帮帮小女子吧，已经被病毒折磨N天了（有日志） bbs.ikaka.com

newcenturymoon - 2007-6-10 22:57:00

<svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe> [N/A]
<jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe> [N/A]
<wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe> [N/A]
<rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe> [N/A]
<runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<Local Security Authority Service><D:\WINNT\System32\lssas.exe> [N/A]
<Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe> [N/A]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe> [N/A]
<jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe> [N/A]
<qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe> [N/A]
<MSDEG32><LYLoader.exe> [N/A]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><> [N/A]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [N/A]

Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[D:\WINNT\System32\skyubr.dll] [N/A, ]

天月来了 - 2007-6-10 22:58:00

和原来差不多。

newcenturymoon - 2007-6-10 23:01:00

D:\WINNT\System32\servex.exe这个东西找找发给我

大大的紫葡萄 - 2007-6-10 23:02:00

为什么有的病毒重启电脑之后还有啊？刚刚瑞星又查出来52个病毒。现在还有盗QQ的病毒吗？

newcenturymoon - 2007-6-10 23:03:00

有

newcenturymoon - 2007-6-10 23:03:00

安全模式把我给你的那个列表里的所有对应文件删除就可以了

大大的紫葡萄 - 2007-6-10 23:08:00

你让我找的那个文件没有了

大大的紫葡萄 - 2007-6-10 23:10:00

003D7D8C push 003D7E50 /start
003D7D91 push 003D7E60 qquin:
003D7D99 push 003D7E70 pwdhash:
003D7DAC push 003D7E84 qqpwd:
003D7DBE mov ecx, 003D7E94 /stat:10
003D7DC3 mov edx, 003D7EA8 /stat:40
003D7EE2 mov edx, 003D7F20 登录
003D7F5B mov edx, 003D800C edit
003D7F95 mov edx, 003D8018 qqet
003D8055 mov edx, 003D80AC edit
003D810C mov edx, 003D8170 edit
003D8218 mov edx, 003D82EC edit
003D8261 mov edx, 003D82FC 服务器拒绝

是删这些吗？

newcenturymoon - 2007-6-10 23:14:00

安全模式下(开机后不断按F8键然后出来一个高级菜单选择第一项安全模式进入系统)

打开sreng （就是你扫日志的软件）
启动项目注册表删除如下项目 (如果有哪项你认识或者确认不是病毒请不要删除)
<svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe> [N/A]
<jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe> [N/A]
<wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe> [N/A]
<rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe> [N/A]
<runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<Local Security Authority Service><D:\WINNT\System32\lssas.exe> [N/A]
<Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe> [N/A]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe> [N/A]
<jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe> [N/A]
<qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe> [N/A]
<MSDEG32><LYLoader.exe> [N/A]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><> [N/A]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [N/A]

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\msdebug.dll,input><Microsoft Corporation>
Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>

双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除<svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe> [N/A]
<jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe> [N/A]
<wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe> [N/A]
<rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe> [N/A]
<runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<Local Security Authority Service><D:\WINNT\System32\lssas.exe> [N/A]
<Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe> [N/A]
<fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe> [N/A]
<jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe> [N/A]
<qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe> [N/A]

<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [N/A]

<D:\WINNT\System32\RemoteDbg.dll
<D:\WINNT\System32\windhcp.ocx
<D:\WINNT\System32\servex.exe><N/A>

D:\WINNT\System32\mspmsnsv.dll

<D:\WINNT\System32\netsrvcs.dll
[D:\WINNT\System32\skyubr.dll] [N/A, ]

大大的紫葡萄 - 2007-6-10 23:17:00

谢谢了，我明天删试试，先下了

★蓝色尘埃★ - 2007-6-10 23:36:00

大大的紫葡萄 - 2007-6-11 20:33:00

杀完毒后的最新日志，请帮我看一下还有没有病毒？还得怎么杀？
[CODE]

2007-06-11,20:16:00

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize> [N/A]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32> [N/A]
<YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [(Verified)"beijing yahoo consulting and service co., ltd."]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<msccrt><D:\WINNT\msccrt.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><D:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
<D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
<D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
<D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kcniunpe / kcniunpe][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\kcniunpe.sys><Yahoo! China Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
<System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\H:\NTGLM7X.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
<\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================

大大的紫葡萄 - 2007-6-11 20:34:00

浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
<D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
<res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.1408]
[D:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2147.1]
[D:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 956][D:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.2920.0000]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt] [N/A, ]
[D:\WINNT\System32\wdmaud.drv] [Microsoft Corporation, 5.00.2147.1]
[D:\WINNT\System32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[D:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 7, 0, 1126]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 2, 1011]
[D:\WINNT\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\WINNT\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 0, 8, 1010]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 6, 1008]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] [Yahoo! China, 3, 1, 8, 1023]
[PID: 984][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[D:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1048][D:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.10]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1136][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 3, 2, 2, 1028]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 7, 0, 1126]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 2, 1011]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1124][D:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1160][D:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1212][D:\WINNT\System32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]
[PID: 1544][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\WINNT\System32\fagsaa.dll] [N/A, ]

==================================
文件关联
.TXT Error. [D:\WINNT\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

还有没有盗QQ的木马了？

火影忍者 - 2007-6-11 20:52:00

打开SREng-在"启动项目->注册表->删除以下启动项目
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<msccrt><D:\WINNT\msccrt.exe> []

打开SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

打开SREng-在"启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[ohocrbl / ohocrbl][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>

用xdelbox(http://www.i170.com/attach/92EB2ED9-6D11-441D-8A28-2A9B08F0452E 下载)删除以下文件:
使用说明：删除时复制所有要删除文件的路径，选中抑制再生，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。
D:\WINNT\System32\fagsaa.dll
D:\WINNT\System32\msdebug.dll
D:\WINNT\System32\RemoteDbg.dll
D:\WINNT\System32\netsrvcs.dll
D:\WINNT\System32\drivers\ohocrbl.sys
D:\WINNT\msccrt.exe
D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt
D:\WINNT\System32\servex.exe
(找不到的忽略)

下载arswp(Windows清理助手)清理下
http://www.arswp.com/download/arswp/arswp.rar

天月来了 - 2007-6-11 20:58:00

呵呵！！！！

我也捣鼓捣鼓！！！！！！！！！！

安全模式下，用扫日志的SRENG工具删除下面注册表项。
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<msccrt><D:\WINNT\msccrt.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
————————————————————————————————————————
用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”，
服务
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>

[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>

[Wireless Service / WZCSRVC][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

驱动程序
[ohocrbl / ohocrbl][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
————————————————————————————————————
重启电脑，还进安全模式，用WinRAR打开相应文件夹，删除下面文件（或者用冰刃删除文件）。
D:\WINNT\msccrt.exe
D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt
D:\WINNT\System32\msdebug.dll
D:\WINNT\System32\RemoteDbg.dll
D:\WINNT\System32\windhcp.ocx
D:\WINNT\System32\servex.exe
D:\WINNT\System32\netsrvcs.dll
D:\WINNT\System32\msdebug.dll
D:\WINNT\System32\RemoteDbg.dll
D:\WINNT\System32\fagsaa.dll
——————————————————————————————————————
用扫日志的SRENG工具修复
文件关联
.TXT Error. [D:\WINNT\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
——————————————————————————————————
彻底卸载QQ所有软件，手工删除QQ安装目录下的所有文件。一定得做。
——————————————————————————————————
重启电脑，不行，就再扫日志。

没异常，就安装并升级杀软至最新版本，全盘杀毒。

然后重装QQ软件。

大大的紫葡萄 - 2007-6-12 19:50:00

忙乎了两天后的最新日志，请帮看看还有没有盗QQ的木马和病毒

[CODE]

2007-06-12,19:28:31

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<QQDownload><"D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize> [N/A]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32> [N/A]
<YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [(Verified)"beijing yahoo consulting and service co., ltd."]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><D:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
<D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
<D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
<D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kcniunpe / kcniunpe][Running/System Start]
<2 - 系统找不到指定的文件。
><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
<System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\H:\NTGLM7X.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
<\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[hjeykoax / hjeykoax][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hjeykoax.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
<D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
<res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

大大的紫葡萄 - 2007-6-12 19:50:00

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2170.1]
[PID: 164][\??\D:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2137.1]
[PID: 160][\??\D:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.1408]
[D:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2147.1]
[D:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 948][D:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.2920.0000]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\WINNT\System32\wdmaud.drv] [Microsoft Corporation, 5.00.2147.1]
[D:\WINNT\System32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 7, 0, 1126]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 2, 1011]
[D:\WINNT\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\WINNT\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 0, 8, 1010]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 6, 1008]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] [Yahoo! China, 3, 1, 8, 1023]
[PID: 976][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[D:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 960][D:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.10]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1056][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 3, 2, 2, 1028]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 7, 0, 1126]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 2, 1011]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll] [yahoo! china, 3, 0, 2, 1002]
[PID: 1080][D:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1092][D:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1048][D:\WINNT\System32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1460][D:\Program Files\Globallink\Game\share\GLDCLIENT.EXE] [北京联众电脑有限责任公司, 1, 0, 0, 8]
[D:\WINNT\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Globallink\Game\share\live.dll] [N/A, ]
[D:\Program Files\Globallink\Game\share\livesvr.dll] [N/A, ]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1292][D:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,225,1651]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 440][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\WINNT\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\WizardCtrl.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\HostingMgr.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[D:\WINNT\System32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 7,0,225,1651]
[D:\WINNT\System32\wdmaud.drv] [Microsoft Corporation, 5.00.2147.1]
[D:\WINNT\System32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\WINNT\System32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[D:\WINNT\System32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[D:\Program Files\Tencent\QQ\QQFileTransfer.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 300]
[D:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 7,0,225,1651]
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[PID: 1844][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[D:\WINNT\System32\msdebug.dll] [N/A, ]
[D:\WINNT\System32\RemoteDbg.dll] [N/A, ]
[D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT Error. [D:\WINNT\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛