瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Backdoor.Gpigeon.xav 杀不尽 重起就有 很是郁闷啊 请老师看看日志

12   1  /  2  页   跳转

Backdoor.Gpigeon.xav 杀不尽 重起就有 很是郁闷啊 请老师看看日志

收藏
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-21 22:18 | 只看楼主 短消息 资料
字号: 1楼

Backdoor.Gpigeon.xav 杀不尽 重起就有 很是郁闷啊 请老师看看日志

郁闷了我很久了 请问如何彻底根除

HijackThis_815汉化版扫描日志 V1.99.1
保存于      21:59:44, 日期 2006-6-21
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KooWo\MP3Partner\kwservice.exe
C:\Program Files\KooWo\MP3Partner\kwrecagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tt\LOCALS~1\Temp\Rar$EX00.312\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ06\qq\QQIEHelper.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\MagicSet\haokanbar.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "D:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [SoundMAXPnP] ; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - 启动项HKLM\\Run: [SoundMAX] ; "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - 启动项HKLM\\Run: [RaidTool] ; C:\Program Files\VIA\RAID\raid_tool.exe
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\讯雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\讯雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\QQ06\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ06\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ06\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\QQ06\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度--图片搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度--新闻搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度--歌词搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度--词典搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - IE右键菜单中的新增项目: 百度--贴吧搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ06\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ06\qq\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ06\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ06\qq\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O23 - NT 服务: MicroSoft Firhost (Firhost) - Unknown owner - C:\WINDOWS\system32\firhost.exe
O23 - NT 服务: KooWoService - Unknown owner - C:\Program Files\KooWo\MP3Partner\kwservice.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: The system maintenance (Pit inside the system) - Unknown owner - C:\WINDOWS\system32\icwipc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: Lication Management (基于COM+ 组件的配置和跟踪。) - Unknown owner - C:\WINDOWS\svchost.cmd
最后编辑2006-06-23 00:48:48
分享到:
gototop
 
lizijie
头像
飘泊而立狮
  • 帖子:592
  • 注册: 2005-09-29
  • 来自:
发表于: 2006-06-21 22:19 | 短消息 资料
字号: 2楼

我也是啊!
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-21 22:20 | 只看楼主 短消息 资料
字号: 3楼

斑竹救命啊
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-06-22 00:39 | 短消息 资料
字号: 4楼

修复
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-22 23:07 | 只看楼主 短消息 资料
字号: 5楼

【回复“mopery”的帖子】
2006-06-21,22:24:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
(MsnMsgr)(; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background) []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
(run)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(StormCodec_Helper)(; "D:\Program Files\Storm Codec\StormSet.exe" /S /opti) []
(SoundMAXPnP)(; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe) [Analog Devices, Inc.]
(SoundMAX)(; "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray) [Analog Devices, Inc.]
(RaidTool)(; C:\Program Files\VIA\RAID\raid_tool.exe) [VIA Technologies]
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [Microsoft Corporation]
(nwiz)(; nwiz.exe /install) []
(NvMediaCenter)(; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit) [NVIDIA Corporation]
(NvCplDaemon)(; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) [NVIDIA Corporation]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(userinit.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(d:\Program Files\XP变脸王\Logons\Donald Duck Login\Donald duck.exe) [JJ Studio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\system32\樱桃小~1.SCR) []




--------------------------------------------------------------------------------
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-22 23:07 | 只看楼主 短消息 资料
字号: 6楼

启动文件夹

服务

[MicroSoft Firhost / Firhost]
(C:\WINDOWS\system32\firhost.exe)(N/A)
[KooWoService / KooWoService]
(C:\Program Files\KooWo\MP3Partner\kwservice.exe)(N/A)
[NVIDIA Display Driver Service / NVSvc]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[The system maintenance / Pit inside the system]
(C:\WINDOWS\system32\icwipc.exe)(N/A)
[Rising Process Communication Center / RsCCenter]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[RsRavMon Service / RsRavMon]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
(C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe)(Analog Devices, Inc.)



--------------------------------------------------------------------------------



浏览器加载项

[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (D:\QQ06\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} (D:\Program Files\MagicSet\haokanbar.dll, Xiang Feng Technology)
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (D:\QQ06\qq\QQ.EXE, TENCENT)
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} (D:\QQ06\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} (D:\Program Files\MagicSet\haokanbar.dll, Xiang Feng Technology)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} (D:\Program Files\MagicSet\haokanbar.dll, Xiang Feng Technology)
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (D:\QQ06\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[List Control]
{70CACCCA-8B83-4BCB-B2D1-188E9A495527} (C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~2.OCX, )
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} (%SystemRoot%\system32\SHELL32.dll, N/A)
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} (D:\Program Files\MagicSet\haokanbar.dll, Xiang Feng Technology)
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} (C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[&使用迅雷下载]
(D:\Program Files\讯雷\Program\GetUrl.htm, N/A)
[&使用迅雷下载全部链接]
(D:\Program Files\讯雷\Program\GetAllUrl.htm, N/A)
[上传到QQ网络硬盘]
(D:\QQ06\qq\AddToNetDisk.htm, N/A)
[添加到QQ自定义面板]
(D:\QQ06\qq\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\QQ06\qq\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\QQ06\qq\SendMMS.htm, N/A)
[百度--MP3搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A)
[百度--图片搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A)
[百度--新闻搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A)
[百度--歌词搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A)
[百度--网页搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A)
[百度--词典搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A)
[百度--贴吧搜索]
(RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A)



--------------------------------------------------------------------------------
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-22 23:08 | 只看楼主 短消息 资料
字号: 7楼

正在运行的进程

[PID: 652][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 716][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 740][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 784][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 796][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 972][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1048][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1168][C:\Program Files\Rising\Rav\CCenter.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[PID: 1184][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1228][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1292][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1304][C:\Program Files\Rising\Rav\Ravmond.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 26)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsLog.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\HOOKSYS.dll] (Rising)(18, 1, 0, 9)
[C:\Program Files\Rising\Rav\Scanner.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 30)
[C:\Program Files\Rising\Rav\libload.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\VirusLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\regmon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\HookWeb.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\MemMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\Program Files\Rising\Rav\expscan.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\mPorts.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 3)
[C:\Program Files\Rising\Rav\MailMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\Program Files\Rising\Rav\SpamEng.dll] (N/A)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\engine.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 30)
[C:\Program Files\Rising\Rav\PostTrt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\Program Files\Rising\Rav\UnExe.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanExec.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanEx.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\NvFile.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 7)
[C:\Program Files\Rising\Rav\ScanMac.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 8)
[C:\Program Files\Rising\Rav\ScanSct.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 15)
[C:\Program Files\Rising\Rav\Unpacker.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[C:\Program Files\Rising\Rav\RsStore.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[PID: 1704][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[C:\PROGRA~1\baidu\bar\baidubar.dll] (Baidu.com, Inc.)(2, 0, 2, 78)
[C:\WINDOWS\system32\mp3infp.dll] (win32lab.com)(2.44.3.0)
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] (Adobe Systems, Inc.)(7.0.0.0)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[D:\Program Files\real\rpshell.dll] (RealNetworks, Inc.)(1.0.1.2237)
[C:\WINDOWS\system32\PNCRT.dll] (Real Networks, Inc)(6.0.0.0)
[D:\Program Files\real\lang\rpext_cn.dll] (RealNetworks, Inc.)(6.0.12.298)
[C:\WINDOWS\system32\nvcpl.dll] (NVIDIA Corporation)(6.14.10.7801)
[d:\Program Files\XP变脸王\data\cmext.dll] (Revenger inc.)(1.2.1.2)
[PID: 1756][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2696 (xpsp_sp2_gdr.050610-1519))
[PID: 1928][C:\Program Files\Rising\Rav\RavStub.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 13)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[PID: 188][C:\Program Files\Rising\Rav\RavTask.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 22)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[PID: 204][C:\Program Files\Rising\Rav\Ravmon.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 20)
[C:\Program Files\Rising\Rav\RsGuiLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 24)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\PngDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[PID: 264][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] (RealNetworks, Inc.)(0.1.0.3510)
[PID: 280][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 376][C:\Program Files\KooWo\MP3Partner\kwservice.exe] (N/A)(N/A)
[PID: 496][C:\Program Files\KooWo\MP3Partner\kwrecagent.exe] (www.koowo.com)(1.0.0.1)
[PID: 500][C:\WINDOWS\system32\nvsvc32.exe] (NVIDIA Corporation)(6.14.10.7801)
[PID: 928][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] (Analog Devices, Inc.)(3, 2, 6, 0)
[PID: 1536][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 3072][C:\Program Files\ChinaNet\VnetClient.exe] ()(2005, 11, 14, 1)
[C:\Program Files\ChinaNet\Communicate.dll] (0)(2005, 3, 3, 1)
[C:\Program Files\ChinaNet\DialModule.dll] (GDCN)(2005, 11, 15, 1)
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] ()(2004, 2, 28, 1)
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] ()(2005, 7, 27, 1)
[C:\PROGRA~1\ChinaNet\sign.dll] (0)(2004, 12, 1, 1)
[C:\PROGRA~1\ChinaNet\PostPlug.dll] ()(2004, 12, 16, 2)
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] ()(2005, 10, 13, 1)
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] ()(2004, 11, 18, 1)
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] ()(2005, 11, 14, 1)
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] ()(2005, 11, 14, 17)
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] (GDDC)(2005, 11, 14, 1)
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] ()(1, 0, 0, 1)
[C:\PROGRA~1\ChinaNet\Timer.ocx] ()(2005, 10, 9, 14)
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] ()(2005, 2, 24, 1)
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] ()(2005, 8, 26, 1)
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] ()(1, 0, 0, 1)
[C:\PROGRA~1\ChinaNet\PlugPush.dll] ()(2004, 12, 21, 1)
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] ()(2004, 11, 23, 1)
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] ()(2005, 10, 9, 1)
[C:\PROGRA~1\ChinaNet\StatNum.dll] ()(2004, 11, 18, 1)
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] ()(2005, 3, 2, 1)
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] (GDCN)(2005, 10, 9, 1)
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] ()(2005, 9, 13, 9)
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] ()(2005, 11, 14, 1)
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[PID: 1804][C:\Program Files\Internet Explorer\iexplore.exe] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[D:\Program Files\MagicSet\haokanbar.dll] (Xiang Feng Technology)(2, 0, 0, 6)
[D:\QQ06\qq\QQIEHelper.dll] (深圳市腾讯计算机系统有限公司)(1, 1, 0, 5)
[C:\PROGRA~1\baidu\bar\baidubar.dll] (Baidu.com, Inc.)(2, 0, 2, 78)
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[PID: 3344][E:\BitSpirit\BT种子\BitSpirit\BitSpirit.exe] (LANSPIRIT.NET)(3.2.0.80)
[E:\BitSpirit\BT种子\BitSpirit\plugin\peerid.dll] (N/A)(N/A)
[E:\BitSpirit\BT种子\BitSpirit\plugin\tracker.dll] (N/A)(N/A)
[PID: 2724][C:\DOCUME~1\tt\LOCALS~1\Temp\Rar$EX00.516\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)



--------------------------------------------------------------------------------
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-22 23:08 | 只看楼主 短消息 资料
字号: 8楼

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------


Winsock 提供者



--------------------------------------------------------------------------------
gototop
 
ncbaby
头像
初生襁褓狮
  • 帖子:14
  • 注册: 2006-06-21
  • 来自:
发表于: 2006-06-22 23:08 | 只看楼主 短消息 资料
字号: 9楼

请再帮看看
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-06-22 23:52 | 短消息 资料
字号: 10楼

[MicroSoft Firhost / Firhost]
(C:\WINDOWS\system32\firhost.exe)(N/A)
[The system maintenance / Pit inside the system]
(C:\WINDOWS\system32\icwipc.exe)(N/A)
安全模式...打开注册表编辑器,展开:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索Firhost和Pit inside the system 删除..

删除
C:\WINDOWS\system32\firhost.exe
C:\WINDOWS\system32\icwipc.exe
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT