瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 再请高手们帮我看看启动的进程,并指引杀毒的方法。谢谢!

1   1  /  1  页   跳转

再请高手们帮我看看启动的进程,并指引杀毒的方法。谢谢!

收藏
小钿ZZZZZZ
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-04-12
  • 来自:
发表于: 2006-04-12 18:32 | 只看楼主 短消息 资料
字号: 1楼

再请高手们帮我看看启动的进程,并指引杀毒的方法。谢谢!

(未上网情况下的几个可疑进程)

explorer.exe 进程含有86个模块

C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-

ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\themeui.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\system32\RavExt.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\System32\actxprxy.dll
C:\WINDOWS\System32\msutb.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\System32\BatMeter.dll
C:\WINDOWS\System32\POWRPROF.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\Program Files\WinRAR\rarext.dll
C:\WINDOWS\system32\CmdLineExt.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\MLANG.dll



RavMonD.exe 进程含有61个模块

C:\WINDOWS\system32\kernel32.dll
C:\Program Files\Rising\Rav\BWList.dll
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\MFC42LOC.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-

ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\Program Files\Rising\Rav\RsCommX.dll
C:\Program Files\Rising\Rav\RSAPPMGR.DLL
C:\Program Files\Rising\Rav\CfgDll.dll
C:\Program Files\Rising\Rav\RSCOMMON.DLL
C:\Program Files\Rising\Rav\RsLog.dll
C:\Program Files\Rising\Rav\HOOKSYS.dll
C:\Program Files\Rising\Rav\Scanner.dll
C:\Program Files\Rising\Rav\libload.dll
C:\Program Files\Rising\Rav\VirusLib.dll
C:\Program Files\Rising\Rav\regmon.dll
C:\Program Files\Rising\Rav\psapi.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\Program Files\Rising\Rav\HookWeb.dll
C:\Program Files\Rising\Rav\MemMon.dll
C:\Program Files\Rising\Rav\expscan.dll
C:\Program Files\Rising\Rav\mPorts.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\Program Files\Rising\Rav\MailMon.dll
C:\Program Files\Rising\Rav\SpamEng.dll
C:\Program Files\Rising\Rav\engine.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\Program Files\Rising\Rav\PostTrt.dll
C:\Program Files\Rising\Rav\UnExe.dll
C:\Program Files\Rising\Rav\ScanExec.dll
C:\Program Files\Rising\Rav\ScanEx.dll
C:\Program Files\Rising\Rav\NvFile.dll
C:\Program Files\Rising\Rav\ScanMac.dll
C:\Program Files\Rising\Rav\ScanSct.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\Program Files\Rising\Rav\Unpacker.dll
C:\Program Files\Rising\Rav\ScanNet.dll
C:\Program Files\Rising\Rav\ExtOLE.dll
C:\WINDOWS\system32\perfproc.dll



winlogon.exe 进程含有62个模块

C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-

ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\SHSVCS.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\cscdll.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\WlNotify.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\cscui.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSACM32.dll


svchost.exe 进程含有49个模块

C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-

ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\SAMLIB.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\ICAAPI.dll
c:\windows\system32\SETUPAPI.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\IMAGEHLP.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\NETAPI32.dll
c:\windows\system32\ATL.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Apphelp.dll








最后编辑2006-04-13 17:20:45
分享到:
gototop
 
小钿ZZZZZZ
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-04-12
  • 来自:
发表于: 2006-04-12 18:37 | 只看楼主 短消息 资料
字号: 2楼

Logfile of HijackThis v1.99.1
Scan saved at 18:35:38, on 2006-4-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows进程管理器\PrcMgr.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Maxthon\Maxthon.exe
E:\tools\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138003530874
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DD3C687-2720-4A24-B974-A7F35B86E929}: NameServer = 202.96.128.166 202.96.144.47
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
gototop
 
小钿ZZZZZZ
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2006-04-12
  • 来自:
发表于: 2006-04-13 17:20 | 只看楼主 短消息 资料
字号: 3楼

没有高人帮忙吗?
在线等。
自顶。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT