瑞星卡卡安全论坛
jxfengwu - 2006-9-24 11:39:00
大家帮我看看,为什么的电脑反应很慢啊,总有一些网页弹出来
正版真的很贵啊 - 2006-9-24 11:44:00
没有日志么,那高手也没法帮忙了,你只好自己想办法了
newcenturymoon - 2006-9-24 11:50:00
请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机"扫描日志并保存日志"
把保存的日志复制粘贴上来.
jxfengwu - 2006-9-24 11:52:00
知道了,请稍等
jxfengwu - 2006-9-24 11:59:00
006-09-24,11:03:15
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> []
<MSNShell><D:\下载夹\MSNShell\BIN\MSNShell.exe autorun> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<shell><"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{385B11EE-0833-2052-0331-040916200056}><"C:\Program Files\Common Files\{385B11EE-0833-2052-0331-040916200056}\Update.exe" > []
<{385B11EE-0834-2052-0331-040916200056}><"C:\Program Files\Common Files\{385B11EE-0834-2052-0331-040916200056}\Update.exe" > []
<zz><C:\WINDOWS\system32\intenet.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<SysExplr><C:\Herosoft\HeroV8\SysExplr.EXE> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<NMGameX_AutoRun><C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa> [NMGameX]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [UtnuWK3cJFeZfBLizdIH]
<Tray><C:\WINDOWS\command\rundll32.exe> []
<zt><C:\WINDOWS\Intel\rundll32.exe> []
<ms><C:\Program Files\Microsoft\svhost32.exe> []
<winla><c:\winla\winla.exe> []
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> []
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<System><C:\WINDOWS\TEMP\\setup.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
<WinlogonNotify: DateTime><C:\WINDOWS\system32\ir8ql5l51.dll> []
jxfengwu - 2006-9-24 12:00:00
=================================
正在运行的进程
[PID: 120][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\Rsvtub.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\myrx.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\mywow.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[PID: 232][C:\Program Files\CNNIC\Cdn\cdnup.exe] <><2, 4, 0, 8>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] <CNNIC><2, 2, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 340][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[PID: 1292][C:\WINDOWS\system32\Call.exe] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[PID: 1372][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.28>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1444][C:\WINDOWS\system32\igfxtray.exe] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3847>
[PID: 1520][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3847>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3847>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3847>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3847>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3847>
[PID: 1508][C:\Herosoft\HeroV8\SysExplr.EXE] <N/A><N/A>
[C:\Herosoft\HeroV8\HttpReq.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\CoolMenu.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\httphlp.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\AVCDROM.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\Sys936.DLL] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[PID: 1764][C:\WINDOWS\system32\Realplayer.exe] <N/A><N/A>
[PID: 1932][C:\WINDOWS\WINLOGON.EXE] <UtnuWK3cJFeZfBLizdIH><0.00.0110>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[PID: 1872][C:\WINDOWS\command\rundll32.exe] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[PID: 2000][C:\WINDOWS\Intel\rundll32.exe] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
jxfengwu - 2006-9-24 12:02:00
[PID: 608][C:\Program Files\Microsoft\svhost32.exe] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[PID: 332][C:\Program Files\Common Files\UPDATE2\Update.exe] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 348][C:\winla\winla.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[PID: 260][C:\WINDOWS\system32\SVOHOST.exe] <N/A><N/A>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[PID: 532][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[PID: 1800][C:\WINDOWS\TEMP\setup.exe] <><1, 0, 0, 1>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[PID: 1196][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[PID: 652][D:\下载夹\MSNShell\BIN\MSNShell.exe] <N/A><N/A>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[PID: 1124][C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yascenter.exe] <Yahoo><1, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo><1, 0, 2, 1003>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasierres.dll] <yahoo!china><1, 0, 2, 1000>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[D:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] <Yahoo!><2, 0, 6, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll] <3721.com><2, 1, 1, 87>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
jxfengwu - 2006-9-24 12:03:00
[PID: 2792][D:\Program Files\Rising\Rav\Rav.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 75>
[D:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RavUI.Dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 65>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[D:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RavUIMsg.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[D:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 3128][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 8, 1048>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo><1, 0, 1, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo><1, 0, 2, 1003>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <><1, 1, 4, 1006>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 3, 1035>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll] <Yahoo! China><1, 0, 1, 1015>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Micrsoft SearchBar\SearchBar.dll] <IE Toolbar><1, 0, 0, 4>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[c:\WINDOWS\system32\FlashPlayer8OCX.dll] <N/A><N/A>
[D:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[c:\WINDOWS\system32\urlmons32.dll] <N/A><N/A>
[C:\WINDOWS\Dll.dll] <N/A><N/A>
[PID: 3204][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] < ><2, 0, 0, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll] <><1, 0, 0, 5>
[PID: 2132][C:\WINDOWS\Logo1_.exe] <><1.0.0.0>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[PID: 3280][D:\下载夹\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\下载夹\MSNShell\BIN\ShellDll.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 7, 1024>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\winscok.dll] <N/A><N/A>
[C:\WINDOWS\system32\RChook.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\ztdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\tdll.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
正版真的很贵啊 - 2006-9-24 12:11:00
我似乎看到REALPLAY病毒了....
还有,你电脑里面那么多助手啊什么的流氓软件.你的电脑能不慢么,
建议在顶部的帖子找工具干掉他们..
至于REALPLAY病毒怎么杀,你可以请教一下,,,我真不知道,我也是来学习的...菜鸟一只
jxfengwu - 2006-9-24 12:31:00
哪里有那么多助手啊,只有一个雅虎
正版真的很贵啊 - 2006-9-24 12:41:00
对了,在贴个HJ的日志吧,这个对我这个新人来说看的累的很,也很花眼.
我就看到了两个,一个是REALPLAY,另外一个是WINLOGON.
另外那些CNNIC.助手,这些流氓软件留着也是祸害,建议干掉....
正版真的很贵啊 - 2006-9-24 12:43:00
首先这些流氓软件本身就没完没了的弹广告,即使没有病毒也一样,而且他们还偷偷的安装插件,你电脑即使没病毒,一样会变慢
mopery - 2006-9-24 12:55:00
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
参考顶置帖..
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [UtnuWK3cJFeZfBLizdIH]
http;//mopery.hits.io/MiscKiller.zip
下载专杀查杀..
用sreng
删除启动项目=>注册表
<{385B11EE-0833-2052-0331-040916200056}><"C:\Program Files\Common Files\{385B11EE-0833-2052-0331-040916200056}\Update.exe" > []
<{385B11EE-0834-2052-0331-040916200056}><"C:\Program Files\Common Files\{385B11EE-0834-2052-0331-040916200056}\Update.exe" > []
<zz><C:\WINDOWS\system32\intenet.exe> []
<wow><C:\WINDOWS\system32\Launcher.exe> []
<load><C:\WINDOWS\rundl132.exe> []
<Tray><C:\WINDOWS\command\rundll32.exe> []
<zt><C:\WINDOWS\Intel\rundll32.exe> []
<ms><C:\Program Files\Microsoft\svhost32.exe> []
<winla><c:\winla\winla.exe> []
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> []
<System><C:\WINDOWS\TEMP\\setup.exe> []
<CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> []
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<WinlogonNotify: DateTime><C:\WINDOWS\system32\ir8ql5l51.dll> []
删除
C:\Program Files\Common Files\{385B11EE-0833-2052-0331-040916200056}\Update.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\Launcher.exe
C:\WINDOWS\rundl132.exe
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Microsoft\svhost32.exe
c:\winla\winla.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\TEMP\\setup.exe
C:\WINDOWS\system32\mswdm.exe
C:\Program Files\Internet Explorer\PLUGINS\new123.sys
C:\WINDOWS\system32\ir8ql5l51.dll
C:\WINDOWS\system32\tdll.dll
C:\WINDOWS\system32\ztdll.dll
C:\WINDOWS\system32\msdll.dll
C:\WINDOWS\system32\winscok.dll
C:\WINDOWS\system32\mywow.dll
C:\WINDOWS\system32\msdll.dll
C:\WINDOWS\Dll.dll
[C:\WINDOWS\system32\quartz32.dll] <><4, 1, 0, 0>
需要用LSPFix 来修复..
LSPFix(汉化版) 下载地址:http://mopery.hits.io/LSPFix.zip
同时下载:http://mopery.hits.io/WinsockXPFix.zip
----------------------------------------------------------------
先运行LSPFix ... 勾上 我确定要进行修复操作 ...
然后将quartz32.dll移到右边...点下完成...
----------------------------------------------------------------
如果在操作之后不能上网...请用WinsockXPFix.exe 修复一下即可...安全模式下..
http://download5.pctutu.com/soft/winspeed782.zip
用超级兔子清理王在安全模式下卸载流氓软件...
newcenturymoon - 2006-9-24 14:24:00
晕死 毒窝
1
© 2000 - 2026 Rising Corp. Ltd.