灯泡速度进，木马如何删除

suzaihen · 发表于 2007-11-16 16:15:12

登陆游戏出现什么第三方木马修改游戏客服端什么的，我按照提示去论坛下了那个工具，
麻烦告诉我下我该怎么办

suzaihen · 发表于 2007-11-16 16:23:42

ver 1.1

Windows XP
注册表启动信息
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
switch                                              c:\windows\system32\壁纸自动换.exe
NvCplDaemon                                        RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz                                                 nwiz.exe /install
NvMediaCenter                                        RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
miniqqlive                                           "E:\QQ直拨\MiniQQLive.exe"
SnaStart                                           E:\杀毒\Antiunknown\SNAStart.exe /Startup
SNFRSSLV                                           E:\杀毒\Antiunknown\SNFRSSLV.exe
stup.exe                                           Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
360Safetray                                        C:\Program Files\360safe\safemon\360Tray.exe /start

===========================================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
loaddrv                                              E:\杀毒\Antiunknown\loaddrv.EXE

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe                                           C:\WINDOWS\system32\ctfmon.exe

===========================================
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
DebugOptions                                        2048
Documents
DosPrint                                           no
NetMessage                                           no
NullPort                                           None
Programs                                           com exe bat pif cmd

===========================================
系统进程列表
映像名称                                                       PID
F:\ProcessInfo.exe                                           0
System                                                       4
smss.exe                                                       528
csrss.exe                                                    656
winlogon.exe                                                 680
SERVICES.EXE                                                 724
LSASS.EXE                                                    736
SVCHOST.EXE                                                    884
SVCHOST.EXE                                                    932
SVCHOST.EXE                                                    1004
SVCHOST.EXE                                                    1104
SVCHOST.EXE                                                    1176
C:\WINDOWS\Explorer.EXE                                        1432
spoolsv.exe                                                    1480
C:\WINDOWS\system32\ctfmon.exe                               1520
nvsvc32.exe                                                    1768
alg.exe                                                       476
C:\WINDOWS\system32\RUNDLL32.EXE                               968
E:\QQ直拨\MiniQQLive.exe                                     976
C:\WINDOWS\system32\Rundll32.exe                               1056
C:\Program Files\360safe\safemon\360Tray.exe                   1064
E:\杀毒\Antiunknown\SNATask.EXE                               1152
E:\杀毒\Antiunknown\snatray.EXE                               780
E:\杀毒\Antiunknown\SYSWARN.EXE                               1284
C:\Program Files\Tencent\QQ\QQ.exe                            2540
C:\Program Files\Tencent\QQ\TIMPlatform.exe                   2656
C:\Program Files\Internet Explorer\iexplore.exe                3212
C:\Program Files\Thunder\Program\Thunder5.exe                4088
D:\Downloads\my.exe                                           2424
F:\ProcessInfo.exe                                           3832

suzaihen · 发表于 2007-11-16 16:40:03

梦幻西游进程信息
2424 my.exe
地址             长度             模块路径                                  模块描述                                           公司                                     版本
4194304          1318912          D:\Downloads\my.exe                      梦幻西游                                           Netease                                  1, 0, 0, 1
2089943040       606208          C:\WINDOWS\system32\ntdll.dll             NT Layer DLL                                        Microsoft Corporation                      5.1.2600.2180
2088763392       1167360          C:\WINDOWS\system32\kernel32.dll          Windows NT BASE API Client DLL                      Microsoft Corporation                      5.1.2600.3119
1561788416       630784          C:\WINDOWS\system32\COMCTL32.dll          Common Controls Library                            Microsoft Corporation                      6.00.2900.2982
2010775552       692224          C:\WINDOWS\system32\ADVAPI32.dll          Advanced Windows 32 Base API                         Microsoft Corporation                      5.1.2600.2180
2011496448       598016          C:\WINDOWS\system32\RPCRT4.dll             Remote Procedure Call Runtime                      Microsoft Corporation                      5.1.2600.3173
2013003776       69632          C:\WINDOWS\system32\Secur32.dll          Security Support Provider Interface                Microsoft Corporation                      5.1.2600.2180
2012151808       290816          C:\WINDOWS\system32\GDI32.dll             GDI Client DLL                                     Microsoft Corporation                      5.1.2600.3159
2010185728       585728          C:\WINDOWS\system32\USER32.dll             Windows XP USER API Client DLL                      Microsoft Corporation                      5.1.2600.3099
1982857216       118784          C:\WINDOWS\system32\IMM32.DLL             Windows XP IMM32 API Client DLL                      Microsoft Corporation                      5.1.2600.2180
1656881152       36864          C:\WINDOWS\system32\LPK.DLL                Language Pack                                        Microsoft Corporation                      5.1.2600.2180
1945763840       438272          C:\WINDOWS\system32\USP10.dll             Uniscribe Unicode script processor                   Microsoft Corporation                      1.0420.2600.2180
2008940544       360448          C:\WINDOWS\system32\msvcrt.dll             Windows NT CRT DLL                                  Microsoft Corporation                      7.0.2600.2180
1991311360       172032          C:\WINDOWS\system32\winmm.dll             MCI API DLL                                        Microsoft Corporation                      5.1.2600.2180
1906442240       94208          C:\WINDOWS\system32\WS2_32.dll             Windows Socket 2.0 32-Bit DLL                      Microsoft Corporation                      5.1.2600.2180
1906376704       32768          C:\WINDOWS\system32\WS2HELP.dll          Windows Socket 2.0 Helper for Windows NT             Microsoft Corporation                      5.1.2600.2180
2102984704       8335360          C:\WINDOWS\system32\SHELL32.dll          Windows Shell Common Dll                            Microsoft Corporation                      6.00.2900.3241
2012479488       483328          C:\WINDOWS\system32\SHLWAPI.dll          Shell Light-weight Utility Library                   Microsoft Corporation                      6.00.2900.3199
1998061568       1060864          C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll User Experience Controls Library                   Microsoft Corporation                      6.00.2900.2982
1524367360       225280          C:\WINDOWS\system32\uxtheme.dll          Microsoft UxTheme Library                            Microsoft Corporation                      6.00.2900.2180
620756992       73728          C:\WINDOWS\system32\gdjri32.dll
1986527232       663552          C:\WINDOWS\system32\WININET.DLL          Internet Extensions for Win32                      Microsoft Corporation                      6.00.2900.3199
1985871872       598016          C:\WINDOWS\system32\CRYPT32.dll          Crypto API32                                        Microsoft Corporation                      5.131.2600.2180
1994063872       73728          C:\WINDOWS\system32\MSASN1.dll             ASN.1 Runtime APIs                                  Microsoft Corporation                      5.1.2600.2180
1997471744       569344          C:\WINDOWS\system32\OLEAUT32.dll          【未知】                                           Microsoft Corporation                      5.1.2600.3139
1989738496       1298432          C:\WINDOWS\system32\ole32.dll             Microsoft OLE for Windows                            Microsoft Corporation                      5.1.2600.2726
39714816       86016          C:\WINDOWS\system32\gdjzi32.dll
39845888       98304          C:\WINDOWS\system32\gdwli32.dll
39976960       90112          C:\WINDOWS\system32\gdmoyi32.dll
41484288       315392          C:\WINDOWS\system32\gddhyi32.dll
1979645952       413696          C:\WINDOWS\system32\MSVCP60.DLL          Microsoft (R) C++ Runtime Library                   Microsoft Corporation                      6.02.3104.0
1992687616       163840          C:\WINDOWS\system32\IMAGEHLP.DLL          Windows NT Image Helper                            Microsoft Corporation                      5.1.2600.2180
268435456       118784          C:\Program Files\360safe\safemon\safemon.dll 360安全卫士实时保护模块                            奇虎网                                     3, 6, 4, 1001
40173568       167936          C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll                                                             TENCENT                                  5, 0, 1, 25
1952972800       307200          C:\WINDOWS\system32\MSCTF.dll             MSCTF Server DLL                                     Microsoft Corporation

suzaihen · 发表于 2007-11-16 16:43:44

5.1.2600.2180
40763392       77824          E:\杀毒\Antiunknown\snappp.dll
1935933440       188416          C:\WINDOWS\system32\msctfime.ime          Microsoft Text Frame Work Service IME                Microsoft Corporation                      5.1.2600.2180
1996095488       520192          C:\WINDOWS\system32\CLBCATQ.DLL          【未知】                                           Microsoft Corporation                      03.00.00.4414
1996619776       630784          C:\WINDOWS\system32\COMRes.dll             【未知】                                           Microsoft Corporation                      03.00.00.4414
2008875008       32768          C:\WINDOWS\system32\VERSION.dll          Version Checking and File Installation Libraries    Microsoft Corporation                      5.1.2600.2180
1245577216       151552          C:\WINDOWS\system32\winabc.ime             智能ABC输入法 5.0 版                               Microsoft Corporation                      5.1.2600.2180
1906049024       253952          C:\WINDOWS\System32\mswsock.dll          Microsoft Windows Sockets 2.0 Service Provider       Microsoft Corporation                      5.1.2600.2180
1995374592       159744          C:\WINDOWS\system32\DNSAPI.dll             DNS Client API DLL                                  Microsoft Corporation                      5.1.2600.2938
1995964416       32768          C:\WINDOWS\System32\winrnr.dll             LDAP RnR Provider DLL                               Microsoft Corporation                      5.1.2600.2180
1995636736       180224          C:\WINDOWS\system32\WLDAP32.dll          Win32 LDAP API DLL                                  Microsoft Corporation                      5.1.2600.2180
1996029952       24576          C:\WINDOWS\system32\rasadhlp.dll          Remote Access AutoDial Helper                      Microsoft Corporation                      5.1.2600.2938
41353216       65536          C:\WINDOWS\system32\videodevice.dll
1627193344       348160          C:\WINDOWS\system32\hnetcfg.dll          Home Networking Configuration Manager                Microsoft Corporation                      5.1.2600.2180
1906311168       32768          C:\WINDOWS\System32\wshtcpip.dll          Windows Sockets Helper DLL                         Microsoft Corporation                      5.1.2600.2180
285212672       5062656          D:\Downloads\mhmain.dll
1956839424       32768          C:\WINDOWS\system32\POWRPROF.dll          Power Profile Helper DLL                            Microsoft Corporation                      6.00.2900.2180
1993539584       98304          C:\WINDOWS\system32\iphlpapi.dll          IP Helper API                                        Microsoft Corporation                      5.1.2600.2912
76087296       1445888          D:\Downloads\fmodex.dll                   FMOD Ex SoundSystem                                  Firelight Technologies                   4.6.26
2008743936       86016          C:\WINDOWS\system32\MSACM32.dll          Microsoft ACM Audio Filter                         Microsoft Corporation                      5.1.2600.2180
1906573312       45056          C:\WINDOWS\system32\WSOCK32.dll          Windows Socket 32-Bit DLL                            Microsoft Corporation                      5.1.2600.2180
1592852480       835584          C:\WINDOWS\system32\OPENGL32.dll          OpenGL Client DLL                                  Microsoft Corporation                      5.1.2600.2180
1759641600       131072          C:\WINDOWS\system32\GLU32.dll             OpenGL Utility Library DLL                         Microsoft Corporation                      5.1.2600.2180
1936523264       299008          C:\WINDOWS\system32\DDRAW.dll             Microsoft DirectDraw                               Microsoft Corporation                      5.03.2600.2180
1941110784       24576          C:\WINDOWS\system32\DCIMAN32.dll          DCI Manager                                        Microsoft Corporation                      5.1.2600.2180
1944518656       376832          C:\WINDOWS\system32\DSOUND.dll             DirectSound                                        Microsoft Corporation                      5.3.2600.2180
1925775360       36864          C:\WINDOWS\system32\wdmaud.drv             WDM Audio driver mapper                            Microsoft Corporation                      5.1.2600.2180
1992294400       188416          C:\WINDOWS\system32\WINTRUST.dll          Microsoft Trust Verification APIs                   Microsoft Corporation                      5.131.2600.2180
1925709824       32768          C:\WINDOWS\system32\msacm32.drv          Microsoft Sound Mapper                               Microsoft Corporation                      5.1.2600.0
2008678400       28672          C:\WINDOWS\system32\midimap.dll          Microsoft MIDI Mapper                               Microsoft Corporation                      5.1.2600.2180
1944322048       16384          C:\WINDOWS\system32\KsUser.dll             User CSA Library                                     Microsoft Corporation                      5.3.2600.2180

cmt3197 · 发表于 2007-11-16 17:20:58

占个楼``

suzaihen · 发表于 2007-11-17 04:49:49

还没来解决`````

飘云狂风 · 发表于 2007-11-17 09:11:29

提示: 该帖被管理员或版主屏蔽

瑞瑞 · 发表于 2007-11-17 16:54:41

用杀毒软件杀毒喽

suzaihen · 发表于 2007-11-18 04:51:16

提示: 该帖被管理员或版主屏蔽

飘云狂风飘云狂风当前离线积分 3474 头像被屏蔽今日未签到	7楼发表于 2007-11-17 09:11:29 \| 只看该作者来自：广东提示: 该帖被管理员或版主屏蔽
飘云狂风飘云狂风当前离线积分 3474 头像被屏蔽今日未签到
	回复支持反对使用道具举报

suzaihen suzaihen 当前离线积分 54 头像被屏蔽今日未签到	9楼楼主\| 发表于 2007-11-18 04:51:16 \| 只看该作者来自：贵州提示: 该帖被管理员或版主屏蔽
suzaihen suzaihen 当前离线积分 54 头像被屏蔽今日未签到
	回复支持反对使用道具举报

灯泡速度进，木马如何删除

这是扫描的那个文件

接上

接上

浏览过的版块