快乐的小强 - 2006-10-6 17:23:00
然后就提示进行杀毒,还跳出一个“……网页不能打开”之类的警告框。
这是什么问题》我已经用瑞星杀过两边了。
高手支着!!!
MagenSky - 2006-10-6 18:01:00
扫一份日志
快乐的小强 - 2006-10-6 19:04:00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ IntelWireless Intel Framework MFC Application Intel Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\IFRMEWRK.EXE
+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
+ Dell QuickSet QuickSet MFC Application C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE
+ Apoint Alps Pointing-device Driver Alps Electric Co., Ltd. C:\PROGRAM FILES\APOINT\APOINT.EXE
+ stup.exe Tencent C:\PROGRA~1\TENCENT\ADPLUS\STUP.EXE
+ StormCodec_Helper D:\PROGRAM FILES\RINGZ STUDIO\STORM CODEC\STORMSET.EXE
+ DAEMON Tools Virtual DAEMON Manager DT Soft Ltd. F:\PROGRAM FILES\DAEMON TOOLS\DAEMON.EXE
+ VVSN VVSN WhenU.com C:\PROGRAM FILES\VVSN\VVSN.EXE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home Nero AG C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
+ Crypkey License CrypKey NT Service Kenonic Controls Ltd. C:\WINDOWS\system32\CRYPSERV.EXE
+ EvtEng Intel Event Trace Manager Intel Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
+ Macromedia Licensing Service Provides authentication services for Macromedia applications. C:\PROGRAM FILES\COMMON FILES\MACROMEDIA SHARED\SERVICE\MACROMEDIA LICENSING.EXE
+ NICCONFIGSVC 配置内部网卡电源管理设置。 Dell Inc. C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE
+ RegSrvc Intel Registry Service Intel Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
+ S24EventMonitor Handles the Spectrum24 NDIS Traffic Intel Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
+ svchost.exe Generic Host Process for Win32 Services C:\WINDOWS\HACKER.COM.CN.EXE
+ WLANKEEPER Provides Profile Switching Service for SSO Feature Set Intel? Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ AegisP AEGIS Protocol (IEEE 802.1x) v3.1.0.1 Meetinghouse Data Communications C:\WINDOWS\SYSTEM32\DRIVERS\AEGISP.SYS
+ ApfiltrService Alps Touch Pad Driver Alps Electric Co., Ltd. C:\WINDOWS\SYSTEM32\DRIVERS\APFILTR.SYS
+ APPDRV App Support Driver Dell Inc C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
+ b57w2k Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver. Broadcom Corporation C:\WINDOWS\SYSTEM32\DRIVERS\B57XP32.SYS
+ dtscsi C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
+ ExpScaner ExpScan.sys C:\PROGRAM FILES\RISING\RAV\EXPSCAN.SYS
+ GTIPCI21 Texas Instruments PCI GemCore IFD Handler Texas Instruments C:\WINDOWS\SYSTEM32\DRIVERS\GTIPCI21.SYS
+ HookCont TDI HOOK Driver Rising tech Co. ltd C:\PROGRAM FILES\RISING\RAV\HOOKCONT.SYS
+ HookReg C:\PROGRAM FILES\RISING\RAV\HOOKREG.SYS
+ HookSys Hooksys Rising C:\PROGRAM FILES\RISING\RAV\HOOKSYS.SYS
+ HSFHWICH HSFHWICH WDM driver Conexant Systems, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.SYS
+ HSF_DP HSF_DP driver Conexant Systems, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.SYS
+ IWCA Intel Wireless Connection Agent Intel Corporation C:\WINDOWS\SYSTEM32\DRIVERS\IWCA.SYS
+ kmsinput C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
+ mdmxsdk Diagnostic Interface DRIVER Conexant C:\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS
+ MEMSCAN MemScan Driver 瑞星软件有限公司 C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS
+ NetworkX C:\WINDOWS\SYSTEM32\CKLDRV.SYS
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. D:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
+ OMCI OMCI Device Driver Dell Computer Corporation C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
+ QuakeDRV C:\WINDOWS\SYSTEM32\DRIVERS\QUAKEDRV.SYS
+ s24trans WLAN Transport Intel Corporation C:\WINDOWS\SYSTEM32\DRIVERS\S24TRANS.SYS
+ Secdrv SafeDisc driver C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
+ sfdrv01 StarForce Protection Environment Driver Protection Technology C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS
+ sfhlp02 StarForce Protection Helper Driver Protection Technology C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS
+ sfsync03 StarForce Protection Synchronization Driver Protection Technology C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC03.SYS
快乐的小强 - 2006-10-6 19:04:00
+ SMCIRDA SMC IrCC NDIS 5.0 IrDA FIR Device Driver SMC C:\WINDOWS\SYSTEM32\DRIVERS\SMCIRDA.SYS
+ sptd C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
+ STAC97 SigmaTel Audio Driver (WDM) SigmaTel, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.SYS
+ UIUSys C:\WINDOWS\SYSTEM32\DRIVERS\UIUSYS.SYS
+ vcddev Virtual Native Network Driver VNN B.J. C:\WINDOWS\SYSTEM32\DRIVERS\VCDVNIC.SYS
+ w29n51 Intel? Wireless LAN Driver Intel? Corporation C:\WINDOWS\SYSTEM32\DRIVERS\W29N51.SYS
+ winachsf HSF_CNXT driver Conexant Systems, Inc. C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ 显示摇曳 CPL 扩展 DESKPAN.DLL
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. C:\WINDOWS\SYSTEM32\HTICONS.DLL
+ WinRAR D:\PROGRAM FILES\WINRAR\RAREXT.DLL
+ RealOne Player Context Menu Class RealPlayer Shell Extensions RealNetworks, Inc. C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL
+ Tencent Browser Helper Tencent C:\PROGRAM FILES\TENCENT\ADPLUS\SSADDR1.DLL
+ Tencent SearchHook Tencent C:\PROGRAM FILES\TENCENT\ADPLUS\SSADDR1.DLL
+ Tencent AddrDropTarget Tencent C:\PROGRAM FILES\TENCENT\ADPLUS\SSADDR1.DLL
+ NeroDigitalIconHandler Class Nero Digital Shell Extension Nero AG C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL
+ NeroDigitalPropSheetHandler Class Nero Digital Shell Extension Nero AG C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NERODIGITALEXT.DLL
+ mp3infp mp3infp DLL win32lab.com C:\WINDOWS\SYSTEM32\MP3INFP.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ NaviHelperObj Class TODO: <文件说明> TODO: <公司名> C:\WINDOWS\NAVIHELPER.DLL
+ Cieplus Object TODO: <文件说明> TODO: <公司名> C:\WINDOWS\SYSTEM32\IEDNS.DLL
+ VnetCookie Class VnetTransfer Module C:\PROGRA~1\CHINANET\VNETTR~1.DLL
+ Helper Class VCHelper Module C:\WINDOWS\VCHELPER.DLL
+ Thunder Browser Helper XunLeiBHO Thunder Networking Technologies,LTD D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_002.DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
+ 启动迅雷 Thunder Networking Technologies,LTD D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\THUNDER.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. C:\WINDOWS\system32\ATI2EVXX.DLL
+ IntelWireless LogonNotify DLL Intel Corporation C:\PROGRAM FILES\INTEL\WIRELESS\BIN\LGNOTIFY.DLL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ DllDirectory C:\WINDOWS\SYSTEM32
快乐的小强 - 2006-10-6 19:11:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 19:00:21, 日期 2006-10-6
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\VVSN\VVSN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Rising\Rfw\RfwCfg.exe
G:\down\HijackThis1[1].99.1\HijackThis1991zww.exe
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
O2 - BHO: ie - {4959FC63-F7FB-44F6-8AB8-7751099D4188} - C:\WINDOWS\system32\iedns.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: Helper Class - {6E28339B-7A2A-47B6-AEB2-197004272379} - C:\WINDOWS\vchelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask]
快乐的小强 - 2006-10-6 19:11:00
"C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [DAEMON Tools] "f:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O11 - Options group: [TBH] 搜搜地址栏搜索
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - NT 服务: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: svchost.exe - Unknown owner - C:\WINDOWS\Hacker.com.cn.exe
O23 - NT 服务: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
lifehope2007 - 2006-10-6 20:27:00
别净整没用地!
给具体解决方法呀!
你的IE被改了!
若出现启动Windows时弹出网页,这是恶意网页对Windows的“启动”组动了手脚的缘故。我们在注册表中将“启动”组内相应项目删除即可解决。
方法是:展开[HKEY_LOCAL_MACHINE\Software\Wicrosoft\Windows\Current Version\Run]主键,在右部窗口中将包含有url、htm、html、asp、php等网址属性的键值名全部删除。
恶意网页还有一种类似的伎俩是,启动Windows时会弹出对话框,以显示它们的广告信息。解决办法是:展开[HKEY_LOCAL_MACHINE\Software\Wicrosoft\Windows\Current Version]主键,该主键下的子键“Winlogon”可以使Windows启动时显示信息提示框,直接将该子键删除即可避免启动时出现垃圾信息了。
IE浏览器中每隔一段时间就会弹出新的窗口去访问别的网页,这种情况也是典型的恶意网页中毒症状。恶意网页是通过在Windows的“启动”组添加hta文件来达到目的的。同样,我们利用以上的方法,将启动组内包含hta文件的项目全部删除即可。
如果禁止修改注册表 :
这是恶意网页最无耻的行径了,恶意网页修改了我们的系统,当我们使用注册表编辑器Regedit.exe时去修复注册表时,系统提示“注册表编辑器被管理员所禁止”。恶意网页试图通过禁止Regedit.exe的使用,来阻止我们修复注册表,可谓用心险恶。
但注册表编辑工具除了Regedit.exe外还有很多种,随便从网上下载一个注册表编辑器,展开[HKEY_CURRENT_USER\Software\Wicrosoft\Windows\Current Version\Policies\System]主键,将键值名“DisableRegistryTools”的键值改为“0”,或将该键值名删除,这样便可使用Windows自带的注册表编辑器了。
如果找不到其它编辑器,利用记事本编写以下三行内容:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disableregistrytools"=dword:0
将以上内容保存为aaa.reg,文件名可任取,但扩展名一定要为reg,然后双击这个文件,提示信息成功输入注册表之后,你便又可使用Regedit.exe了。
© 2000 - 2026 Rising Corp. Ltd.