瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】请各位高人看看我的扫描日志(多软件扫描)

12   1  /  2  页   跳转

【求助】请各位高人看看我的扫描日志(多软件扫描)

收藏
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 17:41 | 只看楼主 短消息 资料
字号: 1楼

【求助】请各位高人看看我的扫描日志(多软件扫描)

HijackThis_815汉化版扫描日志 V1.99.1
保存于      2:33:50, 日期 2005-11-22
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ftc\Trojanwall.exe
C:\Program Files\木马分析专家\freekav.exe
C:\Program Files\木马分析专家\freepp.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\qq2005Beta3\QQ.exe
D:\Program Files\qq2005Beta3\TIMPlatform.exe
D:\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Windows木马防火墙] C:\Program Files\ftc\Trojanwall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\qq2005Beta3\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\qq2005Beta3\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\qq2005Beta3\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\qq2005Beta3\SendMMS.htm
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DDAF9-EB98-4998-B97B-99F5A96039B9}: NameServer = 202.96.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{147DDAF9-EB98-4998-B97B-99F5A96039B9}: NameServer = 202.96.128.68
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: System Safety Monitor (SSM) - System Safety - C:\Program Files\System Safety Monitor\SSMService.exe

最后编辑2005-11-24 17:42:14
分享到:
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 17:42 | 只看楼主 短消息 资料
字号: 2楼

木马清道夫查的
木马病毒文件列表导出于 2005/11/22 / 0:36

C:\WINDOWS\ide.tmp
C:\Program Files\MMSASS~1\MMSASS~1.DLL
C:\Program Files\MMSAssist\mms.ini
C:\Program Files\MMSAssist\MMSASS~1.DLL
C:\WINDOWS\system32\stdup.dll
C:\WINDOWS\system32\drivers\ati2erec.dll
C:\WINDOWS\Downloaded Program Files\keepmain.dll
C:\WINDOWS\tasks\DDD_Install_Program.job
C:\WINDOWS\system32\autorun.exe
C:\WINDOWS\system32\Drivers\BDGuard.SYS
C:\WINDOWS\system32\NtSysUpdate.exe
C:\WINDOWS\Downloaded Program Files\3721\CnsMin.dll


FILEOO81.CHK    C:\FOUND.OOO\FILEOO81.CHK
FILEOO89.CHK    C:\FOUND.OOO\FILEOO89.CHK
FILEOO90.CHK    C:\FOUND.OOO\FILEOO90.CHK
MSETUP.EXE_IPARMOR    C:\PROGRAM FILES\IPARMOR\TROJAN\MSETUP.EXE_IPARMOR

FILOO68.CHK_IPARMOR C:\PROGRAM FILES\IPARMOR\TROJAN\FILEOO68.CHK_IPARMOR
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 17:43 | 只看楼主 短消息 资料
字号: 3楼

木马分析专家查

C:\WINDOWS\SYSTEM32\AUTORUN.EXE
C:\WINDOWS\SYSTEM32\STDUP.DLL
C:\WINDOWS\SYSTEM32\STDSVER.DLL
C:\WINDOWS\SYSTEM32\NTSYSUPDATE.EXE
C:\WINDOWS\SYSTEM32\MRT.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\BDGUARD.SYS
C:\WINDOWS\TEMP\CHCFG.EXE
C:\WINDOWS\TASKS\DDD_INSTALL_PROGRAM.JOB
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSUP.INI
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNSMINIO.CAB
C:\Documents and Settings\shengye\Local Settings\Temporary Internet Files\Content.IE5\CLANW1MJ\76060_ad[1].js

C:\Documents and Settings\shengye\Local Settings\Temporary Internet Files\Content.IE5\05AJOXIJ\icast[1].js

C:\Documents and Settings\shengye\Local Settings\Temporary Internet Files\Content.IE5\CXYFK9UV\46860_ad[1].js

C:\Program Files\Common Files\Upd\update.exe
C:\Program Files\Internet Explorer\UnRegDll.com

C:\Program Files\MMSAssist\mms.ini
C:\Program Files\MMSAssist\MMSASS~1.DLL
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 17:44 | 只看楼主 短消息 资料
字号: 4楼

木马克星查


c:\program files\3721\cnsmin.dat 发现广告程序.
c:\program files\baidu\bar\baidubar.dat 发现广告程序.
c:\program files\baidu\bar\baidubar.dll 发现广告程序.
c:\program files\baidu\bar\bdgdins.dll 发现广告程序.
c:\program files\baidu\bar\loadmovie.swf 发现广告程序.
c:\program files\baidu\bar\img\imglist.bmp 发现广告程序.
c:\program files\baidu\bar\img\logo.bmp 发现广告程序.
c:\WINDOWS\Downloaded Program Files\cnshint.dll 怀疑为3721广告2
c:\windows\downloaded program files\cnshint.dll 怀疑为3721广告.
c:\WINDOWS\Downloaded Program Files\CnsHook.dll 怀疑为3721广告2
c:\windows\downloaded program files\cnshook.dll 怀疑为3721广告.
c:\WINDOWS\Downloaded Program Files\CnsMinDT.dll 怀疑为3721广告2
c:\windows\downloaded program files\cnsmindt.dll 怀疑为3721广告.
c:\WINDOWS\Downloaded Program Files\CnsMinEx.dll 怀疑为3721广告2
c:\WINDOWS\Downloaded Program Files\CnsMinEx.dll 怀疑为yisou广告
c:\windows\downloaded program files\cnsminex.dll 怀疑为3721广告.
c:\windows\downloaded program files\cnsplus.dll 怀疑为3721广告.
c:\WINDOWS\Downloaded Program Files\keepmain.dll 怀疑为3721广告2
c:\windows\downloaded program files\3721\cnsmin.dll 发现广告程序.
c:\WINDOWS\Downloaded Program Files\3721\CnsMin.dll 怀疑为3721广告2
c:\windows\downloaded program files\3721\cnsmin.dll 怀疑为3721广告.
c:\WINDOWS\system32\cns.dll 怀疑为3721广告2
c:\WINDOWS\system32\cns.dll 怀疑为CNNIC广告
c:\windows\system32\cns.dll 怀疑为3721广告.
c:\WINDOWS\system32\cns.exe 怀疑为baidu广告
c:\WINDOWS\system32\cns.exe 怀疑为CNNIC广告
c:\windows\system32\cns.exe 怀疑为3721广告.
c:\WINDOWS\system32\drivers\BDGuard.SYS 怀疑为baidu广告
c:\windows\system32\drivers\cnsminkp.sys 发现广告程序.
c:\windows\system32\drivers\cnsminkp.sys 发现3721广告程序.
c:\windows\system32\drivers\cnsminkp.sys 怀疑为3721广告.
c:\ 扫描完成.
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 18:27 | 只看楼主 短消息 资料
字号: 5楼

木马克星日志

木马克星分析报告:2005-11-22 1:45:45
==================================================
内存中的进程:
[System Process]
conime.exe
csrss.exe
Explorer.EXE
freekav.exe
freepp.exe
iexplore.exe
Iparmor.exe
lsass.exe
NewScandrive.exe
QQ.exe
services.exe
smss.exe
svchost.exe
System
TIMPlatform.exe
Trojanwall.exe
winlogon.exe
C:\WINDOWS\System32\actxprxy.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\Program Files\Iparmor\getportlistxp.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\Program Files\Iparmor\hookhookdll.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\Program Files\Iparmor\Iparmor.exe
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MFC42LOC.DLL
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\System32\mshtml.dll
C:\WINDOWS\System32\Msimtf.dll
C:\WINDOWS\System32\msls31.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\mydocs.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\Program Files\Rising\Rav\RavScrCh.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\System32\shdoclc.dll
C:\WINDOWS\System32\shdocvw.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\Program Files\Iparmor\socketinit.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\vbscript.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\IMM32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\PROGRA~1\ftc\Commenu.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Wbem\framedyn.dll
C:\Program Files\木马分析专家\hyMenu.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\System32\msutb.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
D:\Program Files\qq2005Beta3\qdshm.dll
C:\Program Files\WinRAR\rarext.dll
C:\WINDOWS\system32\RavExt.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\srclient.dll
C:\WINDOWS\System32\themeui.dll
C:\Herosoft\HeroV8\VCvtShell.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\winpy.ime
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\asycfilt.dll
C:\Program Files\木马分析专家\freekav.exe
C:\Program Files\ftc\MSCOMCTL.OCX
C:\WINDOWS\system32\msvbvm50.dll
C:\Program Files\ftc\TABCTL32.OCX
C:\WINDOWS\system32\vb5chs.dll
C:\WINDOWS\system32\WSOCK32.DLL
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\Program Files\木马分析专家\freepp.exe
C:\WINDOWS\system32\ADVPACK.DLL
C:\WINDOWS\System32\ATL.DLL
C:\WINDOWS\system32\Cabinet.dll
C:\WINDOWS\system32\corpol.dll
C:\WINDOWS\system32\cryptnet.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\System32\DCIMAN32.dll
C:\WINDOWS\System32\DDRAW.dll
C:\WINDOWS\System32\ddrawex.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\System32\dxtmsft.dll
C:\WINDOWS\System32\dxtrans.dll
C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\javacypt.dll
C:\WINDOWS\System32\mlang.dll
C:\WINDOWS\System32\mshtmled.dll
C:\WINDOWS\system32\msjava.dll
C:\WINDOWS\system32\msratelc.dll
C:\WINDOWS\system32\MSRATING.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\SensApi.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SOFTPUB.DLL
C:\WINDOWS\system32\VMHELPER.DLL
C:\Program Files\ftc\NewScandrive.exe
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\AVICAP32.dll
D:\Program Files\qq2005Beta3\BasicCtrlDll.dll
D:\Program Files\qq2005Beta3\BQQApplication.dll
D:\Program Files\qq2005Beta3\CameraDll.dll
C:\WINDOWS\system32\CFGMGR32.dll
D:\Program Files\qq2005Beta3\CommercesMng.dll
D:\Program Files\qq2005Beta3\CQQApplication.dll
C:\WINDOWS\System32\devenum.dll
D:\Program Files\qq2005Beta3\DialerAllinOne.dll
C:\WINDOWS\system32\DINPUT.dll
D:\Program Files\qq2005Beta3\FlashAvatarDll.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
D:\Program Files\qq2005Beta3\GroupConnection.dll
C:\WINDOWS\system32\HID.DLL
D:\Program Files\qq2005Beta3\HostingMgr.dll
D:\Program Files\qq2005Beta3\ImageOle.dll
D:\Program Files\qq2005Beta3\LoginCtrl.dll
D:\Program Files\qq2005Beta3\LongConnection.dll
D:\Program Files\qq2005Beta3\MailSummary.dll
D:\Program Files\qq2005Beta3\MFC42.DLL
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVFW32.dll
D:\Program Files\qq2005Beta3\NewSkin.dll
D:\Program Files\qq2005Beta3\npkcntc.dll
D:\Program Files\qq2005Beta3\npkpdb.dll
C:\WINDOWS\system32\OLEPRO32.DLL
D:\Program Files\qq2005Beta3\PersonalDesktop.dll
D:\Program Files\qq2005Beta3\PhoneAPI.dll
D:\Program Files\qq2005Beta3\QQ.exe
D:\Program Files\qq2005Beta3\QQAddr.dll
D:\Program Files\qq2005Beta3\QQAllInOne.dll
D:\Program Files\qq2005Beta3\QQAPI.dll
D:\Program Files\qq2005Beta3\QQAvatar.dll
D:\Program Files\qq2005Beta3\QQBaseClassInDll.dll
D:\Program Files\qq2005Beta3\QQConfigPlugin.dll
D:\Program Files\qq2005Beta3\QQCustomFace.dll
D:\Program Files\qq2005Beta3\QQGroupMng.dll
D:\Program Files\qq2005Beta3\QQHelperDll.dll
D:\Program Files\qq2005Beta3\QQMainFrame.dll
D:\Program Files\qq2005Beta3\QQPet.dll
D:\Program Files\qq2005Beta3\QQPhoneHelper.dll
D:\Program Files\qq2005Beta3\QQPlugin.dll
D:\Program Files\qq2005Beta3\QQRes.dll
D:\Program Files\qq2005Beta3\QQSceneMng.dll
D:\Program Files\qq2005Beta3\QQSpace.dll
D:\Program Files\qq2005Beta3\QQSysMsgMng.dll
D:\Program Files\qq2005Beta3\QQZip.dll
D:\Program Files\qq2005Beta3\QRingMng.dll
D:\Program Files\qq2005Beta3\RICHED20.dll
D:\Program Files\qq2005Beta3\RICHED32.DLL
C:\WINDOWS\system32\SAMLIB.dll
D:\Program Files\qq2005Beta3\SCCore.dll
D:\Program Files\qq2005Beta3\TIMProxy.dll
D:\Program Files\qq2005Beta3\UserDefinedHead.dll
D:\Program Files\qq2005Beta3\vbscript.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WSOCK32.dll
D:\Program Files\qq2005Beta3\TIMPlatform.exe
C:\WINDOWS\system32\hhctrl.ocx
C:\WINDOWS\system32\mui\0804\hhctrlui.dll
C:\Program Files\ftc\PSAPI.dll
C:\Program Files\ftc\Trojanwall.exe
==================================================
启动项目:
"C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
C:\PROGRA~1\SKYNET\FIREWALL\PFW.EXE
SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE ZSMC USB PC CAMERA
"C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
"C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
"C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE"  -OSBOOT
C:\PROGRAM FILES\FTC\TROJANWALL.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
desktop.ini
RsAutorunsDisabled
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 18:28 | 只看楼主 短消息 资料
字号: 6楼

系统服务列表:
Abiosdsk
abp480n5
System32\DRIVERS\ACPI.sys
ACPIEC
adpu160m
system32\drivers\aec.sys
\SystemRoot\System32\drivers\afd.sys
Aha154x
aic78u2
aic78xx
system32\drivers\ALCXWDM.SYS
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\alg.exe
AliIde
System32\DRIVERS\AmdK8.sys
amsint
%SystemRoot%\system32\svchost.exe -k netsvcs
asc
asc3350p
asc3550
System32\DRIVERS\asyncmac.sys
System32\DRIVERS\atapi.sys
Atdisk
%SystemRoot%\System32\Ati2evxx.exe
C:\WINDOWS\system32\ati2sgag.exe
System32\DRIVERS\ati2mtag.sys
Atierecord
System32\DRIVERS\atmarpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\audstub.sys
System32\DRIVERS\BaseTDI.SYS
BattC
system32\drivers\BDGuard.SYS
Beep
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
cbidf2k
System32\DRIVERS\CCDECODE.sys
cd20xrnt
Cdaudio
Cdfs
System32\DRIVERS\cdrom.sys
Changer
%SystemRoot%\system32\cisvc.exe
%SystemRoot%\system32\clipsrv.exe
CmdIde
C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ContentFilter
ContentIndex
Cpqarray
%SystemRoot%\system32\svchost.exe -k netsvcs
dac2w2k
dac960nt
%SystemRoot%\system32\svchost -k DcomLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\disk.sys
%SystemRoot%\System32\dmadmin.exe /com
System32\drivers\dmboot.sys
System32\drivers\dmio.sys
System32\drivers\dmload.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\DMusic.sys
%SystemRoot%\System32\svchost.exe -k NetworkService
dpti2o
system32\drivers\drmkaud.sys
EPAR
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\services.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
\??\C:\Program Files\Rising\Rav\ExpScan.sys
Fastfat
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\fdc.sys
Fips
Flpydisk
system32\drivers\fltmgr.sys
System32\DRIVERS\fsvga.sys
Fs_Rec
System32\DRIVERS\ftdisk.sys
System32\DRIVERS\msgpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\Program Files\Rising\Rav\HOOKCONT.sys
\??\C:\Program Files\Rising\Rav\HookReg.sys
\??\C:\Program Files\Rising\Rav\HookSys.sys
hpn
System32\Drivers\HTTP.sys
%SystemRoot%\System32\svchost.exe -k HTTPFilter
i2omgmt
i2omp
System32\DRIVERS\i8042prt.sys
System32\DRIVERS\imapi.sys
C:\WINDOWS\System32\imapi.exe
inetaccs
ini910u
Inport
IntelIde
system32\drivers\ip6fw.sys
System32\DRIVERS\ipfltdrv.sys
System32\DRIVERS\ipinip.sys
System32\DRIVERS\ipnat.sys
System32\DRIVERS\ipsec.sys
System32\DRIVERS\irenum.sys
ISAPISearch
System32\DRIVERS\isapnp.sys
System32\DRIVERS\kbdclass.sys
system32\drivers\kmixer.sys
KSecDD
%SystemRoot%\System32\svchost.exe -k netsvcs
lbrtfdc
ldap
LicenseService
%SystemRoot%\System32\svchost.exe -k LocalService
\??\C:\Program Files\System Safety Monitor\mcnahook.sys
\??\C:\Program Files\Rising\Rav\MEMSCAN.SYS
%SystemRoot%\System32\svchost.exe -k netsvcs
mnmdd
C:\WINDOWS\System32\mnmsrvc.exe
Modem
System32\DRIVERS\mouclass.sys
MountMgr
\??\c:\program files\rising\rfw\mProcRs.sys
mraid35x
System32\DRIVERS\mrxdav.sys
System32\DRIVERS\mrxsmb.sys
C:\WINDOWS\System32\msdtc.exe
Msfs
C:\WINDOWS\System32\msiexec.exe /V
system32\drivers\MSKSSRV.sys
system32\drivers\MSPCLOCK.sys
system32\drivers\MSPQM.sys
System32\DRIVERS\mssmbios.sys
system32\drivers\MSTEE.sys
Mup
System32\DRIVERS\NABTSFEC.sys
NDIS
System32\DRIVERS\NdisIP.sys
System32\DRIVERS\ndistapi.sys
System32\DRIVERS\ndisuio.sys
System32\DRIVERS\ndiswan.sys
NDProxy
System32\DRIVERS\netbios.sys
System32\DRIVERS\netbt.sys
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\netdde.exe
%SystemRoot%\System32\lsass.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\NMnt.sys
system32\drivers\npf.sys
Npfs
\??\D:\Program Files\qq2005Beta3\npkcrypt.sys
\??\D:\Program Files\qq2005Beta3\npkycryp.sys
Ntfs
%SystemRoot%\System32\lsass.exe
%SystemRoot%\system32\svchost.exe -k netsvcs
Null
nv4
System32\DRIVERS\nwlnkflt.sys
System32\DRIVERS\nwlnkfwd.sys
System32\DRIVERS\nwlnkipx.sys
System32\DRIVERS\nwlnknb.sys
System32\DRIVERS\nwlnkspx.sys
System32\DRIVERS\parport.sys
PartMgr
ParVdm
System32\DRIVERS\pci.sys
PCIDump
PCIIde
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PerfDisk
PerfNet
PerfOS
PerfProc
%SystemRoot%\system32\services.exe
%SystemRoot%\System32\lsass.exe
System32\DRIVERS\raspptp.sys
System32\DRIVERS\processr.sys
%SystemRoot%\system32\lsass.exe
System32\DRIVERS\psched.sys
System32\DRIVERS\ptilink.sys
ql1080
Ql10wnt
ql12160
ql1240
ql1280
System32\DRIVERS\rasacd.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\rasl2tp.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\raspppoe.sys
System32\DRIVERS\raspti.sys
System32\DRIVERS\rdbss.sys
System32\DRIVERS\RDPCDD.sys
RDPDD
System32\DRIVERS\rdpdr.sys
RDPNP
RDPWD
C:\WINDOWS\system32\sessmgr.exe
System32\DRIVERS\redbook.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k LocalService
c:\program files\rising\rfw\rfwsrv.exe
"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
%SystemRoot%\System32\locator.exe
%SystemRoot%\system32\svchost -k rpcss
"C:\Program Files\Rising\Rav\CCenter.exe"
\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys
"C:\Program Files\Rising\Rav\Ravmond.exe"
%SystemRoot%\System32\rsvp.exe
System32\DRIVERS\Rtlnicxp.sys
System32\DRIVERS\RTL8139.SYS
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\drivers\scsiport.sys
System32\DRIVERS\secdrv.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
System32\DRIVERS\serenum.sys
System32\DRIVERS\serial.sys
Sfloppy
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
Simbad
\??\C:\WINDOWS\System32\Drivers\SKNFW.sys
System32\DRIVERS\SLIP.sys
Sparrow
system32\drivers\splitter.sys
%SystemRoot%\system32\spoolsv.exe
\SystemRoot\System32\DRIVERS\sr.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k LocalService
C:\Program Files\System Safety Monitor\SSMService.exe
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\STDSVER.DLL,Service
%SystemRoot%\System32\svchost.exe -k imgsvc
System32\DRIVERS\StreamIP.sys
System32\DRIVERS\swenum.sys
system32\drivers\swmidi.sys
C:\WINDOWS\System32\dllhost.exe /Processid:{AE556A2D-FB53-4ECB-8640-E36BE5634A51}
swwd
symc810
symc8xx
sym_hi
sym_u3
system32\drivers\sysaudio.sys
%SystemRoot%\system32\smlogsvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\tcpip.sys
TDPIPE
TDTCP
System32\DRIVERS\termdd.sys
%SystemRoot%\System32\svchost -k DComLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\tlntsvr.exe
TosIde
%SystemRoot%\system32\svchost.exe -k netsvcs
TSDDD
Udfs
ultra
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\SANDF\diskman.exe
System32\DRIVERS\update.sys
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\ups.exe
system32\drivers\usbaudio.sys
System32\DRIVERS\usbccgp.sys
System32\DRIVERS\usbehci.sys
System32\DRIVERS\usbhub.sys
System32\DRIVERS\USBSTOR.SYS
System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\drivers\vga.sys
System32\DRIVERS\viaagp1.sys
System32\DRIVERS\viaide.sys
System32\DRIVERS\viamraid.sys
VolSnap
%SystemRoot%\System32\vssvc.exe
VXD
%SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC
System32\DRIVERS\wanarp.sys
WDICA
system32\drivers\wdmaud.sys
%SystemRoot%\System32\svchost.exe -k LocalService
%systemroot%\system32\svchost.exe -k netsvcs
Winsock
WinSock2
WinTrust
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
WmiApRpl
C:\WINDOWS\System32\wbem\wmiapsrv.exe
\SystemRoot\System32\drivers\ws2ifsl.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\WSTCODEC.SYS
%systemroot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\Drivers\usbVM31b.sys
{147DDAF9-EB98-4998-B97B-99F5A96039B9}
{35F9CA4C-6FC2-4723-BF96-A4790A9F8019}
gototop
 
神无
头像
锋芒艾服狮
  • 帖子:1938
  • 注册: 2005-06-16
  • 来自:
发表于: 2005-11-22 18:37 | 短消息 资料
字号: 7楼

O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll这个看这里.http://forum.ikaka.com/topic.asp?board=67&artid=7423269
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-22 19:04 | 只看楼主 短消息 资料
字号: 8楼

bang wo kan quan bu a
gototop
 
shengye
头像
初生襁褓狮
  • 帖子:37
  • 注册: 2005-11-20
  • 来自:
发表于: 2005-11-23 09:20 | 只看楼主 短消息 资料
字号: 9楼

请大家帮我看清楚点啦`我装系统N次都还是这样.现在连MP3的文件都看不到了!
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2005-11-23 09:29 | 短消息 资料
字号: 10楼

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT