瑞星卡卡安全论坛
大猩 - 2005-11-30 15:43:00
自己先顶上去
大猩 - 2005-11-30 15:44:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ALi5289 ALiRAID Application c:\program files\uli5289\ali5289.exe
+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ BigDogPath BIGDOG BIGDOG c:\windows\vm_sti.exe
+ mscfs c:\windows\system32\msibm\cfsys.dll
+ RavMon RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravmon.exe
+ RavTimer RavTimer Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravtimer.exe
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe
+ SysExplr d:\program files\herosoft\hero 9\sysexplr.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStub Rising Rav Stub Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravstub.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Poller c:\windows\system32\ati2evxx.exe
+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe
+ DriveHealth Hard disk S.M.A.R.T. monitoring and failure predicting service. Helexis Software Development d:\program files\helexis\drive health\dhcore.exe
+ RfwService Rising Personal Firewall Service Beijing Rising Technology Corporation Limited d:\program files\rising\rfw\rfwsrv.exe
+ RsCCenter CCenter rising d:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMon Beijing Rising Technology Co., Ltd. d:\program files\rising\rav\ravmond.exe
+ SSM SSM 可实时追踪系统活动以阻止有害软件的恼人操作。 System Safety d:\program files\system safety monitor\ssmservice.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. d:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension d:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Class xunleibho BHO c:\windows\system32\xunleibho_v8.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 豪杰超级解霸9 Hero Super Player 9 Herosoft d:\program files\herosoft\hero 9\sthsdvd.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEvent c:\windows\system32\ati2evxx.dll
+ System Safety Monitor System Safety Winlogon Notification System Safety c:\windows\system32\ssmwinlogonex.dll
大猩 - 2005-11-30 15:49:00
HijackThis_815汉化版扫描日志 V1.99.1
保存于 15:46:47, 日期 2005-11-30
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\rfwsrv.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
d:\program files\rising\rfw\RfwMain.exe
d:\Program Files\Helexis\Drive Health\dhcore.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
d:\Program Files\System Safety Monitor\SSMService.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\System Safety Monitor\sysSafe.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Herosoft\Hero 9\SysExplr.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\PROGRA~1\pubinfo\Client\USERCL~1.EXE
D:\Program Files\Tencent\QQ\QQ.exe
d:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\QQ\qqpet\qqpet.exe
D:\Program Files\Thunder Network\Thunder\Thunder.exe
D:\DownLoads\系统安全软件\Autoruns_CN.exe
D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [SysExplr] d:\Program Files\Herosoft\Hero 9\SysExplr.EXE
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE YXT USB PC CAMERA
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.DLL,cfs
O4 - 启动项HKLM\\RunOnce: [RavStub] "D:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用超级解霸播放 - d:\Program Files\Herosoft\Hero 9\MPURLGET.HTM
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - 浏览器额外的“工具”菜单项: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: DriveHealth - Helexis Software Development - d:\Program Files\Helexis\Drive Health\dhcore.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: System Safety Monitor (SSM) - System Safety - d:\Program Files\System Safety Monitor\SSMService.exe
BlackStone - 2005-11-30 15:49:00
+ mscfs c:\windows\system32\msibm\cfsys.dll
修复
重启
删除c:\windows\system32\msibm\cfsys.dll
BlackStone - 2005-11-30 15:52:00
http://forum.ikaka.com/topic.asp?board=28&artid=7477329
大猩 - 2005-11-30 16:12:00
还是有啊,我把文件夹都删了啊
大猩 - 2005-11-30 16:13:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe
+ SysExplrd:\program files\herosoft\hero 9\sysexplr.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe
+ SSMSSM 可实时追踪系统活动以阻止有害软件的恼人操作。System Safetyd:\program files\system safety monitor\ssmservice.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll
+ UnlockerShellExtensiond:\program files\unlocker\unlockercom.dll
+ WinRAR shell extensiond:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 豪杰超级解霸9Hero Super Player 9Herosoftd:\program files\herosoft\hero 9\sthsdvd.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventc:\windows\system32\ati2evxx.dll
+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll
BlackStone - 2005-11-30 16:18:00
+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe
+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe
+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe
这几个都是什么
大猩 - 2005-11-30 16:24:00
+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe
这个不知道
另外两个一个是检查硬盘的,一个是显卡的驱动
大猩 - 2005-11-30 16:25:00
查过了+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe是摄像头驱动
BlackStone - 2005-11-30 16:26:00
你的系统有摄像头吗
c:\windows\vm_sti.exe是不是摄像头的
BlackStone - 2005-11-30 16:30:00
你的Autoruns是什么版本的
再发个最新的日志上来
大猩 - 2005-11-30 16:30:00
是啊
大猩 - 2005-11-30 16:31:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe
+ SysExplrd:\program files\herosoft\hero 9\sysexplr.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe
+ SSMSSM 可实时追踪系统活动以阻止有害软件的恼人操作。System Safetyd:\program files\system safety monitor\ssmservice.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll
+ UnlockerShellExtensiond:\program files\unlocker\unlockercom.dll
+ WinRAR shell extensiond:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 豪杰超级解霸9Hero Super Player 9Herosoftd:\program files\herosoft\hero 9\sthsdvd.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventc:\windows\system32\ati2evxx.dll
+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll
大猩 - 2005-11-30 16:32:00
v8.31汉化版
BlackStone - 2005-11-30 16:44:00
那个错误框在什么情况下出
大猩 - 2005-11-30 17:02:00
一开机就出来哦
BlackStone - 2005-11-30 17:14:00
奇怪了
应该是一个启动项使用了Rundll32,为何看不见呢
你去下载一个新的Autoruns再扫描一个日志上来看看
大猩 - 2005-11-30 17:18:00
最新版不是8.31吗?
BlackStone - 2005-11-30 17:20:00
8.40
http://www.sysinternals.com/Files/Autoruns.zip
大猩 - 2005-11-30 17:21:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe
+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe
+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ SysExplrd:\program files\herosoft\hero 9\sysexplr.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll
+ UnlockerShellExtensiond:\program files\unlocker\unlockercom.dll
+ WinRAR shell extensiond:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 豪杰超级解霸9Hero Super Player 9Herosoftd:\program files\herosoft\hero 9\sthsdvd.exe
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe
+ SSMSSM 可实时追踪系统活动以阻止有害软件的恼人操作。System Safetyd:\program files\system safety monitor\ssmservice.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ AliIdeALi mini IDE DriverAcer Laboratories Inc.c:\windows\system32\drivers\aliide.sys
+ ati2mtagATI Radeon Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys
+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys
+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys
+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys
+ HookContTDI HOOK DriverRising tech Co. ltdd:\program files\rising\rav\hookcont.sys
+ HookRegd:\program files\rising\rav\hookreg.sys
+ HookSys瑞星d:\program files\rising\rav\hooksys.sys
+ ip100xpIC Plus Corp. c:\windows\system32\drivers\ipfnd51.sys
+ m5289ULi SATA RAID Controller DriverULi Electronics Inc.c:\windows\system32\drivers\m5289.sys
+ mcnahook.sysNative API Filter driver for System Safety MonitorSystem Safetyd:\program files\system safety monitor\mcnahook.sys
+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\windows\system32\drivers\npf.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys
+ oreans32c:\windows\system32\drivers\oreans32.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvRisingd:\program files\rising\rfw\rsfwdrv.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ uliagpkxULi AGPv3.0 Filter for K8/9 Processor PlatformsULi Electronics Inc.c:\windows\system32\drivers\agpkx.sys
+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEventc:\windows\system32\ati2evxx.dll
+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll
大猩 - 2005-11-30 17:22:00
这个是8.4的
BlackStone - 2005-11-30 17:27:00
用procexp看看是那个程序启动的那个窗口
工具使用
http://forum.ikaka.com/topic.asp?board=28&artid=7318038&page=1第6楼
影子110 - 2005-11-30 17:30:00
有没有试过清空一下临时文件夹~~
关闭IE,
IE》属性》删除文件(包括脱机文件)》确定
然后再重新启动下看看怎样~~?
影子110 - 2005-11-30 17:43:00
| 引用: |
【大猩的贴子】高手来看看啊^
........................... |
并,这样试下看看
结束rundll32.exe的运行(用任务管理器来结束)
修复下面这项(在HijackThis日志中)
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.DLL,cfs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
查找并删除
C:\WINDOWS\system32\msibm\cfsys.DLL
大猩 - 2005-11-30 17:48:00
ProcessPIDCPUDescriptionCompany Name
System Idle Process028.79
Interruptsn/a3.03Hardware Interrupts
DPCsn/a4.55Deferred Procedure Calls
System4
smss.exe460Windows NT Session ManagerMicrosoft Corporation
csrss.exe516Client Server Runtime ProcessMicrosoft Corporation
winlogon.exe540Windows NT Logon ApplicationMicrosoft Corporation
services.exe5841.52Services and Controller appMicrosoft Corporation
ati2evxx.exe756
svchost.exe768Generic Host Process for Win32 ServicesMicrosoft Corporation
UserClient.exe2592UserClient Microsoft 基础类应用程序
TIMPlatform.exe3024TIMPlatformtencent
svchost.exe824Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe892Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe940Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe996Generic Host Process for Win32 ServicesMicrosoft Corporation
RavMonD.exe1136RavMonBeijing Rising Technology Co., Ltd.
RavStub.exe1400Rising Rav StubBeijing Rising Technology Co., Ltd.
rfwsrv.exe1380Rising Personal FireWall ServiceBeijing Rising Technology Corporation Limited
RfwMain.exe1628Rising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limited
spoolsv.exe1516Spooler SubSystem AppMicrosoft Corporation
dhcore.exe2032Drive Health (service module)Helexis Software Development
CCenter.exe180CCenterrising
SSMService.exe380System Safety Monitor ServiceSystem Safety
SysSafe.exe404Master ModuleSystem Safety
svchost.exe392Generic Host Process for Win32 ServicesMicrosoft Corporation
wdfmgr.exe412Windows User Mode Driver ManagerMicrosoft Corporation
alg.exe1584Application Layer Gateway ServiceMicrosoft Corporation
lsass.exe596LSA Shell (Export Version)Microsoft Corporation
ati2evxx.exe1216
explorer.exe1268Windows ExplorerMicrosoft Corporation
realsched.exe1880RealNetworks SchedulerRealNetworks, Inc.
SysExplr.exe1208
SOUNDMAN.EXE2016Realtek Sound ManagerRealtek Semiconductor Corp.
RavTimer.exe2092RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe2208RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.
VM_STI.EXE2260BIGDOGBIGDOG
atiptaxx.exe2268ATI Desktop Control PanelATI Technologies, Inc.
ALi5289.exe2276ALiRAID Application
ctfmon.exe2296CTF LoaderMicrosoft Corporation
TTraveler.exe24523.03Tencent Traveler腾讯公司
QQ.exe3268QQTENCENT
QQPet.exe3664QQ宠物腾讯公司
dhreport.exe880Drive Health (reporting tool)Helexis Software Development
IceSword.exe2712
TTPlayer.exe17601.52千千静听Alen Soft
BitComet.exe328446.97BitComet - a BitTorrent Clientwww.BitComet.com
Thunder.exe25561.52Thunder Networking Technologies,LTD
conime.exe3892Console IMEMicrosoft Corporation
procexp.exe27086.06Sysinternals Process ExplorerSysinternals
Process: winlogon.exe Pid: 540
天天网 - 2005-11-30 17:53:00
打开注册表以DTSERV*.dll搜索,判断是否有对应路径的键值,予以删除
大猩 - 2005-11-30 18:00:00
没有诶
大猩 - 2005-11-30 20:36:00
搞掉了,注册表里找到那项了,删了后重启就好了
多谢各位的帮忙啊
1
© 2000 - 2026 Rising Corp. Ltd.