关于www.71791.com这个垃圾网站【求助】 bbs.ikaka.com

菜鸟级大虾 - 2006-4-14 8:12:00

http://www.71791.com 就这个破网址过几分钟就会自动跳出一次
我这个菜鸟用IE修复专家修复了N次用瑞星诺盾查也查不到~~~~~
希望哪位大虾救救我~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
要不又得重装系统了.... 前两天刚装了遍~~~~汗............

不言放弃 - 2006-4-14 8:17:00

【回复“菜鸟级大虾”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
(1楼附件)
下载HIJACKTHIS
导出全部日志

菜鸟级大虾 - 2006-4-14 8:32:00

【回复“不言放弃”的帖子】
这是导出的日志；
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 8:29:09, 日期 2006-4-14
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\bea\jdk142_05\jre\bin\javaw.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\CMD.EXE
C:\WINNT\system32\conime.exe
D:\bea\JDK142~1\bin\java.exe
C:\WINNT\system32\CMD.EXE
D:\bea\JDK142~1\bin\java.exe
D:\bea\JDK142~1\bin\java.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\Temp\Rar$EX00.781\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - 启动项HKLM\\Run: [MSService] svchest.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F112F085-434B-4E0F-80BB-4D8B87BF35E4}: NameServer = 202.102.134.68,202.102.154.3
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Remote Internet Service (Msisvr) - Unknown owner - C:\WINNT\system32\INTasks.exe
O23 - NT 服务: Norton AntiVirus 客户端 (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - NT 服务: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.exe (file missing)
O23 - NT 服务: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)

不言放弃 - 2006-4-14 8:40:00

【回复“菜鸟级大虾”的帖子】
修复
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O4 - 启动项HKLM\\Run: [MSService] svchest.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - NT 服务: Remote Internet Service (Msisvr) - Unknown owner - C:\WINNT\system32\INTasks.exe

开始－－控制面板－－性能和维护－－管理工具－－服务
禁用Remote Internet Service (Msisvr)

进入注册表
展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
找到后删除Msisvr文件夹

删除
C:\WINNT\system32\INTasks.exe
C:\WINNT\system32\iexplore.exe
C:\WINNT\system32\winpub.reg
C:\WINNT\system32\svchest.exe
C:\WINNT\system32\msinetes.inf

提示：
若正常模式下无法解决
建议进入安全模式下操作

菜鸟级大虾 - 2006-4-14 9:04:00

禁用Remote Internet Service (Msisvr)
没有这项服务
有Remote Internet Service 这项服务是否要禁用？
C:\WINNT\system32\iexplore.exe 这个文件没有找到
在这个目录下C:\WINNT\system32\dllcache有iexplore.exe 这个文件是否要删除呀？
其他项都照做啦~~~~~~~~

zq77 - 2006-4-14 9:11:00

禁用Remote Internet Service
打开隐藏项删除C:\WINNT\system32\iexplore.exe
C:\WINNT\system32\dllcache有iexplore.exe 这是正常文件

不言放弃 - 2006-4-14 9:13:00

【回复“菜鸟级大虾”的帖子】
打开我的电脑
在工具栏中点击－－工具－－文件夹选项－－查看
勾选“显示所有文件及文件夹”
同时把“隐藏受保护的操作系统文件（推荐）”前的勾去掉
然后再进行查找一下

若找不到就算了
找能够找到的删除

菜鸟级大虾 - 2006-4-14 9:23:00

那个网址还是自动弹出来。。。。。。。。。
C:\WINNT\system32\iexplore.exe 打开了隐藏项和隐藏受保护的操作系统文件（推荐）还是没找到这个文件
Remote Internet Service这项服务以禁用
我又用HIJACKTHIS 导出了一遍日志：

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 9:20:21, 日期 2006-4-14
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\bea\jdk142_05\jre\bin\javaw.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\CMD.EXE
C:\WINNT\system32\conime.exe
D:\bea\JDK142~1\bin\java.exe
C:\WINNT\system32\CMD.EXE
D:\bea\JDK142~1\bin\java.exe
D:\bea\JDK142~1\bin\java.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Super Rabbit\MagicSet\magicset.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\Temp\Rar$EX00.328\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F112F085-434B-4E0F-80BB-4D8B87BF35E4}: NameServer = 202.102.134.68,202.102.154.3
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Norton AntiVirus 客户端 (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - NT 服务: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.exe (file missing)
O23 - NT 服务: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)

http://www.71791.com 这个网址。。我真受够了！

不言放弃 - 2006-4-14 9:27:00

【回复“菜鸟级大虾”的帖子】
若按照3楼的操作
应该能够解决问题啊

进入注册表
搜索http://www.71791.com
找到后全部删除

菜鸟级大虾 - 2006-4-14 9:34:00

我搜索了一遍注册表
没有关于http://www.71791.com的项目
这个网址几分钟就跳出一次
能给我讲讲是为什么吗？

菜鸟级大虾 - 2006-4-14 9:35:00

有的时候他自动打开的还会是
http://www.71791.com/new 这样的

不言放弃 - 2006-4-14 9:36:00

【回复“菜鸟级大虾”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

菜鸟级大虾 - 2006-4-14 9:47:00

因为说回复内容过长分两次回复撒
2006-04-14,09:43:28

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows 2000 Server Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IgfxTray><C:\WINNT\System32\igfxtray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HotKeysCmds><C:\WINNT\System32\hkcmd.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<vptray><C:\Program Files\NavNT\vptray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService><svchest.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[DefWatch / DefWatch]
<C:\Program Files\NavNT\defwatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Remote Internet Service / Msisvr]
<2 - 系统找不到指定的文件。
><N/A>
[Norton AntiVirus 客户端 / Norton AntiVirus Server]
<C:\Program Files\NavNT\rtvscan.exe><Symantec Corporation>
[OracleOraDb10g_home1TNSListener / OracleOraDb10g_home1TNSListener]
<C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR ><N/A>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache]
<D:\oracle\ora81\BIN\ONRSD.EXE><N/A>
[Smart Card Helper / SCardDrv]
<C:\WINNT\system32\scardsvr32.exe -v><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[百万图库]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/star, N/A>
[铃声图片下载]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================

菜鸟级大虾 - 2006-4-14 9:48:00

正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 188][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 208][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898>
[C:\WINNT\System32\NavLogon.dll] <N/A><N/A>
[PID: 236][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 248][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[PID: 428][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 456][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[PID: 484][C:\WINNT\System32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[D:\oracle\ora81\bin\ociw32.dll] <Oracle Corporation><8.1.7.0.0>
[PID: 592][C:\WINNT\System32\cisvc.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 608][C:\Program Files\NavNT\defwatch.exe] <Symantec Corporation><7, 50, 0, 1>
[PID: 624][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 660][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.6697>
[PID: 852][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxress.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\s32lucp1.cpl] <Symantec Corporation><1.5.3.11>
[C:\Program Files\Tencent\QQ\qdshm.dll] <><1, 0, 1, 2>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\TuneUp Utilities 2006\sdshelex.dll] <TuneUp Software GmbH><1.0.0.253>
[C:\Program Files\TuneUp Utilities 2006\rtl60.bpl] <Borland Software Corporation><6.0.6.241>
[C:\Program Files\TuneUp Utilities 2006\vcl60.bpl] <Borland Software Corporation><6.0.6.240>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><7.50.00.846>
[PID: 680][C:\Program Files\NavNT\rtvscan.exe] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\Dec2.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2ARJ.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2ID.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2LHA.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\SymLHA.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2LZ.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2MIME.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2Zip.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2AMG.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\SYMAMG32.DLL] <Symantec Corporation with portions by FUJITSU DEVICES INC.><2.16.0.45>
[C:\Program Files\NavNT\Dec2UUE.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2SS.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2RTF.dll] <Symantec Corporation><2.16.0.45>
[C:\WINNT\system32\CBA.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\MsgSys.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\NTS.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\PDS.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\Program Files\NavNT\NAVLU.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\NavNT\i2ldvp3.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVAPI32.DLL] <Symantec Corp.><4.1.0.6>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060223.009\NAVEX32a.DLL] <Symantec Corporation><20051.3.1.11>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060223.009\NAVENG32.DLL] <Symantec Corporation><20051.3.1.11>
[C:\Program Files\NavNT\NAVAP32.DLL] <Symantec Corporation><5.3.1.39>
[C:\WINNT\system32\amslib.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\loc32vc0.dll] <Intel><3, 0, 0, 2>
[PID: 896][C:\WINNT\System32\hkcmd.exe] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\hccutils.DLL] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxdev.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxsrvc.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxhk.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxres.dll] <Intel Corporation><3.0.0.4020>
[PID: 900][C:\Program Files\NavNT\vptray.exe] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\Cliscan.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\NavNT\Cliproxy.dll] <Symantec Corporation><7.50.00.846>
[PID: 944][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] <Sun Microsystems, Inc.><5.0.60.5>
[PID: 976][C:\WINNT\system32\ctfmon.exe] <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
[PID: 912][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 952][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[PID: 1028][C:\WINNT\system32\tlntsvr.exe] <Microsoft Corporation><5.00.99206.1>
[PID: 1084][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 1096][C:\WINNT\system32\mspmspsv.exe] <Microsoft Corporation><7.10.00.3059>
[PID: 1120][C:\WINNT\system32\Dfssvc.exe] <Microsoft Corporation><5.00.2195.6664>
[PID: 1424][C:\WINNT\system32\MsgSys.EXE] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\NTS.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\CBA.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\MsgSys.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\PDS.DLL] <Intel Corporation><6.0.201.0940 E>
[PID: 1508][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1580][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 740][D:\bea\jdk142_05\jre\bin\javaw.exe] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\client\jvm.dll] <Sun Microsystems, Inc.><1.4.2.50>
[D:\bea\jdk142_05\jre\bin\hpi.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\verify.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\java.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\zip.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\awt.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\fontmanager.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\jpeg.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\cmm.dll] <N/A><N/A>
[D:\bea\weblogic81\workshop\ws_native.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\net.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\nio.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\dcpr.dll] <N/A><N/A>
[PID: 1568][C:\WINNT\System32\cidaemon.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1712][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 584][C:\Program Files\Thunder Network\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.4.174>
[C:\Program Files\Thunder Network\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder Network\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 66>
[C:\Program Files\Thunder Network\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[C:\Program Files\Thunder Network\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[C:\Program Files\Thunder Network\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[C:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\Program Files\Thunder Network\Thunder\iEmbed.dll] <Thunder Networking Technologies,LTD><1, 1, 0, 22>
[C:\Program Files\Thunder Network\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[C:\Program Files\Thunder Network\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder Network\Thunder\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 59>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2288][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2108][C:\Program Files\Super Rabbit\MagicSet\magicset.exe] <Super Rabbit Soft><7.46>
[PID: 2312][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE] <Super Rabbit Soft><7.46>
[C:\WINNT\system32\shlobj71.ocx] <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
[PID: 2324][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2476][D:\Temp\Rar$EX01.532\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

菜鸟级大虾 - 2006-4-14 9:49:00

正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 188][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 208][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898>
[C:\WINNT\System32\NavLogon.dll] <N/A><N/A>
[PID: 236][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 248][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[PID: 428][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 456][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[PID: 484][C:\WINNT\System32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[D:\oracle\ora81\bin\ociw32.dll] <Oracle Corporation><8.1.7.0.0>
[PID: 592][C:\WINNT\System32\cisvc.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 608][C:\Program Files\NavNT\defwatch.exe] <Symantec Corporation><7, 50, 0, 1>
[PID: 624][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 660][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.6697>
[PID: 852][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxress.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3.0.0.4020>
[C:\WINNT\system32\s32lucp1.cpl] <Symantec Corporation><1.5.3.11>
[C:\Program Files\Tencent\QQ\qdshm.dll] <><1, 0, 1, 2>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\TuneUp Utilities 2006\sdshelex.dll] <TuneUp Software GmbH><1.0.0.253>
[C:\Program Files\TuneUp Utilities 2006\rtl60.bpl] <Borland Software Corporation><6.0.6.241>
[C:\Program Files\TuneUp Utilities 2006\vcl60.bpl] <Borland Software Corporation><6.0.6.240>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><7.50.00.846>
[PID: 680][C:\Program Files\NavNT\rtvscan.exe] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\Dec2.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2ARJ.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2ID.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2LHA.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\SymLHA.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2LZ.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2MIME.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2Zip.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2AMG.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\SYMAMG32.DLL] <Symantec Corporation with portions by FUJITSU DEVICES INC.><2.16.0.45>
[C:\Program Files\NavNT\Dec2UUE.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2SS.dll] <Symantec Corporation><2.16.0.45>
[C:\Program Files\NavNT\Dec2RTF.dll] <Symantec Corporation><2.16.0.45>
[C:\WINNT\system32\CBA.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\MsgSys.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\NTS.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\PDS.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\Program Files\NavNT\NAVLU.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\NavNT\i2ldvp3.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVAPI32.DLL] <Symantec Corp.><4.1.0.6>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060223.009\NAVEX32a.DLL] <Symantec Corporation><20051.3.1.11>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060223.009\NAVENG32.DLL] <Symantec Corporation><20051.3.1.11>
[C:\Program Files\NavNT\NAVAP32.DLL] <Symantec Corporation><5.3.1.39>
[C:\WINNT\system32\amslib.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\loc32vc0.dll] <Intel><3, 0, 0, 2>
[PID: 896][C:\WINNT\System32\hkcmd.exe] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\hccutils.DLL] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxdev.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxsrvc.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxhk.dll] <Intel Corporation><3.0.0.4020>
[C:\WINNT\System32\igfxres.dll] <Intel Corporation><3.0.0.4020>
[PID: 900][C:\Program Files\NavNT\vptray.exe] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\Cliscan.dll] <Symantec Corporation><7.50.00.846>
[C:\Program Files\NavNT\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\Program Files\NavNT\Cliproxy.dll] <Symantec Corporation><7.50.00.846>
[PID: 944][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] <Sun Microsystems, Inc.><5.0.60.5>
[PID: 976][C:\WINNT\system32\ctfmon.exe] <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>

菜鸟级大虾 - 2006-4-14 9:49:00

[PID: 912][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 952][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[PID: 1028][C:\WINNT\system32\tlntsvr.exe] <Microsoft Corporation><5.00.99206.1>
[PID: 1084][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 1096][C:\WINNT\system32\mspmspsv.exe] <Microsoft Corporation><7.10.00.3059>
[PID: 1120][C:\WINNT\system32\Dfssvc.exe] <Microsoft Corporation><5.00.2195.6664>
[PID: 1424][C:\WINNT\system32\MsgSys.EXE] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\NTS.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\CBA.DLL] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\MsgSys.dll] <Intel Corporation><6.0.201.0940 E>
[C:\WINNT\system32\PDS.DLL] <Intel Corporation><6.0.201.0940 E>
[PID: 1508][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1580][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 740][D:\bea\jdk142_05\jre\bin\javaw.exe] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\client\jvm.dll] <Sun Microsystems, Inc.><1.4.2.50>
[D:\bea\jdk142_05\jre\bin\hpi.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\verify.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\java.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\zip.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\awt.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\fontmanager.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\jpeg.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\cmm.dll] <N/A><N/A>
[D:\bea\weblogic81\workshop\ws_native.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\net.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\nio.dll] <N/A><N/A>
[D:\bea\jdk142_05\jre\bin\dcpr.dll] <N/A><N/A>
[PID: 1568][C:\WINNT\System32\cidaemon.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1712][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 584][C:\Program Files\Thunder Network\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.4.174>
[C:\Program Files\Thunder Network\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder Network\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 66>
[C:\Program Files\Thunder Network\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[C:\Program Files\Thunder Network\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[C:\Program Files\Thunder Network\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[C:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\Program Files\Thunder Network\Thunder\iEmbed.dll] <Thunder Networking Technologies,LTD><1, 1, 0, 22>
[C:\Program Files\Thunder Network\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[C:\Program Files\Thunder Network\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder Network\Thunder\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 59>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2288][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2108][C:\Program Files\Super Rabbit\MagicSet\magicset.exe] <Super Rabbit Soft><7.46>
[PID: 2312][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE] <Super Rabbit Soft><7.46>
[C:\WINNT\system32\shlobj71.ocx] <Sky Software (http://www.ssware.com)><7, 1, 0, 0>
[PID: 2324][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] <Sun Microsystems, Inc.><5.0.60.5>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2476][D:\Temp\Rar$EX01.532\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

不言放弃 - 2006-4-14 10:02:00

【回复“菜鸟级大虾”的帖子】
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService><svchest.exe>
这个自启动项还存在啊

[Remote Internet Service / Msisvr]
这个服务也存在啊

＝＝＝＝＝＝＝＝＝＝＝＝＝＝

开始－－控制面板－－性能和维护－－管理工具－－服务
禁用Remote Internet Service (Msisvr)

进入注册表
展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
找到后删除Msisvr文件夹

进入注册表
展开[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
删除<MSService><svchest.exe>

删除
C:\WINNT\system32\INTasks.exe
C:\WINNT\system32\svchest.exe

菜鸟级大虾 - 2006-4-14 10:24:00

Remote Internet Service (Msisvr)还是没有这想服务
有这项服务：Remote Internet Service 当我想对他操作时出现对话框说
“配置管理器：丢失注册表中的一个需要的项或尝试写入注册表失败”
就一个确定按钮点击后出现另一个对话框说
“系统找不到指定的文件”

注册表中的HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msisvr 的这个文件夹我确信我第1次就删除了看完这次回复我打开注册表又有了现在已经删除了
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run<MSService><svchest.exe> 注册表中的这两项没有找到

C:\WINNT\system32\INTasks.exe
C:\WINNT\system32\svchest.exe这两个文件已经删除

不言放弃 - 2006-4-14 10:28:00

【回复“菜鸟级大虾”的帖子】
重启后按我的回贴再操作一下

zq77 - 2006-4-14 10:29:00

控制面版----性能和维护---管理工具----服务----禁止Remote Internet Service 的服务

菜鸟级大虾 - 2006-4-14 10:47:00

重起后：
Remote Internet Service 这项服务没有了

进入注册表
展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
找到后删除Msisvr文件夹
进入注册表
展开[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
删除<MSService><svchest.exe>
注册表里的这几个文件也都没有了

C:\WINNT\system32\INTasks.exe
C:\WINNT\system32\svchest.exe
这俩文件也没了

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 10:46:07, 日期 2006-4-14
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tlntsvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\bea\jdk142_05\jre\bin\javaw.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\CMD.EXE
C:\WINNT\system32\conime.exe
D:\bea\JDK142~1\bin\java.exe
C:\WINNT\system32\CMD.EXE
D:\bea\JDK142~1\bin\java.exe
D:\bea\JDK142~1\bin\java.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\Temp\Rar$EX00.812\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F112F085-434B-4E0F-80BB-4D8B87BF35E4}: NameServer = 202.102.134.68,202.102.154.3
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Norton AntiVirus 客户端 (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - NT 服务: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR.exe (file missing)
O23 - NT 服务: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\WINNT\system32\scardsvr32.exe (file missing)

不言放弃 - 2006-4-14 10:49:00

【回复“菜鸟级大虾”的帖子】
日志已经没有问题
机器的问题是否已经得到解决？

菜鸟级大虾 - 2006-4-14 10:51:00

还不知道这个网址一般都是15分钟出现1次。。。汗。。。

菜鸟级大虾 - 2006-4-14 10:52:00

应该是 15分左右哈

菜鸟级大虾 - 2006-4-14 11:42:00

问题已经被解决
谢谢不言放弃和zq77给予的帮助

不言放弃 - 2006-4-14 12:18:00

【回复“菜鸟级大虾”的帖子】
安装专业杀软与防火墙
及时升级杀软与防火墙
打开杀软与防火墙的实时监控
及时系统更新
最重要的是要养成良好的上网习惯

瑞星卡卡安全论坛