用了好几个软件都杀不完它们.好强额.qq都给盗了..
怎么导出日志啊.?

在哪下啊.?

额..- -#  sorry..看到了``我现在就下

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Torjan Program><C:\WINDOWS\WINLOGON.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TProgram><C:\WINDOWS\smss.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
  <Torjan Program><C:\WINDOWS\WINLOGON.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <KernelFaultCheck><C:\WINDOWS\System32\msime.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe 1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><APIHookDll.dll>

正在运行的进程
[PID: 540][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
    [C:\WINDOWS\System32\NavLogon.dll]  <N/A><N/A>
[PID: 672][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 684][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 864][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 968][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1104][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1136][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1560][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINDOWS\System32\DTSERV~1.DLL]  <><1, 3, 0, 0>
    [C:\DOCUME~1\abc\LOCALS~1\Temp\f3\fwpxres.dll]  <><1, 0, 0, 0>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\DOCUME~1\abc\LOCALS~1\Temp\f3\ex\mcl.dll]  <N/A><N/A>
    [C:\Program Files\CoolWebsite\QuickLink.dll]  <Fengcent><1, 0, 0, 2>
    [C:\WINDOWS\SYSTEM32\HelperService.dll]  <N/A><N/A>
[PID: 1728][C:\WINDOWS\System32\winmer.exe]  <Microsoft Corporation><5.1.2600.0>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 1736][C:\WINDOWS\WINLOGON.EXE]  <Ce6><0.00.0070>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 1812][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 1948][C:\WINDOWS\smss.exe]  <FCL><0.00.0070>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 2000][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3427>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 2012][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 1600][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1792][C:\WINDOWS\System32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.4502>
[PID: 1768][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1176][C:\WINDOWS\System32\msime.exe]  <Microsoft Corporation><5.1.2600.2180>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>
[PID: 1060][C:\DOCUME~1\abc\LOCALS~1\Temp\svchost.exe]  <N/A><N/A>
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr]  <N/A><N/A>
    [C:\DOCUME~1\abc\LOCALS~1\Temp\packet.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\DOCUME~1\abc\LOCALS~1\Temp\WanPacket.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\SPY_WOOOL\SPY_DLL.dll]  <N/A><N/A>