[Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\OCINS\srchsp.dll] [中国互联网络信息中心(CNNIC), 2, 6, 0, 0]
[C:\WINDOWS\system32\WINWB98.IME] [Microsoft Corporation, 5.00.2000.3]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 5.00.2000.3]
[C:\WINDOWS\system32\SURIME.IME] [Windows (R) 2000 DDK provider, 5.00.2195.1]
[PID: 3436 / ychun][D:\RIZI\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[D:\RIZI\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2180, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2180, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2972, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2972, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3064, C:\PROGRAM FILES\MICROSOFT CHINESE DATE & TIME\ICALCLK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3064, C:\PROGRAM FILES\MICROSOFT CHINESE DATE & TIME\ICALCLK.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1208, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1208, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 272, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 272, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1124, D:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1124, D:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE]
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x010A1FFD)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x010A20E5)
==================================
隐藏进程
N/A
==================================
[/CODE]//////////////////// 以下为查杀方法 ///////////////////// ==================================
删除驱动程序
[9mw / 9mwc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\9mwc.sys><N/A>
[achiiggg / achiiggg][Stopped/Boot Start]
<\SystemRoot\system32\drivers\achiiggg.sys><N/A>
[ajjfigjb / ajjfigjb][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ajjfigjb.sys><N/A>
[apcdli / apcdli][Running/Auto Start]
<\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[cfhciche / cfhciche][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cfhciche.sys><N/A>
[ffiaaehd / ffiaaehd][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ffiaaehd.sys><N/A>
[fheacaag / fheacaag][Stopped/Boot Start]
<\SystemRoot\system32\drivers\fheacaag.sys><N/A>
==================================
删除浏览器加载项
[]
{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3} <C:\WINDOWS\system32\dgwzszctiq.dll, N/A>
[]
{9A568672-D437-469E-86C2-F6E4A1156071} <C:\WINDOWS\system32\ehoyoacbhp.dll, N/A>
[]
{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3} <C:\WINDOWS\system32\dgwzszctiq.dll, N/A>
[]
{9A568672-D437-469E-86C2-F6E4A1156071} <C:\WINDOWS\system32\ehoyoacbhp.dll, N/A
==================================
删除以上对应的文件
==================================
[NetworkX / NetworkX][Running/System Start]
<\SystemRoot\system32\ckldrv.sys><N/A>这项不确定
==================================
上一页 [1] [2] [3] [4] [5] [6] [7] |
