帮忙看一下灰鸽子杀掉了吗 bbs.ikaka.com

紫云轩 - 2005-9-26 0:16:00

我很菜，电脑中了病毒，我试着把BACKDOOR GPIGEON.PR删了,但不懂得是否删了,请高手帮忙看一下,这是我现在正在运行的系统信息
alg.exe 不可用 1364 8 不可用不可用 2005-9-25 23:08 不可用不可用不可用
ccenter.exe c:\program files\rising\rav\ccenter.exe 1440 8 204800 1413120 2005-9-25 23:08 17, 0, 0, 1 96.00 KB (98,304 字节) 2005-9-24 14:33
csrss.exe 不可用 348 13 不可用不可用 2005-9-25 23:08 不可用不可用不可用
ctfmon.exe c:\windows\system32\ctfmon.exe 432 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 13.00 KB (13,312 字节) 2001-9-5 12:00
explorer.exe c:\windows\explorer.exe 1164 8 204800 1413120 2005-9-25 23:08 6.00.2600.0000 (xpclient.010817-1148) 977.50 KB (1,000,960 字节) 2001-9-5 12:00
helpctr.exe c:\windows\pchealth\helpctr\binaries\helpctr.exe 260 8 204800 1413120 2005-9-25 23:56 5.1.2600.0 (xpclient.010817-1148) 676.00 KB (692,224 字节) 2004-2-14 16:33
helpsvc.exe c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2140 8 204800 1413120 2005-9-25 23:56 5.1.2600.0 (xpclient.010817-1148) 678.00 KB (694,272 字节) 2004-2-14 16:33
iexplore.exe c:\program files\internet explorer\iexplore.exe 2240 8 204800 1413120 2005-9-25 23:23 6.00.2600.0000 (xpclient.010817-1148) 89.00 KB (91,136 字节) 2004-2-14 16:32
iexplore.exe c:\program files\internet explorer\iexplore.exe 2988 8 204800 1413120 2005-9-25 23:54 6.00.2600.0000 (xpclient.010817-1148) 89.00 KB (91,136 字节) 2004-2-14 16:32
lsass.exe c:\windows\system32\lsass.exe 428 9 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 11.50 KB (11,776 字节) 2001-9-5 12:00
msmsgs.exe c:\program files\messenger\msmsgs.exe 536 8 204800 1413120 2005-9-25 23:08 4.0.0155 1.03 MB (1,077,277 字节) 2004-2-14 16:31
nvsvc32.exe c:\windows\system32\nvsvc32.exe 1412 8 204800 1413120 2005-9-25 23:08 6.13.10.2942 60.00 KB (61,440 字节) 2002-5-3 10:06
rav.exe c:\program files\rising\rav\rav.exe 3384 8 204800 1413120 2005-9-25 23:23 17, 0, 0, 72 120.00 KB (122,880 字节) 2005-9-24 14:33
ravmon.exe c:\progra~1\rising\rav\ravmon.exe 280 8 204800 1413120 2005-9-25 23:08 17, 0, 1, 37 468.00 KB (479,232 字节) 2005-9-24 14:33
ravmond.exe c:\program files\rising\rav\ravmond.exe 960 8 204800 1413120 2005-9-25 23:08 17, 0, 1, 53 148.00 KB (151,552 字节) 2005-9-24 14:33
ravstub.exe c:\program files\rising\rav\ravstub.exe 1208 8 204800 1413120 2005-9-25 23:08 17, 0, 0, 27 320.00 KB (327,680 字节) 2005-9-24 14:33
ravtimer.exe c:\progra~1\rising\rav\ravtimer.exe 112 4 204800 1413120 2005-9-25 23:08 17, 0, 0, 39 124.00 KB (126,976 字节) 2005-9-24 14:33
realsched.exe c:\program files\common files\real\update_ob\realsched.exe 176 8 204800 1413120 2005-9-25 23:08 0.1.0.3292 176.04 KB (180,269 字节) 2005-9-21 11:35
rfwmain.exe c:\program files\rising\rfw\rfwmain.exe 288 8 262144 524288 2005-9-25 23:08 3, 1, 0, 19 164.00 KB (167,936 字节) 2005-9-24 14:51
rfwsrv.exe c:\program files\rising\rfw\rfwsrv.exe 976 8 524288 1048576 2005-9-25 23:08 3, 1, 0, 36 60.00 KB (61,440 字节) 2005-9-24 14:51
rundll32.exe 不可用 1872 8 不可用不可用 2005-9-25 23:08 不可用不可用不可用
rundll32.exe c:\windows\system32\rundll32.exe 352 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 31.00 KB (31,744 字节) 2001-9-5 12:00
services.exe c:\windows\system32\services.exe 416 9 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 99.00 KB (101,376 字节) 2001-9-5 12:00
smss.exe c:\windows\system32\smss.exe 300 11 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 44.50 KB (45,568 字节) 2001-9-5 12:00
soundman.exe c:\windows\soundman.exe 156 8 204800 1413120 2005-9-25 23:08 5.1.0.21 63.50 KB (65,024 字节) 2004-2-14 16:42
spdstrm.exe c:\program files\efficient networks\speedstream dsl\spdstrm.exe 164 8 204800 1413120 2005-9-25 23:08 3.4.0.86 836.00 KB (856,064 字节) 2005-9-21 10:04
spoolsv.exe c:\windows\system32\spoolsv.exe 1276 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (XPClient.010817-1148) 50.00 KB (51,200 字节) 2001-9-5 12:00
svchost.exe c:\windows\system32\svchost.exe 584 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 12.50 KB (12,800 字节) 2001-9-5 12:00
svchost.exe c:\windows\system32\svchost.exe 608 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 12.50 KB (12,800 字节) 2001-9-5 12:00
svchost.exe 不可用 712 8 不可用不可用 2005-9-25 23:08 不可用不可用不可用
svchost.exe 不可用 948 8 不可用不可用 2005-9-25 23:08 不可用不可用不可用
svchost.exe c:\windows\system32\svchost.exe 1480 8 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 12.50 KB (12,800 字节) 2001-9-5 12:00
sysexplr.exe c:\herosoft\hero3000\sysexplr.exe 152 8 204800 1413120 2005-9-25 23:08 不可用 63.00 KB (64,512 字节) 2004-2-14 16:57
system 不可用 4 8 0 1413120 不可用不可用不可用不可用
system idle process 不可用 0 0 不可用不可用不可用不可用不可用不可用
vm_sti.exe c:\windows\vm_sti.exe 196 8 204800 1413120 2005-9-25 23:08 4, 2, 610, 4 40.00 KB (40,960 字节) 2005-9-21 11:55
winlogon.exe c:\windows\system32\winlogon.exe 372 13 204800 1413120 2005-9-25 23:08 5.1.2600.0 (xpclient.010817-1148) 420.00 KB (430,080 字节) 2001-9-5 12:00
wmiprvse.exe 不可用 756 8 不可用不可用 2005-9-25 23:56 不可用不可用不可用
yassistse.exe c:\progra~1\yahoo!\assistant\yassistse.exe 216 8 204800 1413120 2005-9-25 23:08 1, 0, 1, 1001 64.00 KB (65,536 字节) 2005-9-21 23:03
ylive.exe c:\progra~1\yahoo!\assist~1\ylive.exe 204 8 204800 1413120 2005-9-25 23:08 2, 0, 0, 1001 20.00 KB (20,480 字节) 2005-9-21 23:03

什么情况 - 2005-9-26 0:21:00

请用hijackthis1.99.1扫个日志贴上来

李澎 - 2005-9-26 0:33:00

是呀，像你发的没法判断呀

Mrdsr - 2005-9-26 1:11:00

我中了灰鸽这是扫描结果:
Logfile of HijackThis v1.99.1
Scan saved at 骇客帝国骇客帝国 00:58, on 2005-9-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\RISING\RAV\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
G:\WinRAR\WinRAR.exe
C:\DOCUME~1\Mr.dsr\LOCALS~1\Temp\hijackthis1991.zip 的临时目录 5\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FlashGet\jccatch.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\金山快~1\IEBand.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll
O3 - Toolbar: 全能助手广告拦截专家 - {ED51E9A3-16C5-4236-99E0-9F093B021433} - E:\全能助手Windows优化王\AssistIEBar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\讯雷4\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\讯雷4\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - E:\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 使用影音传送带下载 - E:\影音传送带\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - E:\影音传送带\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到广告杀手 - E:\全能助手Windows优化王\AdKiller.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - F:\浩方对战平台\GameClient.exe
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\qq\QQIEHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D5BB3B5-55A2-4B1A-A19D-1B2129968014}: NameServer = 61.187.191.3
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
请帮我看看那个是病毒.

紫云轩 - 2005-9-26 13:09:00

【回复“紫云轩”的帖子】能具体点吗？我不大懂，hijackthis1.99.1是什么呢？要怎么弄？

独孤豪侠 - 2005-9-26 13:17:00

【回复“Mrdsr”的帖子】O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\Server.exe鸽子

独孤豪侠 - 2005-9-26 13:18:00

引用:

【紫云轩的贴子】【回复“紫云轩”的帖子】能具体点吗？我不大懂，hijackthis1.99.1是什么呢？要怎么弄？
...........................

像你楼上的那样

kkruye - 2005-9-26 13:24:00

到这儿看http://forum.ikaka.com/topic.asp?board=67&artid=5188931

C++果冻 - 2005-9-26 13:28:00

O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\Server.exe

这太明显了吧，直接就叫灰鸽子服务，病毒不会掩饰一下么

独孤豪侠 - 2005-9-26 13:32:00

【回复“C++果冻”的帖子】每台电脑都不一样的，他的文件名现在已经有N多个了。

tongyan - 2005-9-26 13:44:00

我也很菜，连病毒都找不到，所以将内容复制下来，帮助看看那个是病毒！！！！
Logfile of HijackThis v1.99.1
Scan saved at 13:07:19, on 2005-9-26
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\acs.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\KV2004\KVSrvXP.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\KV2004\KVMonXP.kxp
C:\WINNT\loadqm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\MSNShell\BIN\MSNShell.exe
E:\Skype\Phone\Skype.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ty\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KV2004\KvShell.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KV2004\KvShell.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [KvMonXP] C:\KV2004\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSNShell] E:\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [Skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://club.jiangmin.com/kvscan/KvOnline.asp (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\YAHOO!\MESSEN~1\YPAGER.EXE
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\kvwspxp.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F057A4E-42FE-4B09-A771-09B61286050F}: NameServer = 192.168.0.1
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: TP-LINK配置服务程序 (ACS) - Unknown owner - C:\WINNT\System32\acs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: KVSrvXP - JiangMin Ltd. - C:\KV2004\KVSrvXP.exe
O23 - Service: Logical Disk Manager Administr - Unknown owner - C:\WINNT\system32.exe

瑞星卡卡安全论坛