瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 SOS,瑞星解决不了病毒,我的机器近乎崩溃了.

123   2  /  3  页   跳转

SOS,瑞星解决不了病毒,我的机器近乎崩溃了.

收藏
奥兰蓝蓝的天
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-01-06 10:12 | 只看楼主 短消息 资料
字号: 11楼

==================================
正在运行的进程
[PID: 472][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\3197D608.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\system32\CD34CD8A.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 604][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 912][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\mkoue.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 952][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
gototop
 
奥兰蓝蓝的天
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-01-06 10:13 | 只看楼主 短消息 资料
字号: 12楼

[C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1160][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1428][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1844][C:\WINDOWS\system32\svchosts.exe]  [N/A, N/A]
[PID: 1900][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1920][C:\WINDOWS\system32\crypserv.exe]  [Kenonic Controls Ltd., 5.4.0]
[PID: 1956][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\WBEM\DMKQU.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2020][C:\WINDOWS\system32\Rpcs11.exe]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 2040][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\COMMON~1\dqru\kxvb.dll]  [, 1, 2, 0, 8]
[PID: 2264][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2708][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\program files\internet explorer\use9.dll]  [N/A, N/A]
[PID: 2716][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 2840][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
gototop
 
奥兰蓝蓝的天
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-01-06 10:13 | 只看楼主 短消息 资料
字号: 13楼

[C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1160][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1428][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1844][C:\WINDOWS\system32\svchosts.exe]  [N/A, N/A]
[PID: 1900][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1920][C:\WINDOWS\system32\crypserv.exe]  [Kenonic Controls Ltd., 5.4.0]
[PID: 1956][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\WBEM\DMKQU.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2020][C:\WINDOWS\system32\Rpcs11.exe]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 2040][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\COMMON~1\dqru\kxvb.dll]  [, 1, 2, 0, 8]
[PID: 2264][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2708][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\program files\internet explorer\use9.dll]  [N/A, N/A]
[PID: 2716][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 2840][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
gototop
 
奥兰蓝蓝的天
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-01-06 10:14 | 只看楼主 短消息 资料
字号: 14楼

[C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 3100][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3540][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3548][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3752][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1360][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 352][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1684][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2796][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2876][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2928][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3292][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3308][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3352][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Rp11cs.dll]  [N/A, N/A]
[PID: 2524][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3456][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3344][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3776][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3844][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3068][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CD34CD8A.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\system32\3197D608.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\PROGRA~1\COMMON~1\dqru\huvy.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\mazdpeuvdjiru.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3560][D:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
58.215.74.216    test.nicemm.cn
58.215.74.216    new3.etsoft.com.cn
58.215.74.216    www.gaodumm.com
58.215.74.216    www.88cc8.com
58.215.74.216    wg770.com

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
奥兰蓝蓝的天
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-01-06 11:44 | 只看楼主 短消息 资料
字号: 15楼

肯请高手给予解决,多谢!!!
gototop
 
高歌猛进
头像
初生襁褓狮
  • 帖子:2377
  • 注册: 2006-10-09
  • 来自:
发表于: 2007-01-06 14:55 | 短消息 资料
字号: 16楼

运行SReng,删除启动--注册表项:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<main><rundll32.exe "C:\program files\internet explorer\use9.dll" mymain> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070104.dll start> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\comreplt]
<WinlogonNotify: comreplt><comreplt.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
<WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll> [N/A]
启动服务项:
[3197D608 / 3197D608][Stopped/Auto Start]
<C:\WINDOWS\system32\3197D608.EXE -service><Microsoft Corporation>
[CD34CD8A / CD34CD8A][Stopped/Auto Start]
<C:\WINDOWS\system32\CD34CD8A.EXE -service><Microsoft Corporation>
[COM+ Messages / COM+ Messages][Running/Auto Start]
<"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000128><N/A>
[Network Engine / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mkoue.dll><Microsoft Corporation>
[Windows NT Service32 / Windows NT Service32][Stopped/Auto Start]
<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start><Microsoft Corporation>
[Windows Media Connect Service / WmdmPmSp][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
[Vsn xklo Service / xklo][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\dqru\kxvb.dll,Service><Microsoft Corporation>
启动--服务--驱动:
[exsj / exsjl][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\exsjl.sys><N/A>
[fbaaghid / fbaaghid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\fbaaghid.sys><N/A>
[gbhjaabg / gbhjaabg]
<\SystemRoot\system32\drivers\gbhjaabg.sys><N/A>
[HidProcess / HidProcess][Stopped/System Start]
<system32\drivers\hprocess.sys><N/A>
[qsegky0 / qsegky00][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\qsegky00.sys><N/A>
[ranjnr8 / ranjnr88][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ranjnr88.sys><N/A>
[vaansi6 / vaansi62][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vaansi62.sys><N/A>
浏览器加载项:
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >
[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\kofpjqdseqixe.dll, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[365助手]
{2D839B55-19DF-40F0-AD89-EA97F1BA8D3E} <C:\Program Files\365助手\360safe.dll, N/A>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >
[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\kofpjqdseqixe.dll, N/A>

删除:
C:\WINDOWS\System32\svchosts.exe

用360或恶意软件清理助手或兔子清理所有流氓软件,反复多试几次,用兔子全面修复IE,然后再扫日志贴上来
gototop
 
风中雨荷
头像
初生襁褓狮
  • 帖子:61
  • 注册: 2007-01-05
  • 来自:
发表于: 2007-01-06 14:57 | 短消息 资料
字号: 17楼

SECSTICK主机抗拒绝服务系统是CHINSEC针对目前流行的全连接无特征DDoS攻击设计的一款软件产品:防护技术在不断的完善,新的攻击技术也层出不穷。拒绝服务攻击从以前单一的大流量耗带宽,发展到如今的高连接无特征。给抗拒绝服务领域提出了更高的挑战。CHINSEC利用数据挖掘技术在看似没有特征的异常连接中找出有价值的信息,以对网络连接进行筛选,关闭恶意连接达到防护目的。SECSTICK主机抗拒绝服务系统和操作系统紧密结合全过程跟踪每个连接,较网络抗拒绝服务系统更全面的了解主机状态从精度上弥补网络抗拒绝服务系统所难以完成的任务。
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2007-01-06 15:27 | 短消息 资料
字号: 18楼

【回复“奥兰蓝蓝的天”的帖子】

同时按ctrl+alt+del组合键
调出任务管理器--进程
在【待结束的进程名称】上按右键--依次结束如下进程:
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\Rpcs11.exe
C:\WINDOWS\system32\rundll32.exe(注意:进程较多,能结束几个就结束几个)
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe

这时桌面消失

===========

同时按Ctrl+Alt+Del组合键调出“Windows任务管理器”
在“Windows任务管理器”中选“文件”--“新建任务”
在“创建新任务”中输入explorer.exe--按“Enter”键

这时重新显示桌面

=========

用SRE删除如下自启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<main><rundll32.exe "C:\program files\internet explorer\use9.dll" mymain> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\comreplt]
<WinlogonNotify: comreplt><comreplt.dll> [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
<WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll> [N/A]

==========

用SRE编辑修改如下自启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070104.dll start> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,>

===========

用SRE删除如下服务项
[3197D608 / 3197D608]
<C:\WINDOWS\system32\3197D608.EXE -service><Microsoft Corporation>

[CD34CD8A / CD34CD8A]
<C:\WINDOWS\system32\CD34CD8A.EXE -service><Microsoft Corporation>

[COM+ Messages / COM+ Messages]
<"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000128><N/A>

[Local Connection Manager / MouTALS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\DMKQU.DLL,Export 1087><N/A>

[RestoreService / RestoreService]
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><N/A>

[Remote Procedure Call System(11RPCS) / RpcS11]
<C:\WINDOWS\system32\Rpcs11.exe><Microsoft Corporation>

[Network Engine / Trial]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mkoue.dll><Microsoft Corporation>

[Windows NT Service32 / Windows NT Service32]
<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start><Microsoft Corporation>

==========

用SRE删除如下驱动项
[Cdsys / Cdsys]
<\??\C:\WINDOWS\system32\cdcd.sys><N/A>

[exsj / exsjl]
<\SystemRoot\System32\DRIVERS\exsjl.sys><N/A>

[fbaaghid / fbaaghid]
<\SystemRoot\system32\drivers\fbaaghid.sys><N/A>

[FXDRV / FXDRV]
<\??\I:\Fxdrv.sys><N/A>

[gbhjaabg / gbhjaabg]
<\SystemRoot\system32\drivers\gbhjaabg.sys><N/A>

[HidProcess / HidProcess]
<system32\drivers\hprocess.sys><N/A>

[HOSTNT / HOSTNT]
<\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>

[msprotect / msprotect]
<system32\DRIVERS\msprotect.sys><N/A>

[msqmx / msqmx]
<\SystemRoot\system32\drivers\msqmx.sys><Microsoft Corporation>

[NetworkX / NetworkX]
<\SystemRoot\system32\ckldrv.sys><N/A>

[qsegky0 / qsegky00]
<\SystemRoot\System32\DRIVERS\qsegky00.sys><N/A>

[ranjnr8 / ranjnr88]
<\SystemRoot\System32\DRIVERS\ranjnr88.sys><N/A>

[SVKP / SVKP]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>

============

用SRE删除如下浏览器加载项
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>

[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>

[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>

[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>

[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >

[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >

[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\tvqewpdmlkknl.dll, N/A>

[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>

[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>

[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>

[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>

[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >

[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >

[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\tvqewpdmlkknl.dll, N/A>

============

开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services](X代表1,2,3,4....)
找到后删除如下文件夹:
3197D608
CD34CD8A
COM+ Messages
MouTALS
RestoreService
RpcS11
Trial
Windows NT Service32
Cdsys
exsjl
fbaaghid
FXDRV
gbhjaabg
HidProcess
HOSTNT
msprotect
msqmx
NetworkX
qsegky00
ranjnr88
SVKP

依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Enum\Root\](X代表1,2,3,4....)
删除如下文件夹:
LEGACY_3197D608
LEGACY_CD34CD8A
LEGACY_COM+ Messages
LEGACY_MouTALS
LEGACY_RestoreService
LEGACY_RpcS11
LEGACY_Trial
LEGACY_Windows NT Service32
LEGACY_Cdsys
LEGACY_exsjl
LEGACY_fbaaghid
LEGACY_FXDRV
LEGACY_gbhjaabg
LEGACY_HidProcess
LEGACY_HOSTNT
LEGACY_msprotect
LEGACY_msqmx
LEGACY_NetworkX
LEGACY_qsegky00
LEGACY_ranjnr88
LEGACY_SVKP

提示:
若上述文件夹中注册表中无法删除
建议使用ICESWORD删除
或直接修改上述文件夹的权限为“完全控制”
然后再删除试试

============

卸载


=========

删除
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\Rpcs11.exe
C:\Program Files\Common Files\dqru\kxvb.dll
C:\WINDOWS\system32\Rp11cs.dll
C:\Program Files\Common Files\dqru\huvy.dll
C:\WINDOWS\system32\tvqewpdmlkknl.dll
C:\WINDOWS\system32\NTService32.dll
C:\program files\internet explorer\use9.dll
comreplt.dll(在C盘搜索)
C:\WINDOWS\ScNotify.dll
C:\WINDOWS\system32\winsys16_070104.dll
C:\WINDOWS\system32\3197D608.EXE
C:\WINDOWS\system32\CD34CD8A.EXE
C:\WINDOWS\SYSTEM32\WBEM\DMKQU.DLL
C:\WINDOWS\system32\drivers\restore.dll
C:\WINDOWS\system32\Rpcs11.exe
C:\WINDOWS\system32\mkoue.dll
C:\WINDOWS\system32\NTService32.dll
C:\WINDOWS\system32\cdcd.sys
C:\WINDOWS\System32\DRIVERS\exsjl.sys
C:\WINDOWS\system32\drivers\fbaaghid.sys
I:\Fxdrv.sys
C:\WINDOWS\system32\drivers\gbhjaabg.sys
C:\WINDOWS\system32\drivers\hprocess.sys
C:\WINDOWS\system32\drivers\hostnt.sys
C:\WINDOWS\system32\DRIVERS\msprotect.sys
C:\WINDOWS\system32\drivers\msqmx.sys
C:\WINDOWS\system32\ckldrv.sys
C:\WINDOWS\System32\DRIVERS\qsegky00.sys
C:\WINDOWS\System32\DRIVERS\ranjnr88.sys
C:\WINDOWS\system32\SVKP.sys
C:\WINDOWS\system32\tvqewpdmlkknl.dll
C:\WINDOWS\system32\IESHEL~1.DLL
C:\Program Files\Common Files\CPUSH\cpush.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
C:\WINDOWS\system32\SafeHelper12.dll
C:\WINDOWS\POPNTS.DLL
C:\WINDOWS\system32\tvqewpdmlkknl.dll
C:\Program Files\Common Files\dqru\
C:\Program Files\Common Files\CPUSH\
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\

提示:
若上述文件无法删除
建议使用KILLBOX的“重启后删除”功能删除之
或使用ICESWORD来删除

===============

进入注册表
搜索vaansi62.dll
找到后全部删除

然后重启机器
gototop
 
ADL
头像
社区嘉宾
  • 帖子:21666
  • 注册: 2001-06-22
  • 来自:江湖
发表于: 2007-01-06 15:49 | 短消息 资料
字号: 19楼

附件附件:

下载次数:105
文件类型:image/pjpeg
文件大小:
上传时间:2007-1-6 15:49:47
描述:
gototop
 
安全防卫
头像
飘泊而立狮
  • 帖子:699
  • 注册: 2006-01-14
  • 来自:
发表于: 2007-01-06 15:52 | 短消息 资料
字号: 20楼

引用:
【高歌猛进的贴子】 运行SReng,删除启动--注册表项:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<main><rundll32.exe "C:\program files\internet explorer\use9.dll" mymain> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070104.dll start> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\comreplt]
<WinlogonNotify: comreplt><comreplt.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
<WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll> [N/A]
启动服务项:
[3197D608 / 3197D608][Stopped/Auto Start]
<C:\WINDOWS\system32\3197D608.EXE -service><Microsoft Corporation>
[CD34CD8A / CD34CD8A][Stopped/Auto Start]
<C:\WINDOWS\system32\CD34CD8A.EXE -service><Microsoft Corporation>
[COM+ Messages / COM+ Messages][Running/Auto Start]
<"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000128><N/A>
[Network Engine / Trial][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mkoue.dll><Microsoft Corporation>
[Windows NT Service32 / Windows NT Service32][Stopped/Auto Start]
<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start><Microsoft Corporation>
[Windows Media Connect Service / WmdmPmSp][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><N/A>
[Vsn xklo Service / xklo][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\dqru\kxvb.dll,Service><Microsoft Corporation>
启动--服务--驱动:
[exsj / exsjl][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\exsjl.sys><N/A>
[fbaaghid / fbaaghid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\fbaaghid.sys><N/A>
[gbhjaabg / gbhjaabg]
<\SystemRoot\system32\drivers\gbhjaabg.sys><N/A>
[HidProcess / HidProcess][Stopped/System Start]
<system32\drivers\hprocess.sys><N/A>
[qsegky0 / qsegky00][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\qsegky00.sys><N/A>
[ranjnr8 / ranjnr88][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ranjnr88.sys><N/A>
[vaansi6 / vaansi62][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vaansi62.sys><N/A>
浏览器加载项:
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[CAdLogic ]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >
[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\kofpjqdseqixe.dll, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[365助手]
{2D839B55-19DF-40F0-AD89-EA97F1BA8D3E} <C:\Program Files\365助手\360safe.dll, N/A>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[CAdLogic ]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[SafeMe Internet Explorer Helper]
{3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[xhil]
{4EE31758-D2CB-475D-AD7C-3C3E55AE7401} <C:\PROGRA~1\COMMON~1\dqru\huvy.dll, >
[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[]
{E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\kofpjqdseqixe.dll, N/A>

删除:
C:\WINDOWS\System32\svchost.exe

用360或恶意软件清理助手或兔子清理所有流氓软件,反复多试几次,用兔子全面修复IE,然后再扫日志贴上来
………………

C:\WINDOWS\System32\svchost.exe 被我抓到了少了一个s 
gototop
 
<<上一主题|下一主题>>
123   2  /  3  页   跳转
页面顶部
Powered by Discuz!NT