瑞星杀毒.卡卡助手.超级兔子和木马杀客都搞不定的开机自动弹出窗口!!!!!! bbs.ikaka.com

amurong - 2006-9-11 13:58:00

机器中标了..总是弹出窗口..用了瑞星杀毒.卡卡助手.超级兔子和木马杀客都没有搞定啊,,,,,,,晕了...

http://tanip.1sto.com/和http://某某.1sto.com/等一系列的恶意网站可以在一定时间内，自动在收藏夹和桌面添加网站文件，而且同时修改 IE主页，

请大家帮忙啊!!!!!!!!!!!!!!!!

amurong - 2006-9-11 13:59:00

以下是那个网站的话....气愤啊!!!!!!!!!!!!!

软件功能介绍: 1、开机后即自动运行
2、体积小，才13K便具有如此强大的功能，安装方便
3、可随捆绑软件安装或是软件下载。
4、随意设置广告网址的数量
5、随意设置广告弹出间隔时间
6、可修改用户默认IE首页
7、向用户的浏览器收藏夹内添加收藏的网页文件（可选择是否添加）
8、安装后自动删除本身，保密性和安全性大大提高
9、自动探测用户是否能上网，服务器端配置修改，用户能精确的马上生效
10、自动探测用户是否能上网，让用户的每次弹窗都生效。
11、后台可锁定IE首页，添加多个IE收藏夹，添加多个桌面图标，添加多个普通弹窗
12、有定向广告设置，增加了ALEXA排名提升（暗刷功能），支持聊天软件群发（QQ群发、popo群发、uc群发、淘宝群发）并能远程安装其它软件
13、生成配置文件，软件升级自动设置，安装数量统计，后台密码修改，权限分级管理
14、本系统是目前最强大的基于CMS模式的插件系统，功能最强，体积最小，免杀能力最强的插件

我无邪 - 2006-9-11 14:01:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

amurong - 2006-9-11 14:14:00

日志来啦. 请高手过目

2006-09-11,14:03:47

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTimer><D:\PROGRA~1\RISING\RISING\RAV\RAVTIMER.EXE> []
<RavTask><"D:\Program Files\rising\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<mmsk><G:\木马杀客\mmsk.exe> [木马杀客]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BIE><; RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32> []
<DAEMON Tools><; "G:\虚拟光驱\daemon\daemon-v4.03\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<nwiz><; nwiz.exe /install> []
<SoundMam><; C:\WINDOWS\system32\SVOHOST.exe> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<VVSN><; C:\Program Files\VVSN\VVSN.exe> []

amurong - 2006-9-11 14:14:00

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[BdSearchHook Class]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, N/A>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=winstonzh_dg, N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<E:\QQ2005\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<E:\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\QQ2005\SendMMS.htm, N/A>

amurong - 2006-9-11 14:15:00

正在运行的进程
[PID: 728][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 788][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 828][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1052][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][D:\Program Files\rising\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1232][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1440][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1464][D:\Program Files\rising\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[D:\Program Files\rising\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\rising\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[D:\Program Files\rising\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[D:\Program Files\rising\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\rising\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\rising\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\rising\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\rising\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\rising\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\rising\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\Program Files\rising\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[D:\Program Files\rising\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[D:\Program Files\rising\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\rising\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[D:\Program Files\rising\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\rising\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\rising\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\rising\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1820][D:\Program Files\rising\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 252][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\pdf\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 308][C:\WINDOWS\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 368][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9131>
[PID: 1080][D:\Program Files\rising\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1164][D:\Program Files\rising\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\rising\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\rising\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1204][G:\木马杀客\mmsk.exe] <木马杀客><2,0,0,6>
[G:\木马杀客\krnln.fnr] <><1, 0, 0, 1>
[G:\木马杀客\iext2.fne] <><1, 0, 0, 1>
[G:\木马杀客\iext.fne] <><1, 0, 0, 1>
[G:\木马杀客\HYExtLib.fne] <N/A><N/A>
[G:\木马杀客\HtmlView.fne] <><1, 0, 0, 1>
[G:\木马杀客\TrayIcon.fne] <><1, 0, 0, 1>
[G:\木马杀客\iext3.fne] <><1, 0, 0, 1>
[G:\木马杀客\xplib.fne] <N/A><N/A>
[G:\木马杀客\mmskskin.dll] <><2, 0, 0, 6>
[G:\木马杀客\SkinPPWTL.dll] <http://www.skinplusplus.com><2, 1, 0, 0>
[G:\木马杀客\shell.fne] <N/A><N/A>
[G:\木马杀客\EThread.fne] <N/A><N/A>
[G:\木马杀客\dp1.fne] <N/A><N/A>
[G:\木马杀客\eCompress.fne] <N/A><N/A>
[G:\木马杀客\internet.fne] <><1, 0, 0, 1>
[PID: 1252][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1964][D:\maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39>
[D:\maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[D:\maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 3656][G:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

amurong - 2006-9-11 14:15:00

==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS Error. ["F:\dreamweave\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

amurong - 2006-9-11 16:53:00

请高手帮忙啊

ogim - 2006-9-11 18:20:00

删除C:\Program Files\VVSN\VVSN.exe
运行reng2到启动项目.删除C:\Program Files\VVSN\VVSN.exe
到系统修复.修复关联文件

amurong - 2006-9-11 18:30:00

reng2 是什么东西..怎么运行????????
c盘里面没有vvsn 文件啊...

ogim - 2006-9-11 18:33:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改

amurong - 2006-9-11 18:42:00

已经删除了C:\Program Files\VVSN\VVSN.exe

重启之后还是跳出网页

ogim - 2006-9-11 18:46:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改

amurong - 2006-9-11 18:51:00

2006-09-11,18:40:06

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTimer><D:\PROGRA~1\RISING\RISING\RAV\RAVTIMER.EXE> []
<RavTask><"D:\Program Files\rising\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<mmsk><G:\木马杀客\mmsk.exe> [木马杀客]
<DAEMON Tools><; "G:\虚拟光驱\daemon\daemon-v4.03\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<nwiz><; nwiz.exe /install> []
<SoundMam><; C:\WINDOWS\system32\SVOHOST.exe> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[BdSearchHook Class]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, N/A>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=winstonzh_dg, N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

amurong - 2006-9-11 18:51:00

==================================
正在运行的进程
[PID: 728][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 788][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 828][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1052][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1116][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][D:\Program Files\rising\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1232][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1280][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1404][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1424][D:\Program Files\rising\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[D:\Program Files\rising\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\rising\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[D:\Program Files\rising\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[D:\Program Files\rising\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\rising\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\rising\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\rising\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\rising\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\rising\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\rising\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\Program Files\rising\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[D:\Program Files\rising\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[D:\Program Files\rising\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\rising\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[D:\Program Files\rising\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\rising\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\rising\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\rising\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1820][D:\Program Files\rising\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 284][C:\WINDOWS\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 344][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.9131>
[PID: 852][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\pdf\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[PID: 1308][D:\Program Files\rising\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1332][G:\木马杀客\mmsk.exe] <木马杀客><2,0,0,6>
[G:\木马杀客\krnln.fnr] <><1, 0, 0, 1>
[G:\木马杀客\iext2.fne] <><1, 0, 0, 1>
[G:\木马杀客\iext.fne] <><1, 0, 0, 1>
[G:\木马杀客\HYExtLib.fne] <N/A><N/A>
[G:\木马杀客\HtmlView.fne] <><1, 0, 0, 1>
[G:\木马杀客\TrayIcon.fne] <><1, 0, 0, 1>
[G:\木马杀客\iext3.fne] <><1, 0, 0, 1>
[G:\木马杀客\xplib.fne] <N/A><N/A>
[G:\木马杀客\mmskskin.dll] <><2, 0, 0, 6>
[G:\木马杀客\SkinPPWTL.dll] <http://www.skinplusplus.com><2, 1, 0, 0>
[G:\木马杀客\shell.fne] <N/A><N/A>
[G:\木马杀客\EThread.fne] <N/A><N/A>
[G:\木马杀客\dp1.fne] <N/A><N/A>
[PID: 1340][D:\Program Files\rising\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\rising\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\rising\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1356][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2412][D:\maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39>
[D:\maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[D:\maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 2784][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3100][G:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS Error. ["F:\dreamweave\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

ogim - 2006-9-11 19:02:00

关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\CMBEdit.dll
重启后删除
C:\WINDOWS\system32\CMBEdit.dll
修复关联文件!

我无邪 - 2006-9-11 21:02:00

追加两项
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\SVOHOST.exe
删除
C:\WINDOWS\system32\SVOHOST.exe
有异常请描述一下。

Rocon - 2006-10-7 15:55:00

你好，我的电脑也是这个问题，但是文件关联SREng没提示任何问题，但我还是用SREng全选修复了一遍。而且也没发现有C:\Program

Files\VVSN\VVSN.exe和C:\WINDOWS\system32\SVOHOST.exe之类的注册表项，只发现了C:\WINDOWS\system32\CMBEdit.dll。删除之后还是有问

题，表现为每次登录系统都出现“免费算命”的快捷方式，并且会打开http://sm.1sto.com/网页。搞了两天了，头痛。。。。

SREng扫描日志如下：

Rocon - 2006-10-7 15:58:00

2006-10-07,15:50:35

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<!AVG Anti-Spyware><"C:\Program Files\AVG AntSpy\avgas.exe" /minimized> [Anti-Malware Development a.s.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\AVG AntSpy\shellexecutehook.dll> [Anti-Malware Development a.s.]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

Rocon - 2006-10-7 15:59:00

==================================
启动文件夹
N/A

==================================
服务
[AdsWinIe / AdsWinIe]
<C:\WINDOWS\system32\AdsWin.exe -service><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
<C:\Program Files\AVG AntSpy\guard.exe><Anti-Malware Development a.s.>
[Lotus Notes Single Logon / Lotus Notes Single Logon]
<C:\WINDOWS\system32\nslsvice.exe><N/A>
[PopWinIe / PopWinIe]
<C:\WINDOWS\system32\PopWin.exe -service><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[abp480n5 / abp480n5]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adsrsvc / adsrsvc]
<\SystemRoot\system32\drivers\adsrsvc.sys><N/A>
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\C:\Program Files\AVG AntSpy\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cd20xrnt / cd20xrnt]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[IBM Access Support / EGATHDRV]
<\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ini910u / ini910u]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
<\??\C:\Program Files\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PMEM / PMEM]
<\??\C:\WINDOWS\SYSTEM32\DRIVERS\PMEMNT.SYS><Microsoft Corporation>
[TPM Service / portio]
<system32\DRIVERS\NscTpmDD.sys><National Semiconductor Corp.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt]
<system32\drivers\senfilt.sys><Sensaura>
[SIS AGP Bus Filter / sisagp]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TosIde / TosIde]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VCD VNC Virtual Network Adapter / vcddev]
<system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VNN VNC Virtual Network Adapter / vnndev]
<system32\DRIVERS\vnnvnic.sys><VNN B.J.>

Rocon - 2006-10-7 16:00:00

==================================
浏览器加载项
[BdSearchHook Class]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=baidudg, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[&使用迅雷下载]
<C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\QQ\AddEmotion.htm, N/A>

Rocon - 2006-10-7 16:00:00

==================================
正在运行的进程
[PID: 956][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1324][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1448][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1464][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1548][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1656][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1668][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1760][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1952][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 136][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 300][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4414.258]
[PID: 476][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 804][C:\WINDOWS\system32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 840][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 944][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1148][C:\WINDOWS\system32\mqsvc.exe] [Microsoft Corporation, 5.01.1108]
[PID: 3456][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3700][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\Program Files\AVG AntSpy\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[PID: 728][C:\WINDOWS\system32\Com\SERVICES.EXE] [N/A, N/A]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 660][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 3220][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 2244][C:\Program Files\AVG AntSpy\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\AVG AntSpy\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 1400][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 3476][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 600][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[PID: 3196][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 1, 0, 2, 2]
[PID: 3568][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 6, 42]
[C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1184][C:\Program Files\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\PROGRA~1\baidu\iexp\BDSrHook.dll] [, 1, 0, 0, 45]
[C:\Program Files\SREng\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

Rocon - 2006-10-7 16:00:00

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.11sto.com
127.0.0.1www.1sto.com
222.223.155.118 auto.search.msn.com
222.223.155.118 dnsc.yahoo.com.cn
222.223.155.118 abc.265.com
222.223.155.118 265.com
222.223.155.118 www.265.com
222.223.155.118 hao123.com
222.223.155.118 www.hao123.com
222.223.155.118 9991.com
222.223.155.118 www.9991.com
222.223.155.118 gjj.cc
222.223.155.118 www.gjj.cc
222.223.155.118 ppgou.com
222.223.155.118 www.ppgou.com
222.223.155.118 t2t2.com
222.223.155.118 www.t2t2.com
222.223.155.118 5566.net
222.223.155.118 www.5566.net
222.223.155.118 qu123.com
222.223.155.118 www.qu123.com
222.223.155.118 855.com
222.223.155.118 www.855.com
222.223.155.118 7b.com.cn
222.223.155.118 www.7b.com.cn
222.223.155.118 v111.com
222.223.155.118 www.v111.com
222.223.155.118 xp13.com
222.223.155.118 www.xp13.com
222.223.155.118 521521.com
222.223.155.118 www.521521.com
222.223.155.118 19ku.com
222.223.155.118 www.19ku.com
222.223.155.118 37021.com
222.223.155.118 www.37021.com
222.223.155.118 da123.com
222.223.155.118 www.da123.com
222.223.155.118 x05.net
222.223.155.118 www.x05.net
222.223.155.118 ip138.com
222.223.155.118 www.ip138.com
222.223.155.118 ipseeker.cn
222.223.155.118 www.ipseeker.cn
222.223.155.118 123cha.com
222.223.155.118 www.123cha.com
222.223.155.118 ip.cn
222.223.155.118 www.ip.cn
222.223.155.118 letscool.cn
222.223.155.118 www.letscool.cn
222.223.155.118 yok.com
222.223.155.118 www.yok.com
222.223.155.118 yeskee.com
222.223.155.118 www.yeskee.com
222.223.155.118 reg.yeskee.com
222.223.155.118 qyule.com
222.223.155.118 www.qyule.com
222.223.155.118 99jk.com
222.223.155.118 www.99jk.com
222.223.155.118 shop.xf200.com

==================================

我无邪 - 2006-10-8 23:52:00

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Lotus Notes Single Logon，选择“删除服务”点“设置”选择“否”

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务adsrsvc，选择“删除服务”点“设置”选择“否”

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\drivers\adsrsvc.sys
C:\WINDOWS\system32\Com\SERVICES.EXE
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，HOSTS 文件
127.0.0.11sto.com
127.0.0.1www.1sto.com
222.223.155.118 auto.search.msn.com
222.223.155.118 dnsc.yahoo.com.cn
222.223.155.118 abc.265.com
222.223.155.118 265.com
222.223.155.118 www.265.com
222.223.155.118 hao123.com
222.223.155.118 www.hao123.com
222.223.155.118 9991.com
222.223.155.118 www.9991.com
222.223.155.118 gjj.cc
222.223.155.118 www.gjj.cc
222.223.155.118 ppgou.com
222.223.155.118 www.ppgou.com
222.223.155.118 t2t2.com
222.223.155.118 www.t2t2.com
222.223.155.118 5566.net
222.223.155.118 www.5566.net
222.223.155.118 qu123.com
222.223.155.118 www.qu123.com
222.223.155.118 855.com
222.223.155.118 www.855.com
222.223.155.118 7b.com.cn
222.223.155.118 www.7b.com.cn
222.223.155.118 v111.com
222.223.155.118 www.v111.com
222.223.155.118 xp13.com
222.223.155.118 www.xp13.com
222.223.155.118 521521.com
222.223.155.118 www.521521.com
222.223.155.118 19ku.com
222.223.155.118 www.19ku.com
222.223.155.118 37021.com
222.223.155.118 www.37021.com
222.223.155.118 da123.com
222.223.155.118 www.da123.com
222.223.155.118 x05.net
222.223.155.118 www.x05.net
222.223.155.118 ip138.com
222.223.155.118 www.ip138.com
222.223.155.118 ipseeker.cn
222.223.155.118 www.ipseeker.cn
222.223.155.118 123cha.com
222.223.155.118 www.123cha.com
222.223.155.118 ip.cn
222.223.155.118 www.ip.cn
222.223.155.118 letscool.cn
222.223.155.118 www.letscool.cn
222.223.155.118 yok.com
222.223.155.118 www.yok.com
222.223.155.118 yeskee.com
222.223.155.118 www.yeskee.com
222.223.155.118 reg.yeskee.com
222.223.155.118 qyule.com
222.223.155.118 www.qyule.com
222.223.155.118 99jk.com
222.223.155.118 www.99jk.com
222.223.155.118 shop.xf200.com

打开一个IE窗口，工具，internte选项，点“删除文件”弹出一个窗口勾选“删除所有脱机内容”删除cookies,确定。
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，Internet Explorer”“全选”“修复"看看能不能解决问题。

完后重启，再扫个日志粘上来。

Rocon - 2006-10-9 12:15:00

你好，已经搞定啦。觉得有个PopWinIe服务有问题。主要文件在文件夹system32多了三个，PopTWin.exe，PopWin.dll，PopWin.exe。此服务长期处停止状，但启动类型为自动，删除次服务确实可以解决这个问题。
我想Lotus Notes Single Logon应该没事，公司用Lotus邮件系统，而且启动类型是禁用。另外还有个AdsWinIE的服务有问题，也是长期处停止状，但启动类型为自动。但我不确定他是干嘛的，看名字怪怪的，干脆也删掉了

我无邪 - 2006-10-9 12:20:00

干得好，这种可疑的服务，宁可错杀一万，也不放过一个。
多谢反馈。

瑞星卡卡安全论坛