瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】我的浏览器被劫持了,请高手们帮忙!!
梧桐情怀 - 2006-6-28 9:19:00
以下是我刚刚扫描的电脑日志!!请求高手们帮我看看!!为什么010项我修复不了呢??另外我也下载了SpyBot-Search&DestroyV1.4RC2┊间谍程序清理,并用这个反间谍软件进行了检测和修复,而且中的木马我也用了各种软件进行了清理,但为什么这项我修复不了呢??另外敬请高手能帮忙看看整个的日志是不是存在什么问题??请求高手指点一下!!谢谢!!
HijackThis_815汉化版扫描日志 V1.99.1
保存于      9:01:37, 日期 2006-6-28
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\happyhome\幸福飞梭\lxswitch.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\MYIE2\MyIE.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
D:\电影频道\HB_Hijackthis1991zww8152\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O3 - IE工具栏增项: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll (file missing)
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\RunOnce: [RavStub] "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\mcUpdate.exe
O4 - HKCU\..\RuunServices:[Microsoft System Saver] mssave.exe
O4 - Global Startup: 联想键盘驱动程序.lnk = ?
O4 - Global Startup: 幸福飞梭.lnk = ?SystemRoot%\Installer\{448A3A90-4C81-4007-BFE5-81B599CE9D62}\NewShortcut1_3.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\office2000\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - D:\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - D:\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\BitSpirit\bsurl.htm
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\HAPPYH~1\CIBA2002\IEPlugin.dll
O9 - 浏览器额外的“工具”菜单项: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\HAPPYH~1\CIBA2002\IEPlugin.dll
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.fm365.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148453731228
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150259610266
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DA5DE7A-6870-43C0-AD6D-5425AA05E847}: NameServer = 202.102.134.68 202.102.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DA5DE7A-6870-43C0-AD6D-5425AA05E847}: NameServer = 202.102.134.68 202.102.128.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: skwinlogon - C:\WINDOWS\SYSTEM32\dll.dll
O23 - NT 服务: LEGEND DeviceManager Service (lxdmg) - Unknown owner - C:\Program Files\Common Files\DeviceManager\DeviceManager.exe
O23 - NT 服务: lxswitch - Unknown owner - C:\happyhome\幸福飞梭\lxswitch.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)


不言放弃 - 2006-6-28 13:43:00
【回复“梧桐情怀”的帖子】
修复
O3 - IE工具栏增项: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll (file missing)
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\mcUpdate.exe
O4 - HKCU\..\RuunServices:[Microsoft System Saver] mssave.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: skwinlogon - C:\WINDOWS\SYSTEM32\dll.dll
O23 - NT 服务: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

开始--控制面板--性能和维护--管理工具--服务
禁用Microsoft Windows Spooler Service (Windows Spooler Service)

开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
找到后删除Windows Spooler Service文件夹

删除
C:\WINDOWS\mcUpdate.exe
mssave.exe(在C盘搜索)
C:\WINDOWS\SYSTEM32\dll.dll
我无邪 - 2006-6-28 13:45:00
开始→运行→输入services.msc,打开“服务”→查找Microsoft Windows Spooler Service →双击→启动类型→禁止→停止→应用→确定。禁止Microsoft Windows Spooler Service这个服务
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选"修复
O3 - IE工具栏增项: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll (file missing)
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\mcUpdate.exe
O4 - HKCU\..\RuunServices:[Microsoft System Saver] mssave.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - NT 服务: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\mcUpdate.exe
mssave.exe搜一下。
修复后,请重启。
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
梧桐情怀 - 2006-6-28 17:15:00
引用:
【不言放弃的贴子】【回复“梧桐情怀”的帖子】
修复
O3 - IE工具栏增项: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll (file missing)
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\mcUpdate.exe
O4 - HKCU\..\RuunServices:[Microsoft System Saver] mssave.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon Notify: skwinlogon - C:\WINDOWS\SYSTEM32\dll.dll
O23 - NT 服务: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)

开始--控制面板--性能和维护--管理工具--服务
禁用Microsoft Windows Spooler Service (Windows Spooler Service)

开始--运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
找到后删除Windows Spooler Service文件夹

删除
C:\WINDOWS\mcUpdate.exe
mssave.exe(在C盘搜索)
C:\WINDOWS\SYSTEM32\dll.dll

...........................


最近几天让这些病毒闹得心慌!!谢谢这位朋友的帮忙,真的是太感谢了!!
梧桐情怀 - 2006-6-28 17:22:00
引用:
【我无邪的贴子】开始→运行→输入services.msc,打开“服务”→查找Microsoft Windows Spooler Service →双击→启动类型→禁止→停止→应用→确定。禁止Microsoft Windows Spooler Service这个服务
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis,扫描结束后在下列选项前打上勾,然后选"修复
O3 - IE工具栏增项: IE标准栏 - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\WINDOWS\system32\amstreamxb.dll (file missing)
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\mcUpdate.exe
O4 - HKCU\..\RuunServices:[Microsoft System Saver] mssave.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - NT 服务: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\mcUpdate.exe
mssave.exe搜一下。
修复后,请重启。
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
...........................

感谢“我无邪”的帮助!!不满你说我看了你很多的帖子,你的无私和你的博学令我敬佩!感谢你的帮助!按着你的做法我已经全部的修复和删除了,但有一点我没有找到---“mssave.exe”这个文件我没有找到,我搜了我的电脑也没有!是怎么回事!!另外按照你的要求我扫描了一下!!敬请再给看看!!
2006-06-28,17:01:54

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Microsoft System Saver><mssave.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\skwinlogon]
    <WinlogonNotify: skwinlogon><dll.dll>  []
梧桐情怀 - 2006-6-28 17:22:00
==================================
启动文件夹
[联想键盘驱动程序]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\联想键盘驱动程序.lnk><H>
[幸福飞梭]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\幸福飞梭.lnk><H>
[InterVideo WinCinema Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><H>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>

==================================
服务
[LEGEND DeviceManager Service / lxdmg]
  <C:\Program Files\Common Files\DeviceManager\DeviceManager.exe><>
[lxswitch / lxswitch]
  <C:\happyhome\幸福飞梭\lxswitch.exe><>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Microsoft Windows Spooler Service / Windows Spooler Service]
  <"C:\WINDOWS\services.exe"><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\HAPPYH~1\CIBA2002\IEPlugin.dll, >
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Microsoft Office Template and Media Control]
  {02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[internet explorer helper]
  {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\legitcheckcontrol.dll, Microsoft Corporation>
[Adobe-Plugins Manager]
  {2AFA7CEC-26D9-4256-AF57-497A13180BA5} <C:\WINDOWS\System32\Agm.dll, AdoBeSoft Co.>
[BrowserHelper Class]
  {2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[MSHlper Class]
  {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} <C:\WINDOWS\system32\MSHLP.DLL, >
[CpapView Class]
  {77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\cpap.dll, N/A>
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Mini PPGou BHO]
  {92FB5F8F-8254-4978-9C50-03D9B0405062} <C:\PROGRA~1\MINIPP~1\MINIPP~1.DLL, N/A>
[IE标准栏]
  {954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\HAPPYH~1\CIBA2002\IEPlugin.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[internet explorer helper]
  {F7911E65-B01C-4A58-AEC7-53085ECA70A5} <C:\WINDOWS\system32\mshlink.dll, >
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <D:\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <D:\NetTransport 2\NTAddList.html, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <D:\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 1216][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.5.2005092300>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1900][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1936][D:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [D:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1984][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.1622>
[PID: 136][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 248][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe]  <Adobe Systems Incorporated><7.0.5.2005092300>
[PID: 1560][D:\MYIE2\MyIE.exe]  <MY Soft Technology><0, 9, 27, 68>
    [D:\MYIE2\Plugin\ViewSource\ViewSrc.dll]  <><1, 0, 0, 1>
    [D:\MYIE2\Plugin\uc\uc.dll]  <><1, 0, 0, 1>
    [D:\MYIE2\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 812][D:\NetTransport 2\NetTransport.exe]  <Xi><1.90.267>
    [D:\NetTransport 2\libssl.dll]  <Xi><0.97d.15>
    [D:\NetTransport 2\libssh.dll]  <Xi><3.1.009>
[PID: 1116][D:\电影频道\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
梧桐情怀 - 2006-6-28 17:24:00
再次感谢“不言放弃”和'我无邪“两位高手朋友的帮助!!!谢谢了!!
我无邪 - 2006-6-28 21:28:00
关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer,使用“系统修复,浏览器加载项”来删除以下选项。
C:\WINDOWS\fonts\msshapi.dll
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\WINDOWS\system32\cpap.dll
运行(双击)System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Microsoft Windows Spooler Service,选择“删除服务”点“设置”选择“否”最后重启
重启后

运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
mssave.exe
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
mssave.exe我也不知道这是什么,但我在一些帖子上见过,每次我都会让楼主删除。你再找找看,删除掉才放心啊
C:\WINDOWS\fonts\msshapi.dll
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\WINDOWS\system32\cpap.dll
C:\WINDOWS\services.exe
找不到其实问题也不大
修复后,重启,请再扫份日志粘上来。
梧桐情怀 - 2006-6-29 8:37:00
引用:
【我无邪的贴子】关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer,使用“系统修复,浏览器加载项”来删除以下选项。
C:\WINDOWS\fonts\msshapi.dll
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\WINDOWS\system32\cpap.dll
运行(双击)System Repair Engineer,点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Microsoft Windows Spooler Service,选择“删除服务”点“设置”选择“否”最后重启
重启后

运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
mssave.exe
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
mssave.exe我也不知道这是什么,但我在一些帖子上见过,每次我都会让楼主删除。你再找找看,删除掉才放心啊
C:\WINDOWS\fonts\msshapi.dll
C:\WINDOWS\system32\WinDefendor.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\WINDOWS\system32\cpap.dll
C:\WINDOWS\services.exe
找不到其实问题也不大
修复后,重启,请再扫份日志粘上来。
...........................

首先再次感谢“我无邪”朋友!真的是太谢谢了你这位电脑专家了!以前也不知道我电脑中还有这么多不应该有的程序,这次可要好好的整理一下我的电脑!
另外你说的要删除的几项除了C:\WINDOWS\fonts\msshapi.dll和C:\WINDOWS\services.exe我没有找到外其余的都已经删除了!!不过C:\WINDOWS\services.exe我在按照你说的运行(双击)System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
mssave.exe
已经删除了,不知道是不是一样呢?
我重新扫描的日志请老师给看看!!
2006-06-29,08:14:33

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\skwinlogon]
    <WinlogonNotify: skwinlogon><dll.dll>  []
梧桐情怀 - 2006-6-29 8:37:00
==================================
启动文件夹
[联想键盘驱动程序]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\联想键盘驱动程序.lnk><H>
[幸福飞梭]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\幸福飞梭.lnk><H>
[InterVideo WinCinema Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><H>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>

==================================
服务
[LEGEND DeviceManager Service / lxdmg]
  <C:\Program Files\Common Files\DeviceManager\DeviceManager.exe><>
[lxswitch / lxswitch]
  <C:\happyhome\幸福飞梭\lxswitch.exe><>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\HAPPYH~1\CIBA2002\IEPlugin.dll, >
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Microsoft Office Template and Media Control]
  {02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <D:\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <D:\NetTransport 2\NTAddList.html, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <D:\BitSpirit\bsurl.htm, N/A>
梧桐情怀 - 2006-6-29 8:38:00
==================================
正在运行的进程
[PID: 1172][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.5.2005092300>
[PID: 176][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 204][D:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [D:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 224][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.1622>
[PID: 304][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 432][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe]  <Adobe Systems Incorporated><7.0.5.2005092300>
[PID: 1724][D:\MYIE2\MyIE.exe]  <MY Soft Technology><0, 9, 27, 68>
    [D:\MYIE2\Plugin\ViewSource\ViewSrc.dll]  <><1, 0, 0, 1>
    [D:\MYIE2\Plugin\uc\uc.dll]  <><1, 0, 0, 1>
    [D:\MYIE2\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1512][D:\电影频道\查杀病毒工具\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
我无邪 - 2006-6-29 14:24:00
日志看不出问题了
如果有异常,再描述一下。
1
查看完整版本: 【求助】我的浏览器被劫持了,请高手们帮忙!!
© 2000 - 2026 Rising Corp. Ltd.