瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 没木马没病毒帐号依然被盗是怎么回事?请教高手

12   2  /  2  页   跳转

没木马没病毒帐号依然被盗是怎么回事?请教高手

收藏
124578e
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2007-02-01
  • 来自:
发表于: 2007-02-01 13:45 | 显示全部 短消息 资料
字号: 11楼

[PID: 1516][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
[PID: 1668][C:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4111>
    [C:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1732][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  <Adobe Systems, Incorporated><7.0>
[PID: 236][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 460][C:\WINDOWS\system32\crypserv.exe]  <Kenonic Controls Ltd.><5.4.0>
[PID: 268][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1372][C:\Program Files\Canon\CAL\CALMAIN.exe]  <Canon Inc.><8, 1, 0, 14>
[PID: 1352][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 136][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 300][C:\WINDOWS\VM_STI.EXE]  <VM.><4.2.610.4>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 608][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 612][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 36>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 28>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RsXML.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 628][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 4024][D:\PROGRA~1\新建文~1\Woool\woool.exe]  <><1.7.5.66>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  <Adobe Systems, Inc.><9,0,28,0>
    [D:\PROGRA~1\新建文~1\Woool\data\woool.dat]  <N/A><N/A>
    [D:\PROGRA~1\新建文~1\Woool\data\wsock32.dll]  <N/A><N/A>
    [D:\PROGRA~1\新建文~1\Woool\data\MercenarySystem.dll]  <N/A><N/A>
    [D:\PROGRA~1\新建文~1\Woool\data\python24.dll]  <ActiveState Corporation><2.4>
    [D:\PROGRA~1\新建文~1\Woool\data\WebCtrl.dll]  <N/A><N/A>
    [D:\PROGRA~1\新建文~1\Woool\data\Mir2File.dll]  <SHANDA><1, 0, 1, 6>
    [D:\PROGRA~1\新建文~1\Woool\data\TjBin.dll]  <上海盛大网络(Shanda Interactive Entertainment Ltd.)><1.0.1.67>
    [D:\PROGRA~1\新建文~1\Woool\data\CheckUpdate.dll]  <上海盛大网络发展有限公司 <www.snda.com>><2, 2, 12, 9>
[PID: 3736][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\DOCUME~1\hghg\LOCALS~1\Temp\Dyn2B5.tmp]  <><1,0,0,1>
[PID: 4000][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  <Adobe Systems, Inc.><9,0,28,0>
[PID: 2128][D:\Program Files\BitComet\BitComet.exe]  <www.BitComet.com><0.70>
[PID: 1876][F:\新建文件夹 (3)\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
124578e
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2007-02-01
  • 来自:
发表于: 2007-02-01 14:01 | 显示全部 短消息 资料
字号: 12楼

咦?人呢?来帮我看看呀
gototop
 
124578e
头像
初生襁褓狮
  • 帖子:24
  • 注册: 2007-02-01
  • 来自:
发表于: 2007-02-02 14:17 | 显示全部 短消息 资料
字号: 13楼

没人帮助或?那叫我贴上来做什么?
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT