中病毒了,请高人指点 bbs.ikaka.com

zysblm - 2006-6-15 11:22:00

每次开机用瑞星杀毒都会出现病毒病毒名称处理结果发现日期扫描方式路径文件病毒来源
Trojan.DL.Agent.akz 删除成功 2006-06-14 20:54 手动扫描 C:\WINDOWS\system32 pyjjkdll.dll 本机
Trojan.DL.Small.kmk 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\system32 PYJJKIME.exe 本机
Trojan.PSW.JHOnline.eom 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\system32 37943380.dll 本机
Trojan.PSW.ZhengTu.an 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\system32 37943396.exe 本机
Trojan.PSW.ZhengTu.an 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\inf mutou.exe 本机
Trojan.PSW.Zhengtu.q 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\inf 2006年6月14日18时7分58秒.dll 本机
Trojan.PSW.Zhengtu.q 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\inf 2006年6月14日19时2分14秒.dll 本机
Trojan.PSW.Zhengtu.q 删除成功 2006-06-14 20:55 手动扫描 C:\WINDOWS\inf mutou.dll 本机
Trojan.PSW.ZhengTu.an 删除成功 2006-06-14 20:56 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2B 4[1].exe 本机
Trojan.DL.Small.avd 删除成功 2006-06-14 20:56 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WTQFGHAV sogood[1].css 本机
Trojan.DL.Small.kmk 删除成功 2006-06-14 20:57 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\C1MV81MN FoxHelp[1].exe 本机
JS.DL.Agent.g 删除成功 2006-06-14 20:57 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\C1MV81MN 163zrlyc[1].htm 本机
Trojan.PSW.QQRobber.yk 删除成功 2006-06-14 20:57 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8DQRCLYZ 2[1].exe 本机
Trojan.PSW.ZhengTu.an 删除成功 2006-06-14 20:59 手动扫描 C: 1.exe 本机
Trojan.DL.Small.kmk 删除成功 2006-06-14 20:59 手动扫描 C: foxbase.exe 本机
Trojan.DL.Small.avd 删除成功 2006-06-14 20:59 手动扫描 C: WiNdOeRN.exe 本机
JS.DL.Agent.g 删除成功 2006-06-15 10:06 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2B 163zrlyc[1].htm 本机
Trojan.DL.Small.avd 删除成功 2006-06-15 10:07 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\C1MV81MN sogood[1].css 本机
Trojan.DL.Small.avd 删除成功 2006-06-15 10:09 手动扫描 C: WiNdOeRN.exe 本机
JS.DL.Agent.g 删除成功 2006-06-15 10:31 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SF8R6M6V 163zrlyc[1].htm 本机
JS.DL.Agent.g 删除成功 2006-06-15 10:54 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5H9ED097 163zrlyc[1].htm 本机
Trojan.DL.Small.avd 删除成功 2006-06-15 10:54 手动扫描 C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5D0TMS0H sogood[1].css 本机
Trojan.DL.Small.avd 删除成功 2006-06-15 10:56 手动扫描 C: WiNdOeRN.exe 本机
还会连接到一些网站.下面是HijackThis_zww汉化版扫描日志 V1.99.1
保存于 11:00:53, 日期 2006-6-15
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\System Safety Monitor\SYSSAFE.EXE
D:\杀毒\HijackThis1991zww.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: (no name) - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - (no file)
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - (no file)
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\BTCOMET0.60\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] D:\Program Files\Super Rabbit\Superr\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "D:\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [RavTask] ; "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\Program Files\Super Rabbit\Superr\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Microsoft TAP] ; C:\WINDOWS\system32\AppEvent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\ADBERDR705\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B11184F-C62F-4BFC-BBE8-FF60FDD5B364}: NameServer = 219.150.32.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{4673FCA0-804F-4C84-8AA1-A708B06E333D}: NameServer = 219.150.32.132 219.146.0.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC5A65E-16B2-4B0B-8CF8-DB3269E78CE7}: NameServer = 219.150.32.132,202.97.230.4
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: mctp - {D7B95390-B1C5-11D0-B111-0080C712FE82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe

大侠看看如何删除这个后门病毒

不言放弃 - 2006-6-15 11:32:00

【回复“zysblm”的帖子】
修复
O4 - HKCU\..\Run: [Microsoft TAP] ; C:\WINDOWS\system32\AppEvent.exe

删除
C:\WINDOWS\system32\AppEvent.exe
C:\WINDOWS\system32\appcheck.dll

另外
http://www.KZTechs.com/
下载System Repair Engineer
导出全部日志

zysblm - 2006-6-15 12:19:00

【回复“不言放弃”的帖子】谢谢大侠指点,可是C:\WINDOWS\system32\appcheck.dll
删不掉啊.提示有程序在使用2006-06-15,12:25:24

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Super Rabbit IEPro><; D:\Program Files\Super Rabbit\Superr\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
<Microsoft TAP><; C:\WINDOWS\system32\AppEvent.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KB83072651><C:\WINDOWS\system32\AppEvent.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit SRRestore><D:\Program Files\Super Rabbit\Superr\srrest.exe /autosave> [Super Rabbit Soft]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><; "D:\暴风影音\Storm Codec\StormSet.exe" /S /opti> []
<RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Royale.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><H>

==================================

zysblm - 2006-6-15 12:40:00

服务
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[一搜工具条]
{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <, N/A>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\BTCOMET0.60\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <D:\暴风影音\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[一搜工具条]
{115F6E46-FCBC-41ED-B3B5-3BDDD4AAB5E5} <, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Microsoft DirectAnimation Structured Graphics]
{369303C2-D7AC-11D0-89D5-00A0C90833E6} <C:\WINDOWS\system32\Daxctle.ocx, Microsoft Corporation>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <D:\BTCOMET0.60\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[EyeOnIE Class]
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <, N/A>

zysblm - 2006-6-15 12:40:00

[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[DragSearch BHO]
{EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 548][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 760][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 832][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 920][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 364][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1944][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1936][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[c:\program files\rising\rfw\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1716][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AppCheck.dll] <N/A><N/A>
[D:\ADBERDR705\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\ACDSee\picaview.dll] <ACD Systems, Ltd.><2, 0, 0, 78>
[C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] <ACD Systems, Ltd.><1, 3, 4, 22>
[C:\WINDOWS\system32\NDSShEx.dll] <KOAL Software><3, 0, 0, 0>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[PID: 3360][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3388][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2612][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE] <Microsoft Corporation><3.7.0.3083>
[PID: 3484][C:\Program Files\System Safety Monitor\SYSSAFE.EXE] <Max Computing><1.9.6.488
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[C:\Program Files\System Safety Monitor\SSM_Tray.DLL] <N/A><N/A>
[C:\Program Files\System Safety Monitor\Plugins\REGISTRYM.DLL] <Max Computing><1.1.0.0
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[C:\Program Files\System Safety Monitor\Plugins\STARTMENU.DLL] <Max Computing><1.0.0.0
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[C:\Program Files\System Safety Monitor\Plugins\IEXPLORE.DLL] <N/A><N/A>
[C:\Program Files\System Safety Monitor\Plugins\INIFILES.DLL] <Max Computing><1.0.0.0
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[C:\Program Files\System Safety Monitor\Plugins\SERVICES.DLL] <><1.0.0.0
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[C:\Program Files\System Safety Monitor\ssm_ui.dll] <Max Computing><1.9.6.9
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^>
[PID: 3568][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 3248][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\ADBERDR705\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 1408][D:\杀毒\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

zysblm - 2006-6-15 13:12:00

提示:注册表UIHOST被修改为非正常值.默认值为logonui.exe

mopery - 2006-6-15 13:12:00

把UIHOST的值改回来..可以用SRE改...

zysblm - 2006-6-15 13:21:00

引用:

【mopery的贴子】把UIHOST的值改回来..可以用SRE改...
...........................

我很菜,不知道如何改啊!!!!!!!!!!!!????????????????

zysblm - 2006-6-15 14:32:00

2006-06-15,14:22:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<Super Rabbit IEPro><; D:\Program Files\Super Rabbit\Superr\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
<Microsoft TAP><C:\WINDOWS\system32\AppEvent.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KB83072651><C:\WINDOWS\system32\AppEvent.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><; "D:\暴风影音\Storm Codec\StormSet.exe" /S /opti> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Royale.exe"> []

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><H>

==================================
服务
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[System Safety Monitor / SSM]
<><N/A>

==================================
浏览器加载项
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[一搜工具条]
{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <, N/A>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\BTCOMET0.60\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <D:\暴风影音\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[一搜工具条]
{115F6E46-FCBC-41ED-B3B5-3BDDD4AAB5E5} <, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Microsoft DirectAnimation Structured Graphics]
{369303C2-D7AC-11D0-89D5-00A0C90833E6} <C:\WINDOWS\system32\Daxctle.ocx, Microsoft Corporation>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <D:\BTCOMET0.60\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[EyeOnIE Class]
{6E28339B-7A2A-47B6-AEB2-46BA53782379} <, N/A>

zysblm - 2006-6-15 14:33:00

[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[DragSearch BHO]
{EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 556][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 568][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 964][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1380][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AppCheck.dll] <N/A><N/A>
[D:\ADBERDR705\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\ACDSee\picaview.dll] <ACD Systems, Ltd.><2, 0, 0, 78>
[C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] <ACD Systems, Ltd.><1, 3, 4, 22>
[C:\WINDOWS\system32\NDSShEx.dll] <KOAL Software><3, 0, 0, 0>
[PID: 172][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 384][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 960][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 800][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[c:\program files\rising\rfw\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 676][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 1072][D:\杀毒\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

zysblm - 2006-6-15 15:57:00

病毒名称处理结果扫描方式路径文件病毒来源
JS.DL.Agent.g删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2B163zrlyc[1].htm本机
Trojan.DL.Small.avd删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\C1MV81MNsogood[1].css本机
Trojan.DL.Small.avd删除成功手动扫描C:WiNdOeRN.exe本机
JS.DL.Agent.g删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\SF8R6M6V163zrlyc[1].htm本机
JS.DL.Agent.g删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5H9ED097163zrlyc[1].htm本机
Trojan.DL.Small.avd删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5D0TMS0Hsogood[1].css本机
Trojan.DL.Small.avd删除成功手动扫描C:WiNdOeRN.exe本机
JS.DL.Agent.g删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5H9ED097163zrlyc[1].htm本机
Trojan.DL.Small.avd删除成功手动扫描C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2Bsogood[1].css本机
Trojan.DL.Small.avd删除成功手动扫描C:\RecycledDc3795.exe本机

zysblm - 2006-6-15 17:07:00

XIE 谢谢大侠,都来说说啊

北纬37℃ - 2006-6-15 17:51:00

你现在不是用的是SREng吗?点里面的启动项目,假如你的注册表有问题它就会提示
要不运行REGEDIT去里面找到,再编辑

zysblm - 2006-6-15 18:03:00

引用:

【北纬37℃的贴子】你现在不是用的是SREng吗?点里面的启动项目,假如你的注册表有问题它就会提示
要不运行REGEDIT去里面找到,再62d200...........................

我不知道如何编辑内容啊

凌晨25点的爱 - 2006-6-15 18:03:00

这么多病毒
有那时间重做系统了啊
重新做吧

独孤豪侠 - 2006-6-15 18:05:00

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2Bsogood[1].css

这个路径下的清空缓存然后关闭系统还原，再杀一次毒即可~~~~~~~

zysblm - 2006-6-15 18:28:00

系统还原关闭了 ,又杀一次毒,可这个网站http://movie.13526.com/还是自动往出蹦啊!!!!!:C\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\85EF4L2Bsogood[1].css

这个路径下如何清空缓存

zysblm - 2006-6-16 12:21:00

din求求高手了

爱呢？？哪里？？ - 2006-6-16 19:49:00

用超级兔子锁定

瑞星卡卡安全论坛