瑞星卡卡安全论坛
湘m浪子 - 2007-4-8 14:55:00
我昨天晚上电脑没有关,今天早上重起了电脑后,电脑屏幕什么什么也没有,那位高手指点一下!!!!!!!!!谢谢
PCsafer - 2007-4-8 15:05:00
ctrl+shift+delete,弹出任务管理器后点击文件-新建任务-explorer.exe然后回车即可
湘m浪子 - 2007-4-8 15:25:00
任务管理器里有以下这些进程
Explorer.exe
iexplore.exe
taskmgr.exe
conime.exe
alg.exe
RfwMain.exe
RavMonD.exe
svchost.exe
wsttrs.exe
svchost.exe
svchost.exe
CCenter.exe
svchost.exe
svchost.exe
ctfmon.exe
iexplore.exe
Explorer.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
system.2dt
svchost.exe
smss.exe
RavStub.exe
spoolsv.exe
iexplore.exe
rfwsrv.exe
System
system Idle Process
但屏幕上什么也没有,下面开始那一条工具栏也没有,单击右键没用,
我重起用了'最后一次正确配制'起重电脑还是一样屏幕上什么也没有,那位高手指点一下,我该怎么办???我的电脑是中毒了吗????
超级游戏迷 - 2007-4-8 15:32:00
wsttrs.exe是病毒。看看置顶帖子。
湘m浪子 - 2007-4-8 15:39:00
【回复“超级游戏迷”的帖子】
多谢这位大哥哥,我结束wsttrs.exe这个进程后,就搞定了,什么都有了,但我还想请问下,我重起后这个病毒还有吗?我该怎么彻底把它杀死???
sumer09 - 2007-4-8 16:26:00
我也中了这个毒,汗。。。。已经重装系统了,楼主看的哪个帖子上有处理方法
sumer09 - 2007-4-8 16:32:00
我好像连任务管理器都打不开,怎么办啊?,现在不敢关机呀,
newcenturymoon - 2007-4-8 16:40:00
| 引用: |
【湘m浪子的贴子】【回复“超级游戏迷”的帖子】
多谢这位大哥哥,我结束wsttrs.exe这个进程后,就搞定了,什么都有了,但我还想请问下,我重起后这个病毒还有吗?我该怎么彻底把它杀死???
……………… |
结束进程后当然还要删除文件
newcenturymoon - 2007-4-8 16:41:00
| 引用: |
【sumer09的贴子】我好像连任务管理器都打不开,怎么办啊?,现在不敢关机呀,
……………… |
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
sumer09 - 2007-4-8 16:44:00
【回复“newcenturymoon”的帖子】
谢谢,马上去,这次我是空白之后已经重装了,居然还有毒,
sumer09 - 2007-4-8 17:07:00
CODE]
2007-04-08,16:51:00
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<FlashGet><"C:\Program Files\FlashGet\FlashGet.exe" /min> [(Verified)Trend Media Corporation Limited]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> []
<runeip><d:\Program Files\Rising\AntiSpyware\runiep.exe> []
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<load><C:\WINDOWS\uninstall\rundl132.exe> []
<winform><C:\WINDOWS\SMSS.EXE> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\RUNDLL32.exe> [N/A]
<msccrt><C:\WINDOWS\CSRSS.exe> []
<cmdbcss><C:\WINDOWS\8Sy.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<wusttrs><C:\WINDOWS\9Sy.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\system32\twunk32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
sumer09 - 2007-4-8 17:08:00
==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [N/A]><N>
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Basetdi / Basetdi][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
sumer09 - 2007-4-8 17:08:00
==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[番茄工具条3.1.5]
{6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[番茄工具条3.1.5]
{6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用超级旋风下载]
<d:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<d:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<d:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<d:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<d:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
sumer09 - 2007-4-8 17:11:00
==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1748][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1756][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3,0,0,1918]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,1918]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1764][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0.07]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1772][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1720][D:\yuanchenxu\cidian\meddic\MedDic.exe] [北京金叶天翔科技有限公司, 1, 4, 1, 1571]
[D:\yuanchenxu\cidian\meddic\TCHook32.dll] [(株)テクノクラフト, 5, 0, 4, 3]
[D:\yuanchenxu\cidian\meddic\TcRmApi.dll] [TechnoCraft Co.,Ltd., 5, 0, 6, 0]
[D:\yuanchenxu\cidian\meddic\TCCOMLIB.dll] [TechnoCraft Co.,Ltd., 5, 0, 3, 1]
[D:\yuanchenxu\cidian\meddic\TCTxtLib.dll] [(株)テクノクラフト, 5, 5, 0, 1]
[D:\yuanchenxu\cidian\meddic\RWTTS.dll] [N/A, ]
[D:\yuanchenxu\cidian\meddic\MedUtils.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[D:\yuanchenxu\cidian\meddic\AddWord.dll] [, 1, 0, 0, 1]
[D:\yuanchenxu\cidian\meddic\RWDicMan.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWDicApi.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWDICCOM.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWLanMan.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\rwlancom.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWTxtLib.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWVicLib.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWTFVIEW.dll] [TechnoCraft Co.,Ltd., 5, 5, 0, 0]
[D:\yuanchenxu\cidian\meddic\libpng.dll] [, 1.2.1]
[D:\yuanchenxu\cidian\meddic\zlib.dll] [, 1.1.3]
[D:\yuanchenxu\cidian\meddic\DicRes.dll] [KingYee Co.,Ltd., 1, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\RWOption.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\TCLSTLIB.dll] [TechnoCraft, 5, 0, 0, 1]
[D:\yuanchenxu\cidian\meddic\RWComLib.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\TcChkSn.dll] [TechnoCraft, 1.0]
[D:\yuanchenxu\cidian\meddic\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\yuanchenxu\cidian\meddic\HtmlVWEx.dll] [金叶天翔科技有限公司, 1, 0, 0, 39]
[D:\yuanchenxu\cidian\meddic\RWCOMCTL.DLL] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17B.tmp] [N/A, ]
[D:\yuanchenxu\cidian\meddic\rwld_enu.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[D:\yuanchenxu\cidian\meddic\rwld_chs.dll] [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[D:\yuanchenxu\cidian\meddic\mledit.dll] [TechnoCraft, 4, 0, 3, 2]
[D:\yuanchenxu\cidian\meddic\TcNls.dll] [TechnoCraft, 4.0]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
sumer09 - 2007-4-8 17:12:00
[PID: 1104][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 6]
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] [Tencent, 4, 1, 6, 61]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[PID: 3560][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[D:\yuanchenxu\cidian\meddic\RmNT.dll] [TechnoCraft Inc., 4.0]
[PID: 1536][d:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[d:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[PID: 3332][C:\Program Files\FlashGet\flashget.exe] [FlashGet.com, 1, 8, 1, 1002]
[C:\Program Files\FlashGet\FGBTCORE.dll] [, 1, 0, 0, 36]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\FlashGet\fgupdate.dll] [www.flashget.com, 1, 8, 1, 1002]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[PID: 3208][d:\Program Files\Tencent\QQDownload\QQDownload.exe] [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 36]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Tencent\QQDownload\QQDownload.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 35]
[d:\Program Files\Tencent\QQDownload\TNProxy.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[d:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[PID: 2128][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2004][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 3, 30]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\IETool.dll] [N/A, ]
[d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 6]
[C:\WINDOWS\system32\IEBHO.dll] [, 1, 0, 0, 1]
[C:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.5825.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3300][C:\WINDOWS\system32\systemt.exe] [N/A, ]
[C:\WINDOWS\system32\WPCAP.DLL] [CACE Technologies, 3, 1, 0, 27]
[C:\WINDOWS\system32\packet.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\WINDOWS\system32\WanPacket.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[D:\yuanchenxu\cidian\meddic\RmNT.dll] [TechnoCraft Inc., 4.0]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
sumer09 - 2007-4-8 17:12:00
[PID: 2720][C:\WINDOWS\9Sy.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wusttrs.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 2784][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 216][C:\Downloads\sreng2(1)\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[PID: 1900][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 15]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[d:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcss.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[E:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[F:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[G:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
newcenturymoon - 2007-4-8 17:19:00
安全模式下(开机后不断 按F8键 然后出来一个高级菜单 选择第一项 安全模式 进入系统)
打开sreng (就是你扫日志的软件)
启动项目 注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<load><C:\WINDOWS\uninstall\rundl132.exe> []
<winform><C:\WINDOWS\SMSS.EXE> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\RUNDLL32.exe> [N/A]
<msccrt><C:\WINDOWS\CSRSS.exe> []
<cmdbcss><C:\WINDOWS\8Sy.exe> []
<wusttrs><C:\WINDOWS\9Sy.exe> []
<twin><C:\WINDOWS\system32\twunk32.exe> []
把下面的 代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
双击1.reg把这个注册表项导入
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
然后
右键选择 “打开” 打开C盘
(不一定都有)
清空C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
删除C:\WINDOWS\system32\cmdbcss.dll
C:\WINDOWS\system32\winform.dll
C:\WINDOWS\system32\tsd32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\IETool.dll
C:\WINDOWS\system32\wusttrs.dll
C:\WINDOWS\uninstall\rundl132.exe
C:\WINDOWS\SMSS.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\8Sy.exe
C:\WINDOWS\9Sy.exe
C:\WINDOWS\system32\twunk32.exe
右键选择 “打开” 打开E盘 F盘 G盘 删除autorun.inf sxs.exe
如果装有QQ请把QQ 安装文件夹中的Timplatform.exe删除 把Timplatfrom.exe重命名为Timplatform.exe
下载威金专杀 全盘杀毒
注:Documents and Settings=DOCUME~1 Administrator=ADMINI~1 Local Settings=LOCALS~1
sumer09 - 2007-4-8 17:53:00
把下面的 代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
双击1.reg把这个注册表项导入
这一部分在哪里做,是不是Windows Registry Editor Version 5.00是个软件?到哪下?
前面的做完了,那些都删了
sumer09 - 2007-4-8 17:55:00
stren里面提示Uihost被修改为非正常值,怀疑有病毒,要怎么处理呢?
lqs27 - 2007-4-8 21:38:00
最近这个鸟木马太多了,搞得无数的电脑,开机出现桌面背景图,桌面的图标什么都没有了,任务进程里差不多都有这个“wsttrs.exe”
<load><C:\WINDOWS\uninstall\rundl132.exe> []
winform []
upxdnd.exe> []
<mppds><C:\WINDOWS\RUNDLL32.exe> [N/A]
CSRSS.exe> []
8Sy.exe> []
9Sy.exe> []
twunk32.exe> []建议大家,打开“任务管理器“结束你看到的如同上的进程名任务,差不多都能进入桌面,但是比电脑反应一般很慢,因为病毒把你的CPU/内存资源都占用了;接下来呢,你最好是把你的“桌面上的/我的文档”的资料全部放到如D:E:盘里去,保证你的数据安全,接着呢,到:http://www.360safe.com里下载个“360安全卫士”查杀恶意代码木马,可以说都能够杀掉,很好用的,用它查杀完后再重启电脑,点击里的“修复”把你的爱机里的漏洞全补上,这些鸟木马可以绕过现在各种正版杀毒软件,瑞星等也不例外,搞好后再把你的正版杀毒软件更新到最新,在之后呢,可能用有新的木马进程会在右下角冒出来,“360安全卫士”会提示“允许”还是“拒绝”,建义大家点拒绝,要不然木马又会在开机启动,控制你的电脑,不得安宁;360安全卫士,是个很好用的工具,向大家推荐,还有就是“瑞星卡卡助手”,也是很好用的上网助手,大家可以把两个小小助手,同时安装,因为它们各有自已的长处,不信们试了就知道了;本人长期从事电脑的维护工作,在近期也深受此等病毒的毒害,搞得我没皮气,每天要处理类似的电脑病毒有好多好多台,年前吗当然是熊猫啰,我操,现在呢就是这些木马,真累,这期间总结出个经验:“正版杀毒软件不是万能的”,还是要靠大家日常的维护,多借助现目前你能见到的小小工具,处理你能处理的问题,相信在不久时间里你也变成了行家,还有就是“木马”比“常规病毒”更吓人、更害人!!!---我的理解是:”木马“就好比一条高速公路,让具有各种各样功能的病毒在你的电脑上放肆,盗取你各种信息或是为广告商服务,获取点击率,获得利益!!!一点见解,高手些,我如果说得不对的地方请指教!!!!
天月来了 - 2007-4-8 21:54:00
在这里求助过的贴里,你这毒窝多的可以排前三名内了。
lqs27 - 2007-4-8 21:55:00
最近还有木马借助:“RealPlayer”执行“RealPlayer.exe"来访问网络,建议大家去装个“天网防火墙”看看里面的“拦载日志”;你的电脑只要接入的互联网,就会有无数的IP来扫描你的电脑,向你的电脑各种端口发送数据,想想要这这些数据全部发送到了你的电脑,那是什么样的情景,唉,“瑞星的防火墙”只能搞常规的,但是有的木马它就是针对这些有名的杀毒厂商设计木马,绕过这些防火墙,对它们来说一点儿用都没有。。。大家想想吧
天月来了 - 2007-4-8 22:06:00
这个不断变种的木马群,我建议还是得newcenturymoon的方法彻底处理所有东东。
不能只依赖“360安全卫士”这类软件的“拒绝”,那个拒绝只能应付临时的。
长久的还是建议彻底处理,或全格重装系统。
荒芜的旅途 - 2007-4-8 22:42:00
【回复“newcenturymoon”的帖子】
在任务管理器中结束wsttrs.exe进程确实可以解决问题,我的电脑的桌面又恢复了,但是我要怎样彻底删除那些文件呢?再请大虾们赐教!!
新手の菜鸟 - 2007-4-8 22:49:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\war\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\qq\QQ.exe [TENCENT]><N>
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Auto Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTGDT / NTGDT][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\NTGDT.SYS><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oshack20.sys / oshack20.sys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\oshack20.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SKNFW / SKNFW][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
荒芜的旅途 - 2007-4-8 22:58:00
我的电脑重启后还是老问题,该怎么办,给这可恶病毒给搞上火了。
天月来了 - 2007-4-8 23:01:00
唉!!!!!!!!!!!!!
你自己单独起个新贴,扫好SRENG日志发进去。
实际上处理这个的贴,这里都有十几个了。
sumer09 - 2007-4-8 23:11:00
我的已经搞定了,谢谢newcenturymoon的指点哈,唉,早点来这看看就不用重装了
1
© 2000 - 2026 Rising Corp. Ltd.