引用 | 編輯
andyzung
2007-02-01 03:47 |
樓主
▼ |
||
x0
我使用奇摩的反間諜程式掃到一個木馬位置在"""c:\windows\smss.exe""""~但是反間諜程式卻殺不掉 <1>於是搜尋系統裡面所有的smss.exe 發現有兩個 1.c:\windows\smss.exe(執行檔卻顯示是資料夾自動設成唯讀改不掉也殺不掉) 2.c:\windows\system32\smss.exe(有查過資料這個應該是正常檔) <2>使用卡巴和AVG兩套去掃c:\windows\smss.exe這個檔卻顯示沒有發現病毒 <3>爬文看過一些人說用""power remove或是冰刃"""~~但是這兩套只能針對可執行的檔案 無法點選c:\windows\smss.exe這個資料夾<----------雖然檔名是.exe但是卻是資料夾且唯讀 怎改都改不掉唯讀~~也無法改名~~~無法刪除(刪不掉)~~~ 不知道還有沒有辦法可以清除掉呢??? 補充一下:爬了一整夜的文~~總算發現一點眉目~~ 不過可惜的是~~有些部分太高深了~~看不懂~~還是希望大家幫幫忙解讀一下 怎樣可以完全清掉~~ 線索:我想我應該是中了這個 http://my.swufe.com/blog/c_log_606 x0
|
引用 | 編輯
andyzung
2007-02-02 00:00 |
2樓
▲ ▼ |
Logfile of HijackThis v1.99.1
Scan saved at 上午 12:00:08, on 2007/2/2 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Documents and Settings\Administrator\桌面\tcpmapping.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe C:\Documents and Settings\Administrator\桌面\好用軟體\BT_ENGINE_6.55\BT_ENGINE_6.55\btengine.exe C:\Program Files\Rising\Rav\Rav.exe C:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis.exe C:\Program Files\Rising\Rav\Smartup.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [TCPMapping] "C:\Documents and Settings\Administrator\桌面\tcpmapping.exe" /minimize O4 - HKLM\..\Run: [BTEngine] C:\Documents and Settings\Administrator\桌面\BT_ENGINE_6.55\BT_ENGINE_6.55\\btengine.exe O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\AliveCenter.exe O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{063AF115-6B7A-4C5A-8C3E-0275047D6B46}: NameServer = 168.95.192.1 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{4C863DA2-1FBA-46AA-BE47-1895C89BEA8D}: NameServer = 168.95.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{063AF115-6B7A-4C5A-8C3E-0275047D6B46}: NameServer = 168.95.192.1 168.95.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - (no file) O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe x0 |
引用 | 編輯
andyzung
2007-02-02 00:17 |
3樓
▲ ▼ |
複製程式
2007-02-02,00:15:21 System Repair Engineer 2.3.13.690 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation] <Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.] <updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1> [N/A] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.] <TCPMapping><"C:\Documents and Settings\Administrator\桌面\tcpmapping.exe" /minimize> [Robot51.com] <BTEngine><C:\Documents and Settings\Administrator\桌面\BT_ENGINE_6.55\BT_ENGINE_6.55\\btengine.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <TCPMapping><; "C:\Documents and Settings\Administrator\桌面\tcpmapping.exe" /minimize> [Robot51.com] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <Yahoo! Pager><; "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.] ================================== Startup Folders N/A ================================== Services [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.> [Kaspersky Internet Security 6.0 / AVP][Stopped/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab> [pcAnywhere Host Service / awhost32][Stopped/Manual Start] <><N/A> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [PDEngine / PDEngine][Stopped/Manual Start] <"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"><Raxco Software, Inc.> [PDScheduler / PDSched][Running/Auto Start] <"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"><Raxco Software, Inc.> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Symantec Network Drivers Service / SNDSrvc][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation> [StarWind iSCSI Service / StarWindService][Running/Auto Start] <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software> ================================== Drivers [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start] <system32\drivers\ALCXSENS.SYS><Sensaura> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [awecho / awecho][Running/System Start] <system32\drivers\awechomd.sys><Symantec Corporation> [awlegacy / awlegacy][Running/System Start] <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation> [AW_HOST / AW_HOST][Stopped/Disabled] <system32\drivers\aw_host5.sys><Symantec Corporation> [BaseTDI / BaseTDI][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start] <system32\DRIVERS\dlkfet5b.sys><D-Link> [hardlock / hardlock][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems> [Haspnt / Haspnt][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [IMMDRV / IMMDRV][Stopped/Manual Start] <\??\C:\Program Files\Filseclab\Twister\immdrv.sys><N/A> [kl1 / kl1][Running/Boot Start] <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab> [klif / klif][Running/System Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [KWatch3 / KWatch3][Running/System Start] <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星?件有限公司> [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start] <system32\drivers\npf.sys><Politecnico di Torino> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions> [Ramdisk [ QSoft ] / Ramdisk][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ramdisk.sys><QSoft [ Qualitative Software ]> [Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start] <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SiS315 / SiS315][Running/Manual Start] <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation> [SiS AGP Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation> [siside / siside][Running/Boot Start] <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.> [SiSkp / SiSkp][Running/System Start] <system32\drivers\srvkp.sys><Silicon Integrated Systems Corporation> [smrkbdd / smrkbdd][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\smrkbdd.sys><N/A> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation> [SYMDNS / SYMDNS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation> [SymEvent / SymEvent][Stopped/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A> [SYMFW / SYMFW][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation> [SYMIDS / SYMIDS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation> [SYMIDSCO / SYMIDSCO][Stopped/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20041209.018\symidsco.sys><N/A> [SYMNDIS / SYMNDIS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation> [SYMREDRV / SYMREDRV][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation> [SYMTDI / SYMTDI][Running/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation> [TCP/IP Protocol Driver / Tcpip][Running/System Start] <system32\DRIVERS\tcpip.sys><Microsoft Corporation> [TSP / TSP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab> [Vax347b / Vax347b][Running/Boot Start] <\SystemRoot\system32\DRIVERS\Vax347b.sys><> [Vax347s / Vax347s][Running/Boot Start] <\SystemRoot\System32\Drivers\Vax347s.sys><> [vncdrv / vncdrv][Stopped/Manual Start] <system32\DRIVERS\vncdrv.sys><RDV Soft> [世界標準電傳轉碼器 / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation> [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\common\yinsthelper.dll, Yahoo! Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, > [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.> [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\QTPlugin.ocx, Apple Computer, Inc.> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, N/A> [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation> [YInstStarter Class] {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\Program Files\Yahoo!\common\yinsthelper.dll, Yahoo! Inc.> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet1\tools\BitCometBHO.dll, BitComet> [&Yahoo! Messenger] {4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\PROGRA~1\Yahoo!\common\yhexbmestw.dll, N/A> [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation> [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <, N/A> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Microsoft Shell UI Helper] {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation> [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [AquaRealOcx Control] {7DB39A0D-580F-4BE9-9195-8BFCD226F6C2} <, N/A> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation> [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation> [Java Plug-in 1.5.0_02] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll, Sun Microsystems, Inc.> [Windows Live Safety Center Control Module] {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <, N/A> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMX Moniker Class] {CD3AFA93-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Live Sign-in Control] {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [GetInfo Class] {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\PROGRA~1\Yahoo!\common\yverinfo.dll, Yahoo! Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> ================================== Running Processes [PID: 1084][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1156][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1180][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 1224][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1236][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [PID: 1396][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1464][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [PID: 1568][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 1584][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, N/A] [PID: 1676][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [PID: 1832][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1876][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\PROGRA~1\Yahoo!\common\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4] [C:\Documents and Settings\Administrator\Application Data\Foxy\LinkMaker.dll] [N/A, 1, 0, 9, 0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.91.12] [C:\Program Files\Xi\NetTransport 2\MFC42.DLL] [Microsoft Corporation, 6.00.9782.0] [C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax] [N/A, 1.0.2.2012] [C:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll] [Gabest, 1, 0, 1, 3] [PID: 1888][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 6] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18] [C:\Program Files\Rising\Rav\HOOKSYS.dll] [Rising, 18, 1, 0, 9] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8] [C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 4] [C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8] [PID: 224][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 464][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [PID: 688][C:\WINDOWS\system32\netdde.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 364][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe] [Symantec Corporation, 5.4.4.17] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 5.4.4.17] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [PID: 1240][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, N/A] [PID: 1560][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe] [Rocket Division Software, 2.6.1 Build 0x20050401] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [PID: 1968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1652][C:\Program Files\Raxco\PerfectDisk\PDSched.exe] [Raxco Software, Inc., 7, 0, 0, 31] [C:\Program Files\Raxco\PerfectDisk\PDCommon.dll] [Raxco Software, Inc., 7, 0, 0, 31] [C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll] [Raxco Software, Inc., 7, 0, 0, 31] [C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll] [Raxco Software, Inc., 7, 0, 0, 31] [C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll] [Raxco Software, Inc., 7, 0, 0, 31] [PID: 1076][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\System32\nl_msgc.dll] [N/A, N/A] [PID: 2544][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 2616][C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe] [Antiy Labs, 2, 1, 0, 0] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 2656][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 99] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 2980][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.0.0812.00] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\MSN Messenger\MSIMG32.dll] [Patchou, 4, 11, 0, 254] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 11, 0, 254] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, N/A] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 11, 0, 254] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, N/A] [C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, N/A] [PID: 4080][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 2368][C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe] [Yahoo! Inc., 8,1,0,0] [C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\Yahoo!\MESSEN~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Yahoo!\Shared\YbSkin2.dll] [Yahoo! Inc., 2006, 10, 11, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\Yahoo!\MESSEN~1\res_msgr.dll] [Yahoo! Inc., 8,5,0,1] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 3096][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3184][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.1: 2006120418] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\PROGRA~1\MOZILL~1\nssckbi.dll] [Mozilla Foundation, 1.62] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [PID: 2716][C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe] [N/A, N/A] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [PID: 3260][C:\Documents and Settings\Administrator\桌面\好用軟體\BT_ENGINE_6.55\BT_ENGINE_6.55\btengine.exe] [N/A, N/A] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299] [c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299] [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299] [PID: 3032][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 46] [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 51] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Rising\Rav\RavUIMsg.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22] [C:\Program Files\Rising\Rav\RavQu.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\PSAPI.DLL] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23] [C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15] [C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 8008][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\WINDOWS\system32\CHEWING.IME] [N/A, 0, 3, 2, 2] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, N/A] [C:\WINDOWS\system32\nl_msgc.dll] [N/A, N/A] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider NL MSAFD Tcpip [TCP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) NL MSAFD Tcpip [UDP/IP] C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) NL MSAFD Tcpip [RAW/IP] C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) NL RSVP UDP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) NL RSVP TCP Service Provider C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) NL LSP C:\Program Files\NetLimiter\nl_lsp.dll(N/A, N/A) ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== API HOOK N/A ================================== x0 |
引用 | 編輯
upside
2007-02-02 00:52 |
5樓
▲ ▼ |
從日誌來看 並無大礙
關於這個檔案 可能是被加上去的 c:\windows\smss.exe 可以試試以下檔案 如果不行的話 再製作成專殺工具 建議到安全模式下使用 較佳 Killbox強力刪除工具 killbox下載 Unlocker強力卸載刪除工具 Unlocker下載 冰刃IceSword下載及使用幫助 x0 |
引用 | 編輯
Kilian
2007-02-02 11:52 |
6樓
▲ ▼ |
下面是引用andyzung於2007-02-1 03:47發表的 我中了smss.exe殺不掉~怎辦: 有沒有去安全模式清除? smss.exe (在 system32) 是 Windows NT session manager, 不能只刪掉, 要補上個正常的 x0 |
引用 | 編輯
andyzung
2007-02-02 20:15 |
7樓
▲ ▼ |
補充一下~~狀況和這個一樣
http://www.jjgjj.com/user1/4gej/archives/2006/1601.html 我有使用unlocker強制刪掉smss.exe這個資料夾了 不過我想應該治標不治本 多補充一下~~C:\windows底下不只多了smss.exe資料夾 還有一堆1.com 2.sys 3.xxx .............................情形一樣 有人說中了威金~~不過去找殺威金的也沒啥作用................... 唯一只知道它一定來自大陸~~所有技術相關資料都出自簡體網頁 x0 |
引用 | 編輯
upside
2007-02-02 21:55 |
10樓
▲ ▼ |
原來如此 在中此毒之前 是否有使用過 小弟所製作過的程式
如果是的話 那就是該防毒程式的誤判 因為 小弟所製作的批次查殺工具 有特別加上此功能 就是會建立此資料夾並且設成唯讀 用意在於 真正的威金病毒 是會建立此檔案 再進行系統感染 故小弟的設計 就是先解除該病毒 最後再設立此資料夾 以免日後 若再中威金病毒之時 會建立此檔案 當威金病毒 要開始感染系統時 會先檢查此檔案是否已建立 若已建立則不會動作 讓威金病毒也會誤判 以達到防護的效果 但此法可能也造成 防毒程式的誤判 因為系統內的確不可能會出現此檔案或資料夾 防毒程式竟然也使用檔名來判斷 所以造成誤判 並非特徵比對法 此法造成大大的不便 深感抱歉 請稍候一下 小弟另外製作解除工具 x0 |
引用 | 編輯
andyzung
2007-02-02 22:38 |
11樓
▲ ▼ |
哈哈~~我也剛好剛才用安全模式掃的時候不小心喵到問題點(安全模式程式跑的慢)
~~我還以為是大大放毒的勒~~~ 因為在3.bat裡面出現的指令和我出現的目錄名稱一模一樣~~~而且刪不掉~~ 指令如下~~ 才會在我家三台電腦都出現相同的目錄~~不過別台刪的掉~~這台被設成唯讀~~ 用unlocker刪掉後重開機又跑出來了~~ 對了~那我現在有目錄建立後應該不會在中威金毒了嗎??? 總算虛驚一場~~ps:即時通掃木馬程式掃到的 md %systemroot%\1.com cacls %systemroot%\1.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\sws32.dll cacls %systemroot%\sws32.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\kill.exe cacls %systemroot%\kill.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\EXP10RER.com cacls %systemroot%\10RER.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\finders.com cacls %systemroot%\finders.com /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\Shell.sys cacls %systemroot%\Shell.sys /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\Logo_.exe cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\Logo_.exe cacls %systemroot%\0Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\1Sy.exe cacls %systemroot%\1Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\2Sy.exe cacls %systemroot%\2Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\3Sy.exe cacls %systemroot%\3Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\4Sy.exe cacls %systemroot%\4Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\5Sy.exe cacls %systemroot%\5Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\6Sy.exe cacls %systemroot%\6Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\7Sy.exe cacls %systemroot%\7Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\8Sy.exe cacls %systemroot%\8Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\9Sy.exe cacls %systemroot%\9Sy.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\exerouter.exe cacls %systemroot%\exerouter.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\Logo1_.exe cacls %systemroot%\Logo1_.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\rundl132.exe cacls %systemroot%\rundl132.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\rundll32.exe cacls %systemroot%\rundll32.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\smss.exe cacls %systemroot%\smss.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\vDll.dll cacls %systemroot%\vDll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\Dll.dll cacls %systemroot%\Dll.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md "C:\Program Files\svhost32.exe" cacls "C:\Program Files\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md "C:\Program Files\Intel\rundll32.exe" cacls "C:\Program Files\Intel\rundll32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md "C:\Program Files\Intel\svhost32.exe" cacls "C:\Program Files\Intel\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md "C:\Program Files\Microsoft\svhost32.exe" cacls "C:\Program Files\Microsoft\svhost32.exe" /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\system32\richnotify.exe cacls %systemroot%\system32\richnotify.exe /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\system32\reshtm.dll cacls %systemroot%\system32\reshtm.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\system32\resPro.dll cacls %systemroot%\system32\resPro.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS md %systemroot%\stdie.dll cacls %systemroot%\stdie.dll /T /E /C /R everyone ADMINISTRATORS ADMINISTRATOR SYSTEM GUEST USERS x0 |