瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 系统时间不对的,过来看,超强病毒组合矛头直指瑞星!!

1   1  /  1  页   跳转

系统时间不对的,过来看,超强病毒组合矛头直指瑞星!!

收藏
luang
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-03-07
  • 来自:
发表于: 2007-04-19 16:43 | 显示全部 短消息 资料
字号: 1楼

系统时间不对的,过来看,超强病毒组合矛头直指瑞星!!

以前贴子上好多威金的病毒,大家都可以用手工直接删除,但最近却遇到了难题!比如wsctf现在怎么删都删不掉,我都从光盘启动的PE系统全部搜了也杀了,重起后再看一样有!最让人可恶的是它们破坏系统的时间,老提示时间错误!在系统下也改不过来!显示的时间年限为1990,不知有何意图!让人误以为是电池不行了!时间不对道导QQ无法安装,解压软件过期,杀软无法验证升级!还有让人难过的是除了系统盘外打开盘符显示auto,显示所有文件下看到有一个rising.exe 的程序!下面有我电脑中毒后的扫描日志!

[CODE]

2007-04-18,19:10:47

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <wsctf.exe><wsctf.exe>  [Microsoft Corporation]
    <EXPLORER.EXE><EXPLORER.EXE>  [Microsoft Corporation]
    <rw9d3><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
    <RealUpdate><c:\Update.exe>  [N/A]
    <m7dqix3b7b1x2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <{12521C09-0516-2052-0907-010928000056}><"C:\Program Files\Common Files\{12521C09-0516-2052-0907-010928000056}\Update.exe" mc-110-12-0002317>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [N/A]
    <NvCplDaemon><; RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <load><C:\Documents and Settings\Administrator\WINDOWS\uninstall\rundl132.exe>  [N/A]
    <shualai><C:\Documents and Settings\Administrator\WINDOWS\shualai.exe /i>  [N/A]
    <winform><C:\Documents and Settings\Administrator\WINDOWS\winform.exe>  [N/A]
    <runner1><C:\Documents and Settings\Administrator\WINDOWS\updater.exe 61A847B5BBF72810328B2B27128065E9C084320161C4661227A755E9C2933154389A>  [N/A]
    <mppds><C:\Documents and Settings\Administrator\WINDOWS\mppds.exe>  [N/A]
    <fhxiqe51><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\fhxiqe51.dll",Start>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <dbzabp86><%systemroot%\system32\Rundll32.exe %systemroot%\system32\dbzabp86.dll,DllUnregisterServer>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><userinit.exe,EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msvbvm50]
    <WinlogonNotify: msvbvm50><rncd32.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\windows\system32\rpcc.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Windows  RunThem / ][Stopped/Auto Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\htbo\udly.dll>< >
[0CBAD916 / 0CBAD916][Stopped/Auto Start]
  <C:\windows\system32\0CBAD916.EXE -0CBAD916><Microsoft Corporation>
[2C4F5E1F / 2C4F5E1F][Stopped/Auto Start]
  <C:\windows\system32\2C4F5E1F.EXE -k><Microsoft Corporation>
[Event Service / AtHome][Stopped/Auto Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\windows\system32\goasr.dll><Microsoft Corporation>
[C4F00622 / C4F00622][Stopped/Auto Start]
  <C:\windows\system32\C4F00622.EXE -service><Microsoft Corporation>
[Client IP-IPX / Client IP-IPX][Stopped/Auto Start]
  <"C:\windows\system32\svchosts.exe" -e mc-110-12-0002317><N/A>
[Remote Route Service / ClipArt][Stopped/Auto Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\windows\system32\blkjw.dll><Microsoft Corporation>
[error monitor / EmonSrv][Stopped/Auto Start]
  <C:\windows\system32\884f.exe><N/A>
[IEAgent service / IEAgent][Stopped/Auto Start]
  <"C:\WINDOWS\system32\ieagent.exe"><N/A>
[kkdj3sdf3 / kkdj3sdf3][Stopped/Auto Start]
  <C:\windows\system32\kkdj3sdf3.exe -j><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\windows\system32\nvsvc32.exe><NVIDIA Corporation>
[Windows pygw RunThem / pygw][Stopped/Auto Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\htbo\udly.dll>< >
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
  <C:\windows\system32\RpcS.exe><Microsoft Corporation>
[Selaris Frame Work / Selaris][Stopped/Auto Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\imjpmig\imjpmig32.dll><N/A>
[Windows 用户模式驱动框架 / UMWdf][Stopped/Manual Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[QoS Service / WIDETS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\ZWUPX.DLL,Export 1087><Microsoft Corporation>
最后编辑2007-04-19 16:42:01
分享到:
gototop
 
luang
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-03-07
  • 来自:
发表于: 2007-04-19 16:45 | 显示全部 短消息 资料
字号: 2楼

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><N/A>
[Microsoft ACPI Driver / ACPI][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ACPI.sys><N/A>
[acpidisk / acpidisk][Stopped/Auto Start]
  <\??\C:\windows\system32\drivers\acpidisk.sys><N/A>
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><N/A>
[AFD / AFD][Stopped/System Start]
  <\SystemRoot\System32\drivers\afd.sys><N/A>
[Intel AGP Bus Filter / agp440][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\agp440.sys><N/A>
[AMD K7 Processor Driver / AmdK7][Stopped/System Start]
  <system32\DRIVERS\amdk7.sys><N/A>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><N/A>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <system32\DRIVERS\asyncmac.sys><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ATM ARP Client Protocol / Atmarpc][Stopped/Manual Start]
  <system32\DRIVERS\atmarpc.sys><N/A>
[音频存根驱动程序 / audstub][Stopped/Manual Start]
  <system32\DRIVERS\audstub.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><N/A>
[cdnprot / cdnprot][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[CD-ROM Driver / Cdrom][Running/System Start]
  <system32\DRIVERS\cdrom.sys><N/A>
[dbzabp8 / dbzabp86][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dbzabp86.sys><N/A>
[磁盘驱动器 / Disk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\disk.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><N/A>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><N/A>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><N/A>
[Microsoft Kernel DLS Syntheiszer / DMusic][Stopped/Manual Start]
  <system32\drivers\DMusic.sys><N/A>
[Microsoft Kernel DRM Audio Descrambler / drmkaud][Stopped/Manual Start]
  <system32\drivers\drmkaud.sys><N/A>
[Floppy Disk Controller Driver / Fdc][Running/Manual Start]
  <system32\DRIVERS\fdc.sys><N/A>
[fhxiqe5 / fhxiqe51][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fhxiqe51.sys><N/A>
[软盘驱动程序 / Flpydisk][Stopped/Manual Start]
  <system32\DRIVERS\flpydisk.sys><N/A>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><N/A>
[FsVga / FsVga][Running/System Start]
  <system32\DRIVERS\fsvga.sys><N/A>
[Volume Manager Driver / Ftdisk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ftdisk.sys><N/A>
[Game Port Enumerator / gameenum][Stopped/Manual Start]
  <system32\DRIVERS\gameenum.sys><N/A>
[gdecfhhh / gdecfhhh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\gdecfhhh.sys><N/A>
[Generic Packet Classifier / Gpc][Stopped/Manual Start]
  <system32\DRIVERS\msgpc.sys><N/A>
[Microsoft HID Class Driver / HidUsb][Stopped/Manual Start]
  <system32\DRIVERS\hidusb.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><N/A>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><N/A>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32\DRIVERS\HPZius12.sys><N/A>
[HTTP / HTTP][Stopped/Manual Start]
  <System32\Drivers\HTTP.sys><N/A>
[i8042 键盘和 PS/2 鼠标端口驱动程序 / i8042prt][Running/System Start]
  <System32\DRIVERS\i8042prt.sys><N/A>
[CD 烧制筛选驱动器 / Imapi][Running/System Start]
  <system32\DRIVERS\imapi.sys><N/A>
[IntelIde / IntelIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\intelide.sys><N/A>
[IPv6 Windows Firewall Driver / Ip6Fw][Stopped/Manual Start]
  <system32\DRIVERS\Ip6Fw.sys><N/A>
[IP Traffic Filter Driver / IpFilterDriver][Stopped/Manual Start]
  <system32\DRIVERS\ipfltdrv.sys><N/A>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[IP Network Address Translator / IpNat][Stopped/Manual Start]
  <system32\DRIVERS\ipnat.sys><N/A>
[IPSEC driver / IPSec][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ipsec.sys><N/A>
[IR Enumerator Service / IRENUM][Stopped/Manual Start]
  <system32\DRIVERS\irenum.sys><N/A>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\isapnp.sys><N/A>
[Keyboard Class Driver / Kbdclass][Running/System Start]
  <System32\Drivers\Kbdclass.sys><N/A>
[Keyboard HID Driver / kbdhid][Stopped/System Start]
  <system32\drivers\kbdhid.sys><N/A>
[Microsoft Kernel Wave Audio Mixer / kmixer][Stopped/Manual Start]
  <system32\drivers\kmixer.sys><N/A>
[Mouse Class Driver / Mouclass][Running/System Start]
  <System32\Drivers\Mouclass.sys><N/A>
[Mouse HID Driver / mouhid][Stopped/Manual Start]
  <system32\DRIVERS\mouhid.sys><N/A>
[WebDav Client Redirector / MRxDAV][Stopped/Manual Start]
  <system32\DRIVERS\mrxdav.sys><N/A>
[MRxSmb / MRxSmb][Stopped/System Start]
  <system32\DRIVERS\mrxsmb.sys><N/A>
[Microsoft Streaming Service Proxy / MSKSSRV][Stopped/Manual Start]
  <system32\drivers\MSKSSRV.sys><N/A>
[Microsoft Streaming Clock Proxy / MSPCLOCK][Stopped/Manual Start]
  <system32\drivers\MSPCLOCK.sys><N/A>
[Microsoft Streaming Quality Manager Proxy / MSPQM][Stopped/Manual Start]
  <system32\drivers\MSPQM.sys><N/A>
[Microsoft System Management BIOS Driver / mssmbios][Running/Manual Start]
  <system32\DRIVERS\mssmbios.sys><N/A>
[Microsoft MPU-401 MIDI UART Driver / ms_mpu401][Stopped/Manual Start]
  <system32\drivers\msmpu401.sys><N/A>
[Remote Access NDIS TAPI Driver / NdisTapi][Stopped/Manual Start]
  <system32\DRIVERS\ndistapi.sys><N/A>
[NDIS 用户模式 I/O 协议 / Ndisuio][Stopped/Manual Start]
  <system32\DRIVERS\ndisuio.sys><N/A>
[Remote Access NDIS WAN Driver / NdisWan][Stopped/Manual Start]
  <system32\DRIVERS\ndiswan.sys><N/A>
[NetBIOS Interface / NetBIOS][Stopped/System Start]
  <system32\DRIVERS\netbios.sys><N/A>
[NetBios over Tcpip / NetBT][Stopped/System Start]
  <system32\DRIVERS\netbt.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><N/A>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[oreans32 / oreans32][Stopped/System Start]
  <\??\C:\windows\system32\drivers\oreans32.sys><N/A>
[Intel PentiumIII Processor Driver / P3][Stopped/System Start]
  <system32\DRIVERS\p3.sys><N/A>
[Parallel port driver / Parport][Stopped/Manual Start]
  <system32\DRIVERS\parport.sys><N/A>
[PCI Bus Driver / PCI][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pci.sys><N/A>
[PCIIde / PCIIde][Running/Boot Start]
  <\SystemRoot\System32\Drivers\pciide.sys><N/A>
[WAN Miniport (PPTP) / PptpMiniport][Stopped/Manual Start]
  <system32\DRIVERS\raspptp.sys><N/A>
[QoS Packet Scheduler / PSched][Stopped/Manual Start]
  <system32\DRIVERS\psched.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <system32\DRIVERS\ptilink.sys><N/A>
[Remote Access Auto Connection Driver / RasAcd][Stopped/System Start]
  <system32\DRIVERS\rasacd.sys><N/A>
[WAN Miniport (L2TP) / Rasl2tp][Stopped/Manual Start]
  <system32\DRIVERS\rasl2tp.sys><N/A>
[远程访问 PPPOE 驱动程序 / RasPppoe][Stopped/Manual Start]
  <system32\DRIVERS\raspppoe.sys><N/A>
[Direct Parallel / Raspti][Stopped/Manual Start]
  <system32\DRIVERS\raspti.sys><N/A>
[Rdbss / Rdbss][Stopped/System Start]
  <system32\DRIVERS\rdbss.sys><N/A>
[RDPCDD / RDPCDD][Stopped/System Start]
  <System32\DRIVERS\RDPCDD.sys><N/A>
[Terminal Server Device Redirector Driver / rdpdr][Running/Manual Start]
  <system32\DRIVERS\rdpdr.sys><N/A>
[Digital CD Audio Playback Filter Driver / redbook][Running/System Start]
  <system32\DRIVERS\redbook.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><N/A>
[S3chipid / S3chipid][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\S3chipid.sys><N/A>
[s3legacy / s3legacy][Stopped/Manual Start]
  <system32\DRIVERS\s3legacy.sys><N/A>
[s3m / s3m][Stopped/Manual Start]
  <system32\DRIVERS\s3m.sys><N/A>
[Serenum Filter Driver / serenum][Stopped/Manual Start]
  <system32\DRIVERS\serenum.sys><N/A>
[Serial port driver / Serial][Stopped/System Start]
  <system32\DRIVERS\serial.sys><N/A>
[Serial Mouse Driver / sermouse][Stopped/Manual Start]
  <system32\drivers\sermouse.sys><N/A>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><N/A>
[Srv / Srv][Stopped/Manual Start]
  <system32\DRIVERS\srv.sys><N/A>
[Software Bus Driver / swenum][Running/Manual Start]
  <system32\DRIVERS\swenum.sys><N/A>
[Microsoft Kernel GS Wavetable Synthesizer / swmidi][Stopped/Manual Start]
  <system32\drivers\swmidi.sys><N/A>
[Microsoft Kernel System Audio Device / sysaudio][Stopped/Manual Start]
  <system32\drivers\sysaudio.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\tcpip.sys><N/A>
[Terminal Device Driver / TermDD][Running/System Start]
  <system32\DRIVERS\termdd.sys><N/A>
[Microsoft AGPv3.5 Filter / uagp35][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\uagp35.sys><N/A>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><N/A>
[USB Audio Driver (WDM) / usbaudio][Stopped/Manual Start]
  <system32\drivers\usbaudio.sys><N/A>
[Microsoft USB Generic Parent Driver / usbccgp][Stopped/Manual Start]
  <system32\DRIVERS\usbccgp.sys><N/A>
[Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Stopped/Manual Start]
  <system32\DRIVERS\usbehci.sys><N/A>
[USB2 Enabled Hub / usbhub][Running/Manual Start]
  <system32\DRIVERS\usbhub.sys><N/A>
[Microsoft USB Open Host Controller Miniport Driver / USBOHCI][Stopped/Manual Start]
  <system32\DRIVERS\usbohci.sys><N/A>
[Microsoft USB PRINTER Class / usbprint][Stopped/Manual Start]
  <system32\DRIVERS\usbprint.sys><N/A>
[USB 扫描仪驱动程序 / usbscan][Stopped/Manual Start]
  <system32\DRIVERS\usbscan.sys><N/A>
[USB 大容量存储设备 / USBSTOR][Stopped/Manual Start]
  <system32\DRIVERS\USBSTOR.SYS><N/A>
[Microsoft USB Universal Host Controller Miniport Driver / usbuhci][Running/Manual Start]
  <system32\drivers\usbuhci.sys><N/A>
[VgaSave / VgaSave][Running/System Start]
  <\SystemRoot\System32\drivers\vga.sys><N/A>
[Remote Access IP ARP Driver / Wanarp][Stopped/Manual Start]
  <system32\DRIVERS\wanarp.sys><N/A>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Stopped/Manual Start]
  <system32\drivers\wdmaud.sys><N/A>

==================================
gototop
 
luang
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-03-07
  • 来自:
发表于: 2007-04-19 16:45 | 显示全部 短消息 资料
字号: 3楼

浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[Thunder Browser Helper]
  {1B0E7715-898E-48CC-9690-4E338E8DE1D3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[ExtentIE Class]
  {66C2C482-D4EE-42A5-AEF7-0B124F278D47} <C:\windows\system32\6884.dll, TODO: <公司名>>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[]
  {B17D6D2C-30F8-4C63-9E01-4C2B199547AA} <C:\WINDOWS\system32\xjktcbfficsjz.dll, N/A>
[Bar888]
  {C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{32521~1\Bar888.dll, N/A>
[macfed Class]
  {CB7CA266-4479-4997-86AF-7554AA8A0AF4} <C:\DOCUME~1\ADMINI~1\WINDOWS\system32\atxx.dll, >
[okteba Class]
  {CE7C3CF0-4B15-11D1-ABED-709549C16969} <C:\WINDOWS\okteba\okteba.dll, Okte.cn, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Bar888]
  {C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{32521~1\Bar888.dll, N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[Thunder Browser Helper]
  {1B0E7715-898E-48CC-9690-4E338E8DE1D3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[ExtentIE Class]
  {66C2C482-D4EE-42A5-AEF7-0B124F278D47} <C:\windows\system32\6884.dll, TODO: <公司名>>
[实用搜索]
  {6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[]
  {B17D6D2C-30F8-4C63-9E01-4C2B199547AA} <C:\WINDOWS\system32\xjktcbfficsjz.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Bar888]
  {C1B4DEC2-2623-438E-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{32521~1\Bar888.dll, N/A>
[macfed Class]
  {CB7CA266-4479-4997-86AF-7554AA8A0AF4} <C:\DOCUME~1\ADMINI~1\WINDOWS\system32\atxx.dll, >
[okteba Class]
  {CE7C3CF0-4B15-11D1-ABED-709549C16969} <C:\WINDOWS\okteba\okteba.dll, Okte.cn, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 208][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 232][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\rncd32.dll]  [N/A, N/A]
[PID: 276][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 288][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 444][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\windows\system32\EXPLORER.EXE]  [Microsoft Corporation, 6.2900.2180]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, N/A]
[PID: 740][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, N/A]
[PID: 776][C:\windows\system32\wsctf.exe]  [Microsoft Corporation, 5.2600.2180]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, N/A]
[PID: 844][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, N/A]
[PID: 900][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.425\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.sys]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\Documents and Settings\Administrator\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT