瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】哪位大哥帮帮忙看看,有图,有扫描日志。有毒杀不了呀。

12   1  /  2  页   跳转

【求助】哪位大哥帮帮忙看看,有图,有扫描日志。有毒杀不了呀。

收藏
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 12:45 | 只看楼主 短消息 资料
字号: 1楼

【求助】哪位大哥帮帮忙看看,有图,有扫描日志。有毒杀不了呀。

2006-07-22,12:35:19

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <wxClient><C:\WINNT\system32\Clsmn.exe>  []
    <Refresh><C:\WINNT\system32\Refresh_Service.exe>  []
    <snpstd3><C:\WINNT\vsnpstd3.exe>  [Sonix]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe>  [Microsoft Corporation]
    <GinaDLL><C:\WINNT\system32\LogUser.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[RZX_WATERWALL_CLIENT / RZX_WATERWALL_CLIENT]
  <"C:\WINNT\system32\waterwall.exe"><深圳任子行网络技术有限公司>
[Sicent Network File Synchronization / sicentnetsync]
  <C:\WINNT\system32\wxsyncli.exe><成都吉胜科技有限公司>

==================================
浏览器加载项
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>

==================================

附件附件:

下载次数:286
文件类型:image/pjpeg
文件大小:
上传时间:2006-7-22 12:45:19
描述:
预览信息:EXIF信息



最后编辑2006-12-21 01:02:35
分享到:
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 12:47 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 220][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 256][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 252][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\WINNT\system32\LogUser.dll]  <N/A><N/A>
[PID: 304][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 316][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 488][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 516][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 532][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 572][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 608][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 780][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.4523>
[PID: 820][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 812][C:\WINNT\system32\waterwall.exe]  <深圳任子行网络技术有限公司><1, 0, 0, 22>
    [C:\WINNT\system32\QQRecorder.dll]  <><1, 0, 0, 1>
[PID: 840][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
[PID: 864][C:\WINNT\system32\wxsyncli.exe]  <成都吉胜科技有限公司><1.0.1.259>
[PID: 964][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 984][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1212][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1064][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1260][C:\WINNT\system32\Clsmn.exe]  <><16.3.12.601>
    [C:\WINNT\system32\RegCode.dll]  <N/A><N/A>
[PID: 1304][C:\WINNT\vsnpstd3.exe]  <Sonix><1, 0, 1, 5>
[PID: 1328][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1236][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 1100][C:\WINNT\explorer.exe]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Beyond Compare 2\BCShellEx.dll]  <Scooter Software><2.2.0.0>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINNT\system32\ldf252.dll]  <N/A><N/A>
    [C:\WINNT\system32\lwf214p.dll]  <LuraTech GmbH><2, 0, 11, 14>
[PID: 644][C:\Documents and Settings\Administrator\My Documents\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 13:06 | 只看楼主 短消息 资料
字号: 3楼

有哪位大哥帮帮小弟吗?
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-07-22 13:11 | 短消息 资料
字号: 4楼

打开SRE 启动项目 注册表 删除
<wxClient><C:\WINNT\system32\Clsmn.exe> []
<Refresh><C:\WINNT\system32\Refresh_Service.exe> []
<GinaDLL><C:\WINNT\system32\LogUser.dll> []
删除
C:\WINNT\system32\Clsmn.exe
C:\WINNT\system32\Refresh_Service.exe
C:\WINNT\system32\LogUser.dll
C:\WINNT\system32\ldf252.dll
C:\WINNT\system32\RegCode.dll
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 13:39 | 只看楼主 短消息 资料
字号: 5楼

C:\WINNT\system32\Clsmn.exe
C:\WINNT\system32\Refresh_Service.exe
这2个是万象客户端的
只删除了C:\WINNT\system32\ldf252.dll

我重起了又扫了一份日志

2006-07-22,13:28:12

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <wxClient><C:\WINNT\system32\Clsmn.exe>  []
    <Refresh><C:\WINNT\system32\Refresh_Service.exe>  []
    <snpstd3><C:\WINNT\vsnpstd3.exe>  [Sonix]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
    <GinaDLL><C:\WINNT\system32\LogUser.dll>  []

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[RZX_WATERWALL_CLIENT / RZX_WATERWALL_CLIENT]
  <"C:\WINNT\system32\waterwall.exe"><深圳任子行网络技术有限公司>
[Sicent Network File Synchronization / sicentnetsync]
  <C:\WINNT\system32\wxsyncli.exe><成都吉胜科技有限公司>

==================================
浏览器加载项
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>

==================================
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 13:40 | 只看楼主 短消息 资料
字号: 6楼

正在运行的进程
[PID: 220][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 256][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 252][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\WINNT\system32\LogUser.dll]  <N/A><N/A>
[PID: 304][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 316][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 488][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 516][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 532][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 572][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.6659>
[PID: 608][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 636][C:\WINNT\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.4523>
[PID: 772][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 788][C:\WINNT\system32\waterwall.exe]  <深圳任子行网络技术有限公司><1, 0, 0, 22>
    [C:\WINNT\system32\QQRecorder.dll]  <><1, 0, 0, 1>
[PID: 852][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6920>
[PID: 876][C:\WINNT\system32\wxsyncli.exe]  <成都吉胜科技有限公司><1.0.1.259>
[PID: 984][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 1012][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1092][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
[PID: 996][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1248][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1268][C:\WINNT\system32\Clsmn.exe]  <><16.3.12.601>
    [C:\WINNT\system32\RegCode.dll]  <N/A><N/A>
[PID: 1296][C:\WINNT\vsnpstd3.exe]  <Sonix><1, 0, 1, 5>
[PID: 1316][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1264][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 1232][C:\Documents and Settings\Administrator\My Documents\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 13:41 | 只看楼主 短消息 资料
字号: 7楼

在SRE 启动项目 注册表 下
C:\WINNT\system32\LogUser.dll
这个删除不了的
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-07-22 13:43 | 短消息 资料
字号: 8楼

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..


网吧的机?
gototop
 
gosing
头像
初生襁褓狮
  • 帖子:29
  • 注册: 2005-02-15
  • 来自:
发表于: 2006-07-22 13:51 | 只看楼主 短消息 资料
字号: 9楼

是网吧机。

麻烦看下

Logfile of HijackThis v1.99.1
Scan saved at 13:42:23, on 2006-7-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\waterwall.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\wxsyncli.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\Clsmn.exe
C:\WINNT\vsnpstd3.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\stisvc.exe
C:\Documents and Settings\Administrator\My Documents\ha_hijackthis_1991\HijackThis.exe

O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\kakatool.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [wxClient] C:\WINNT\system32\Clsmn.exe
O4 - HKLM\..\Run: [Refresh] C:\WINNT\system32\Refresh_Service.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINNT\vsnpstd3.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O14 - IERESET.INF: START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{28FF4E98-86CE-4A11-B7EA-000FED6C3AA1}: NameServer = 202.96.128.86,202.96.128.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{38F4230C-D372-4A56-8D21-F78BAEA968A1}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CS2\Services\Tcpip\..\{28FF4E98-86CE-4A11-B7EA-000FED6C3AA1}: NameServer = 202.96.128.86,202.96.128.143
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: RZX_WATERWALL_CLIENT - 深圳任子行网络技术有限公司 - C:\WINNT\system32\waterwall.exe
O23 - Service: Sicent Network File Synchronization (sicentnetsync) - 成都吉胜科技有限公司 - C:\WINNT\system32\wxsyncli.exe
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-07-22 13:52 | 短消息 资料
字号: 10楼

修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

早说网吧机嘛...汗...
能说下症状么?
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT