1   1  /  1  页   跳转

【求助】Trojan.PSW.QQGame.v

收藏
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-28 18:35 | 显示全部 短消息 资料
字号: 1楼

【求助】Trojan.PSW.QQGame.v

Trojan.PSW.QQGame.v 今天不小心中了这个毒,我的瑞星杀软件和防火墙每次启动都打不开了 但是要用手动瑞星杀毒才可以查杀,过后重新启动又有了,这是怎么回事呀
请帮我解决一下?

最后编辑2006-08-29 13:50:07
分享到:
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-28 18:52 | 显示全部 短消息 资料
字号: 2楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      18:40:32, 日期 2006-8-28
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\不用安装的抓图软件\桌面\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5006.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\讯雷5\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\讯雷5\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\2005QQ文件夹\AddPanel.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A}? - E:\浩方对战平台\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146456014709
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C33C0BB2-B574-4BC6-9AC9-27B76979B9B1}: NameServer = 202.98.198.168 202.98.192.68
O23 - NT 服务: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Unknown owner - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-28 22:38 | 显示全部 短消息 资料
字号: 3楼

System Information Collect Tool - Designed By Smallfrogs


20060828-20:25
Windows XP Service Pack 2
Internet Explorer: 6.0.2900.2180


*****************************************************************
      Runing Processes information
*****************************************************************
=====================================================
PROCESS NAME:  System
-----------------------------------------------------
  Process ID  = 0x00000004
  Thread count= 52
  Parent process ID = 0
  Priority Class    = 32


Modules:
------------------------------------


=====================================================
PROCESS NAME:  smss.exe
-----------------------------------------------------
  Process ID  = 0x000001b8
  Thread count= 3
  Parent process ID = 4
  Priority Class    = 32


Modules:
------------------------------------
\SystemRoot\System32\smss.exe (0x48580000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)



=====================================================
PROCESS NAME:  csrss.exe
-----------------------------------------------------
    WARNING: OpenProcess failed with error 5 ()
  Process ID  = 0x000001e8
  Thread count= 10
  Parent process ID = 440


Modules:
------------------------------------


=====================================================
PROCESS NAME:  winlogon.exe
-----------------------------------------------------
  Process ID  = 0x00000200
  Thread count= 20
  Parent process ID = 440
  Priority Class    = 128


Modules:
------------------------------------
\??\C:\WINDOWS\system32\winlogon.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\AUTHZ.dll (0x77FE0000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\CRYPT32.dll (0x765E0000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\MSASN1.dll (0x76DB0000)

C:\WINDOWS\system32\NDdeApi.dll (0x758A0000)

C:\WINDOWS\system32\PROFMAP.dll (0x75890000)

C:\WINDOWS\system32\NETAPI32.dll (0x5FDD0000)

C:\WINDOWS\system32\USERENV.dll (0x759D0000)

C:\WINDOWS\system32\PSAPI.DLL (0x76BC0000)

C:\WINDOWS\system32\REGAPI.dll (0x76B90000)

C:\WINDOWS\system32\Secur32.dll (0x77FC0000)

C:\WINDOWS\system32\SETUPAPI.dll (0x76060000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\WINSTA.dll (0x762D0000)

C:\WINDOWS\system32\WINTRUST.dll (0x76C00000)

C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)

C:\WINDOWS\system32\WS2_32.dll (0x71A20000)

C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\system32\MSGINA.dll (0x758D0000)

C:\WINDOWS\system32\SHELL32.dll (0x7D590000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-28 22:38 | 显示全部 短消息 资料
字号: 4楼

C:\WINDOWS\system32\COMCTL32.dll (0x5D170000)

C:\WINDOWS\system32\ODBC32.dll (0x73540000)

C:\WINDOWS\system32\comdlg32.dll (0x76320000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\odbcint.dll (0x20000000)

C:\WINDOWS\system32\SHSVCS.dll (0x76E10000)

C:\WINDOWS\system32\sfc.dll (0x76B80000)

C:\WINDOWS\system32\sfc_os.dll (0x76C30000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\Apphelp.dll (0x76D70000)

C:\WINDOWS\system32\msctfime.ime (0x73640000)

C:\WINDOWS\system32\WINSCARD.DLL (0x72360000)

C:\WINDOWS\system32\WTSAPI32.dll (0x76F20000)

C:\WINDOWS\system32\sxs.dll (0x75E00000)

C:\WINDOWS\system32\WINMM.dll (0x76B10000)

C:\WINDOWS\system32\uxtheme.dll (0x5ADC0000)

C:\WINDOWS\system32\rsaenh.dll (0x0FFD0000)

C:\WINDOWS\system32\cscdll.dll (0x76570000)

C:\WINDOWS\system32\WlNotify.dll (0x758B0000)

C:\WINDOWS\system32\WINSPOOL.DRV (0x72F70000)

C:\WINDOWS\system32\MPR.dll (0x71A90000)

C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)

C:\WINDOWS\system32\cscui.dll (0x76590000)

C:\WINDOWS\system32\xpsp2res.dll (0x01570000)

C:\WINDOWS\system32\NTMARTA.DLL (0x76CB0000)

C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)

C:\WINDOWS\system32\msv1_0.dll (0x77C40000)

C:\WINDOWS\system32\iphlpapi.dll (0x76D30000)

C:\WINDOWS\system32\wdmaud.drv (0x72C90000)

C:\WINDOWS\system32\msacm32.drv (0x72C80000)

C:\WINDOWS\system32\MSACM32.dll (0x77BB0000)

C:\WINDOWS\system32\midimap.dll (0x77BA0000)

C:\WINDOWS\system32\COMRes.dll (0x77020000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\CLBCATQ.DLL (0x76FA0000)



=====================================================
PROCESS NAME:  services.exe
-----------------------------------------------------
  Process ID  = 0x0000022c
  Thread count= 16
  Parent process ID = 512
  Priority Class    = 32


Modules:
------------------------------------
C:\WINDOWS\system32\services.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\USERENV.dll (0x759D0000)

C:\WINDOWS\system32\SCESRV.dll (0x75840000)

C:\WINDOWS\system32\AUTHZ.dll (0x77FE0000)

C:\WINDOWS\system32\umpnpmgr.dll (0x7E1E0000)

C:\WINDOWS\system32\WINSTA.dll (0x762D0000)

C:\WINDOWS\system32\NETAPI32.dll (0x5FDD0000)

C:\WINDOWS\system32\NCObjAPI.DLL (0x5F9A0000)

C:\WINDOWS\system32\MSVCP60.dll (0x75FF0000)

C:\WINDOWS\system32\ShimEng.dll (0x5CC30000)

C:\WINDOWS\AppPatch\AcGenral.DLL (0x58FB0000)

C:\WINDOWS\system32\WINMM.dll (0x76B10000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\MSACM32.dll (0x77BB0000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\SHELL32.dll (0x7D590000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)

C:\WINDOWS\system32\UxTheme.dll (0x5ADC0000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\comctl32.dll (0x5D170000)

C:\WINDOWS\system32\secur32.dll (0x77FC0000)

C:\WINDOWS\system32\Apphelp.dll (0x76D70000)

C:\WINDOWS\system32\eventlog.dll (0x76CE0000)

C:\WINDOWS\system32\WS2_32.dll (0x71A20000)

C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)

C:\WINDOWS\system32\PSAPI.DLL (0x76BC0000)

C:\WINDOWS\system32\wtsapi32.dll (0x76F20000)



=====================================================
PROCESS NAME:  lsass.exe
-----------------------------------------------------
  Process ID  = 0x00000238
  Thread count= 19
  Parent process ID = 512
  Priority Class    = 32


Modules:
------------------------------------
C:\WINDOWS\system32\lsass.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\LSASRV.dll (0x74480000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\Secur32.dll (0x77FC0000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\SAMSRV.dll (0x743A0000)

C:\WINDOWS\system32\cryptdll.dll (0x76760000)

C:\WINDOWS\system32\DNSAPI.dll (0x76EF0000)

C:\WINDOWS\system32\WS2_32.dll (0x71A20000)

C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)

C:\WINDOWS\system32\MSASN1.dll (0x76DB0000)

C:\WINDOWS\system32\NETAPI32.dll (0x5FDD0000)

C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)

C:\WINDOWS\system32\MPR.dll (0x71A90000)

C:\WINDOWS\system32\NTDSAPI.dll (0x76770000)

C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)

C:\WINDOWS\system32\ShimEng.dll (0x5CC30000)

C:\WINDOWS\AppPatch\AcGenral.DLL (0x58FB0000)

C:\WINDOWS\system32\WINMM.dll (0x76B10000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\MSACM32.dll (0x77BB0000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\SHELL32.dll (0x7D590000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)

C:\WINDOWS\system32\USERENV.dll (0x759D0000)

C:\WINDOWS\system32\UxTheme.dll (0x5ADC0000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\comctl32.dll (0x5D170000)

C:\WINDOWS\system32\msprivs.dll (0x20000000)

C:\WINDOWS\system32\kerberos.dll (0x71C70000)

C:\WINDOWS\system32\msv1_0.dll (0x77C40000)

C:\WINDOWS\system32\iphlpapi.dll (0x76D30000)

C:\WINDOWS\system32\netlogon.dll (0x74410000)

C:\WINDOWS\system32\w32time.dll (0x76790000)

C:\WINDOWS\system32\MSVCP60.dll (0x75FF0000)

C:\WINDOWS\system32\schannel.dll (0x767C0000)

C:\WINDOWS\system32\CRYPT32.dll (0x765E0000)

C:\WINDOWS\system32\wdigest.dll (0x742E0000)

C:\WINDOWS\system32\rsaenh.dll (0x0FFD0000)

C:\WINDOWS\system32\scecli.dll (0x74370000)

C:\WINDOWS\system32\SETUPAPI.dll (0x76060000)

C:\WINDOWS\system32\ipsecsvc.dll (0x74340000)

C:\WINDOWS\system32\AUTHZ.dll (0x77FE0000)

C:\WINDOWS\system32\oakley.DLL (0x73ED0000)

C:\WINDOWS\system32\WINIPSEC.DLL (0x742D0000)

C:\WINDOWS\system32\pstorsvc.dll (0x74300000)

C:\WINDOWS\system32\mswsock.dll (0x719C0000)

C:\WINDOWS\system32\hnetcfg.dll (0x60FD0000)

C:\WINDOWS\system32\psbase.dll (0x74320000)

C:\WINDOWS\System32\wshtcpip.dll (0x71A00000)

C:\WINDOWS\system32\dssenh.dll (0x68100000)



=====================================================
PROCESS NAME:  svchost.exe
-----------------------------------------------------
  Process ID  = 0x000002dc
  Thread count= 19
  Parent process ID = 556
  Priority Class    = 32


Modules:
------------------------------------
C:\WINDOWS\system32\svchost.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\ShimEng.dll (0x5CC30000)

C:\WINDOWS\AppPatch\AcGenral.DLL (0x58FB0000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\WINMM.dll (0x76B10000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\MSACM32.dll (0x77BB0000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\SHELL32.dll (0x7D590000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)

C:\WINDOWS\system32\USERENV.dll (0x759D0000)

C:\WINDOWS\system32\UxTheme.dll (0x5ADC0000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\comctl32.dll (0x5D170000)

C:\WINDOWS\system32\NTMARTA.DLL (0x76CB0000)

C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)

C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)

c:\windows\system32\rpcss.dll (0x76230000)

c:\windows\system32\Secur32.dll (0x77FC0000)
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-28 22:39 | 显示全部 短消息 资料
字号: 5楼

:\Program Files\rising\Rav\PostTrt.dll (0x0A3D0000)

C:\Program Files\rising\Rav\UnExe.dll (0x0A410000)

C:\Program Files\rising\Rav\ScanExec.dll (0x13AB0000)

C:\WINDOWS\system32\CLBCATQ.DLL (0x76FA0000)

C:\WINDOWS\system32\COMRes.dll (0x77020000)

C:\WINDOWS\system32\xpsp2res.dll (0x20000000)

C:\Program Files\rising\Rav\ScanEx.dll (0x0B190000)

C:\Program Files\rising\Rav\RSUnpack.dll (0x0AF20000)

C:\Program Files\rising\Rav\NvFile.dll (0x0B0F0000)

C:\Program Files\rising\Rav\ScanMac.dll (0x13AF0000)

C:\Program Files\rising\Rav\ScanSct.dll (0x0B5B0000)

C:\Program Files\rising\Rav\Unpacker.dll (0x0BF60000)

C:\Program Files\rising\Rav\ExtOLE.dll (0x0EA90000)

C:\Program Files\rising\Rav\ScanNet.dll (0x0C0C0000)

C:\WINDOWS\system32\perfproc.dll (0x5E8E0000)

C:\Program Files\rising\Rav\RsStore.dll (0x099B0000)

C:\WINDOWS\system32\ODBC32.dll (0x73540000)

C:\WINDOWS\system32\comdlg32.dll (0x76320000)

C:\WINDOWS\system32\odbcint.dll (0x0FEE0000)

C:\WINDOWS\system32\odbcjt32.dll (0x4AAC0000)

C:\WINDOWS\system32\msjet40.dll (0x1B000000)

C:\WINDOWS\system32\mswstr10.dll (0x1B5D0000)

C:\WINDOWS\system32\odbcji32.dll (0x4B4E0000)

C:\WINDOWS\system32\msjter40.dll (0x1B2C0000)

C:\WINDOWS\system32\MSJINT40.DLL (0x1B2D0000)

C:\WINDOWS\system32\odbccp32.dll (0x4D3D0000)

C:\WINDOWS\system32\Secur32.dll (0x77FC0000)

C:\WINDOWS\system32\VBAJET32.DLL (0x0F3F0000)



=====================================================
PROCESS NAME:  rfwsrv.exe
-----------------------------------------------------
  Process ID  = 0x0000048c
  Thread count= 16
  Parent process ID = 556
  Priority Class    = 32


Modules:
------------------------------------
c:\program files\rising\rfw\rfwsrv.exe (0x00400000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\MFC42.DLL (0x73D30000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\COMCTL32.dll (0x5D170000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\system32\MFC42LOC.DLL (0x61BE0000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\USERENV.dll (0x759D0000)

c:\program files\rising\rfw\RfwRule.dll (0x10000000)

c:\program files\rising\rfw\rfwlog.dll (0x003E0000)

c:\program files\rising\rfw\Rfwdrv.dll (0x00800000)

c:\program files\rising\rfw\psapi.dll (0x731B0000)

C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)

c:\program files\rising\rfw\MonDrv.dll (0x00920000)

c:\program files\rising\rfw\ProcLib.dll (0x00B50000)

C:\WINDOWS\system32\perfproc.dll (0x5E8E0000)

C:\WINDOWS\system32\secur32.dll (0x77FC0000)

C:\WINDOWS\system32\netapi32.dll (0x5FDD0000)

C:\WINDOWS\system32\CLBCATQ.DLL (0x76FA0000)

C:\WINDOWS\system32\COMRes.dll (0x77020000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\xpsp2res.dll (0x20000000)



=====================================================
PROCESS NAME:  explorer.exe
-----------------------------------------------------
  Process ID  = 0x0000050c
  Thread count= 14
  Parent process ID = 1268
  Priority Class    = 32


Modules:
------------------------------------
C:\WINDOWS\Explorer.EXE (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-29 10:51 | 显示全部 短消息 资料
字号: 6楼

:\WINDOWS\system32\ntdll.dll (0x7C920000)

C:\WINDOWS\system32\kernel32.dll (0x7C800000)

C:\WINDOWS\system32\PSAPI.DLL (0x76BC0000)

C:\WINDOWS\system32\MFC42.DLL (0x73D30000)

C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)

C:\WINDOWS\system32\GDI32.dll (0x77EF0000)

C:\WINDOWS\system32\USER32.dll (0x77D10000)

C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)

C:\WINDOWS\system32\RPCRT4.dll (0x77E50000)

C:\WINDOWS\system32\SHELL32.dll (0x7D590000)

C:\WINDOWS\system32\SHLWAPI.dll (0x77F40000)

C:\WINDOWS\system32\IMM32.DLL (0x76300000)

C:\WINDOWS\system32\LPK.DLL (0x62C20000)

C:\WINDOWS\system32\USP10.dll (0x73FA0000)

C:\WINDOWS\system32\MFC42LOC.DLL (0x61BE0000)

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (0x77180000)

C:\WINDOWS\system32\nview.dll (0x10000000)

C:\WINDOWS\system32\ole32.dll (0x76990000)

C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)

C:\WINDOWS\system32\WINMM.dll (0x76B10000)

C:\WINDOWS\system32\VERSION.dll (0x77BD0000)

C:\WINDOWS\system32\NTMARTA.DLL (0x76CB0000)

C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)

C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)

C:\WINDOWS\system32\NVWRSZHC.DLL (0x00A30000)

C:\WINDOWS\system32\MSCTF.dll (0x74680000)

C:\WINDOWS\system32\msctfime.ime (0x73640000)
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-29 10:54 | 显示全部 短消息 资料
字号: 7楼

pplication Layer Gateway Service                  [ALG                                    ]  <Running>, Binpath = C:\WINDOWS\System32\alg.exe
  Application Management                            [AppMgmt                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  ASP.NET State Service                              [aspnet_state                            ]  <Stopped>, Binpath = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  Windows Audio                                      [AudioSrv                                ]  <Running>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  Background Intelligent Transfer Service            [BITS                                    ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Computer Browser                                  [Browser                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Indexing Service                                  [CiSvc                                  ]  <Stopped>, Binpath = C:\WINDOWS\system32\cisvc.exe
  ClipBook                                          [ClipSrv                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\clipsrv.exe
  COM+ System Application                            [COMSysApp                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Cryptographic Services                            [CryptSvc                                ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  DCOM Server Process Launcher                      [DcomLaunch                              ]  <Running>, Binpath = C:\WINDOWS\system32\svchost -k DcomLaunch
  DHCP Client                                        [Dhcp                                    ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Logical Disk Manager Administrative Service        [dmadmin                                ]  <Stopped>, Binpath = C:\WINDOWS\System32\dmadmin.exe /com
  Logical Disk Manager                              [dmserver                                ]  <Running>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  DNS Client                                        [Dnscache                                ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k NetworkService
  Error Reporting Service                            [ERSvc                                  ]  <Stopped>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  Event Log                                          [Eventlog                                ]  <Running>, Binpath = C:\WINDOWS\system32\services.exe
  COM+ Event System                                  [EventSystem                            ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Fast User Switching Compatibility                  [FastUserSwitchingCompatibility          ]  <Running>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  Help and Support                                  [helpsvc                                ]  <Running>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  Human Interface Device Access                      [HidServ                                ]  <Stopped>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  HTTP SSL                                          [HTTPFilter                              ]  <Stopped>, Binpath = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
  IMAPI CD-Burning COM Service                      [ImapiService                            ]  <Stopped>, Binpath = C:\WINDOWS\system32\imapi.exe
  Server                                            [lanmanserver                            ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Workstation                                        [lanmanworkstation                      ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  TCP/IP NetBIOS Helper                              [LmHosts                                ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k LocalService
  Messenger                                          [Messenger                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  NetMeeting Remote Desktop Sharing                  [mnmsrvc                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\mnmsrvc.exe
  Distributed Transaction Coordinator                [MSDTC                                  ]  <Stopped>, Binpath = C:\WINDOWS\system32\msdtc.exe
  Windows Installer                                  [MSIServer                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\msiexec.exe /V
  Network DDE                                        [NetDDE                                  ]  <Stopped>, Binpath = C:\WINDOWS\system32\netdde.exe
  Network DDE DSDM                                  [NetDDEdsdm                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\netdde.exe
  Net Logon                                          [Netlogon                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\lsass.exe
  Network Connections                                [Netman                                  ]  <Running>, Binpath = C:\WINDOWS\System32\svchost.exe -k netsvcs
  Network Location Awareness (NLA)                  [Nla                                    ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  NT LM Security Support Provider                    [NtLmSsp                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\lsass.exe
  Removable Storage                                  [NtmsSvc                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  NVIDIA Display Driver Service                      [NVSvc                                  ]  <Running>, Binpath = C:\WINDOWS\system32\nvsvc32.exe
  Plug and Play                                      [PlugPlay                                ]  <Running>, Binpath = C:\WINDOWS\system32\services.exe
  IPSEC Services                                    [PolicyAgent                            ]  <Running>, Binpath = C:\WINDOWS\system32\lsass.exe
  Protected Storage                                  [ProtectedStorage                        ]  <Running>, Binpath = C:\WINDOWS\system32\lsass.exe
  Remote Access Auto Connection Manager              [RasAuto                                ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Remote Access Connection Manager                  [RasMan                                  ]  <Running>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Remote Desktop Help Session Manager                [RDSessMgr                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\sessmgr.exe
  Routing and Remote Access                          [RemoteAccess                            ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k netsvcs
  Remote Registry                                    [RemoteRegistry                          ]  <Stopped>, Binpath = C:\WINDOWS\system32\svchost.exe -k LocalService
  Rising Proxy  Service                              [RfwProxySrv                            ]  <Stopped>, Binpath = c:\program files\rising\rfw\rfwproxy.exe
  Rising Personal Firewall Service                  [RfwService                              ]  <Running>, Binpath = c:\program files\rising\rfw\rfwsrv.exe
  Remote Procedure Call (RPC) Locator                [RpcLocator                              ]  <Stopped>, Binpath = C:\WINDOWS\system32\locator.exe
  Remote Procedure Call (RPC)                        [RpcSs                                  ]  <Running>, Binpath = C:\WINDOWS\system32\svchost -k rpcss
  Rising Process Communication Center                [RsCCenter                              ]  <Running>, Binpath = "C:\Program Files\rising\Rav\CCenter.exe"
  RsRavMon Service                                  [RsRavMon                                ]  <Running>, Binpath = "C:\Program Files\rising\Rav\Ravmond.exe"
  QoS RSVP                                          [RSVP                                    ]  <Stopped>, Binpath = C:\WINDOWS\system32\rsvp.exe
  Security Accounts Manager
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-29 10:54 | 显示全部 短消息 资料
字号: 8楼

0:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
ctfmon.exe……C:\WINDOWS\system32\ctfmon.exe
------------------------------------------------------------
1:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
------------------------------------------------------------
2:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
3:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
------------------------------------------------------------
------------------------------------------------------------
4:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
------------------------------------------------------------
------------------------------------------------------------
5:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:load
------------------------------------------------------------
load……
------------------------------------------------------------
6:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:run
------------------------------------------------------------
------------------------------------------------------------
7:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System  键值名称:Shell
------------------------------------------------------------
------------------------------------------------------------
8:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
9:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
------------------------------------------------------------
IMJPMIG8.1……"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync……C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A……C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RfwMain……"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
RavTask……"C:\Program Files\rising\Rav\RavTask.exe" -system
MSPY2002……C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
NvCplDaemon……RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz……nwiz.exe /install
NvMediaCenter……RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
------------------------------------------------------------
10:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
------------------------------------------------------------
RavStub……"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
------------------------------------------------------------
11:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
------------------------------------------------------------
------------------------------------------------------------
12:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunService
------------------------------------------------------------
------------------------------------------------------------
13:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
------------------------------------------------------------
------------------------------------------------------------
14:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
------------------------------------------------------------
------------------------------------------------------------
15:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  键值名称:Shell
------------------------------------------------------------
Shell……explorer.exe
------------------------------------------------------------
16:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon  键值名称:Userinit
------------------------------------------------------------
Userinit……C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------
17:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows  键值名称:AppInit_DLLs
------------------------------------------------------------
AppInit_DLLs……
gototop
 
单纯的玉米
头像
快乐黄口狮
  • 帖子:164
  • 注册: 2006-08-28
  • 来自:
发表于: 2006-08-29 13:58 | 显示全部 短消息 资料
字号: 9楼

帮我看一下啊 谢谢!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT