Trojan.DL.VBS.Agent.cff, Dropper.Axt.a这两个病毒怎么杀? bbs.ikaka.com

lnsyzb - 2006-10-26 20:22:00

每次打开电脑,一上IE,就会跳出流氓网页http://blog.ku6.com/zhuanti/mumayi/ku62,http://click.uoolink.com/poplink等,或者是盈科数字__首页,然后瑞星就能查出若干个病毒,包括Trojan.DL.VBS.Agent.cff, Dropper.Axt.a等,删掉以扣,下次再开机还会出现.用恶意网页查杀工具也杀不净....
瑞星监控结果如下:

病毒名称处理结果扫描方式路径文件
Trojan.DL.VBS.Agent.cff 跳过脚本网页/脚本监控C:\DOCUME~1\fyg\LOCALS~1\Temp3552150878576.tmp
Dropper.AXT.a 删除成功文件监控C:\Documents and Settings\fyg\Local Settings\Temporary Internet Files\Content.IE5\00Z6UDJDupdate13[1].exe>>Unpack
Dropper.AXT.a 删除成功文件监控C:\WINDOWSupdate13.exe>>Unpack
Dropper.AXT.a 删除成功文件监控C:\Documents and Settings\fyg\Local Settings\Temporary Internet Files\Content.IE5\QIJ7CVEXupdate5[1].exe>>Unpack
Dropper.AXT.a 删除成功文件监控C:\WINDOWSupdate5.exe>>Unpack

敬请斑竹和各位大侠指点一二....

westbeck - 2006-10-26 20:32:00

安全模式清空C:\DOCUME~1\fyg\LOCALS~1\Temp
清空ＩＥ临时文件

westbeck - 2006-10-26 20:32:00

如果还不行，请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

lnsyzb - 2006-10-26 20:36:00

谢谢,我试一下

lnsyzb - 2006-10-26 20:37:00

还有一个叫什么星空卫星网络电视的网页,也是不请自来,讨厌死了.

lnsyzb - 2006-10-26 20:59:00

还是不行,我正在扫描

lnsyzb - 2006-10-26 21:03:00

2006-10-26,20:50:44

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RAMDrive><; "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"> [N/A]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<EXPLOEER><; C:\Program Files\Internet Explorer\Mui\> [N/A]
<LogitechVideoRepair><; C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
<LogitechVideoTray><; C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [Nero AG]
<SysExplr><; C:\Program Files\Herosoft\Hero 9\SysExplr.EXE> [N/A]
<VirtualDrive><; "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore> [FarStone Technology Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{B48F6409-4740-475B-A474-651F54CCE460}><C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\MsInfo.Dll> [N/A]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[金山词霸 2006]
<C:\Documents and Settings\fyg\「开始」菜单\程序\启动\金山词霸 2006.lnk --> C:\PROGRA~1\kingsoft\POWERW~1\XDICT.EXE [Kingsoft Co, Ltd.]><N>

lnsyzb - 2006-10-26 21:06:00

==================================
服务
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Albus / Albus]
<system32\drivers\Albus.SYS><N/A>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[HelloNet PPPoE 虚拟网卡 / BRPPPOE]
<system32\DRIVERS\brpppoe.sys><N/A>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fcdabus / fcdabus]
<system32\DRIVERS\fcdabus.sys><FarStone Inc.>
[FileDisk / FileDisk]
<C:\WINDOWS\SYSTEM32\DRIVERS\FileDisk.SYS><Bo Brantén>
[RamDisk Drive Service / fsRamDsk]
<System32\Drivers\fsRamDsk.sys><FarStone>
[FVDSCSI / FVDSCSI]
<system32\DRIVERS\fvdscsi.sys><FarStone Inc.>
[HOOKAPI / HOOKAPI]
<\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[i81x / i81x]
<system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0]
<system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1]
<system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2]
<system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3]
<system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4]
<system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5]
<system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6]
<system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7]
<system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0]
<system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1]
<system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3]
<system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4]
<system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5]
<system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6]
<system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0]
<\??\C:\WINDOWS\system32\new.sys><N/A>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
<\??\C:\Program Files\Tencent\qq\npkycryp.sys><N/A>
[p / p]
<\??\C:\DOCUME~1\fyg\LOCALS~1\Temp\pphn><N/A>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Logitech QuickCam Messenger / QCMerced]
<system32\DRIVERS\LVCM.sys><Logitech Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]

lnsyzb - 2006-10-26 21:07:00

<system32\DRIVERS\secdrv.sys><N/A>
[sojubus / sojubus]
<\SystemRoot\system32\DRIVERS\sojubus.sys><>
[sojuscsi / sojuscsi]
<\SystemRoot\system32\DRIVERS\sojuscsi.sys><>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[vbppdryu / vbppdryu]
<\??\C:\WINDOWS\system32\awope.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev]
<system32\DRIVERS\vcdvnic.sys><VNN B.J.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IE Browser Helper]
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\IEHpr.dll, N/A>
[Internet_Explorer_Service]
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[]
{AF3876B1-7D5F-4F0F-BECA-A6324D125A48} <C:\WINDOWS\system32\ATIDEMGREDEM.dll, N/A>
[IEHlprObj Class]
{EAACBF9E-4B91-45FF-93ED-B297093951EA} <C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll, Adobe System>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MSTPlayerInstaller Control]
{045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corp.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[WuYou.WySystem]
{6A9735F1-72AA-49E9-9981-A13C3FD8641B} <C:\WINDOWS\system32\WYSYSTEM.OCX, WuYou>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[MSTPlayerInstaller Control]
{045ADB92-9635-45CE-B25B-F19F825B0E39} <C:\WINDOWS\DOWNLO~1\MSTPLA~1.OCX, Liztech Co., Ltd>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MSTWebPlugin Control]
{1552B945-CC5F-11D5-9F52-00001C01C79A} <C:\WINDOWS\MSTPLA~1\MSTWEB~2.OCX, Liztech Co., Ltd>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corp.>
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\PROGRA~1\PPStream\POWERL~1.OCX, PPStream.com>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[iviRegHelper Class]
{342734E3-D9AC-408F-8724-B7A257C4529E} <C:\Program Files\InterVideo\Common\Bin\AppRegAgent.dll, InterVideo>
[Microsoft Rich Textbox Control, version 6.0]
{3B7C8860-D78F-101B-B9B5-04021C009402} <C:\Program Files\DIY Easy WorkGroup\LRC Maker\RICHTX32.OCX, Microsoft Corporation>
[IE Browser Helper]
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\IEHpr.dll, N/A>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[MSTWebPlugin Control]
{5600F961-5AB3-4A0A-B946-0B954241619D} <C:\WINDOWS\MSTPLA~1\MSTWEB~2.OCX, Liztech Co., Ltd>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>

lnsyzb - 2006-10-26 21:07:00

[WuYou.WySystem]
{6A9735F1-72AA-49E9-9981-A13C3FD8641B} <C:\WINDOWS\system32\WYSYSTEM.OCX, WuYou>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Internet_Explorer_Service]
{9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[]
{AF3876B1-7D5F-4F0F-BECA-A6324D125A48} <C:\WINDOWS\system32\ATIDEMGREDEM.dll, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Xceed Zip Control]
{B26F6246-4C7D-11D1-910E-00600807163F} <C:\WINDOWS\system32\XcdZip35.Ocx, Xceed Software Inc. 1-450-442-2626 zip@xceedsoft.com www.xceedsoft.com>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[MSTWebPlugin Control]
{C619761B-4C10-41E2-B7C5-18835ADBBC56} <C:\WINDOWS\MSTPLA~1\MSTWEB~2.OCX, Liztech Co., Ltd>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash8.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[IEHlprObj Class]
{EAACBF9E-4B91-45FF-93ED-B297093951EA} <C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll, Adobe System>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[用比特精灵下载(&B)]
<C:\Program Files\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 544][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 956][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]

学习技术的懒呀 - 2006-10-26 21:08:00

晕了我也是这种情况....
就是这几个病毒...怎么会事怎么解决掉它
好象杀不掉呀~~~~

lnsyzb - 2006-10-26 21:08:00

[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1300][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNMLM71.DLL] [CANON INC., 1.85.2.20]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD71.DLL] [CANON INC., 1.85.2.20]
[PID: 1400][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1660][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\ATIDEMGREDEM.dll] [N/A, N/A]
[PID: 1752][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1764][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1796][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1884][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 2004][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[PID: 380][C:\Program Files\kingsoft\PowerWord 2006\XDICT.EXE] [Kingsoft Co, Ltd., 9, 0, 0, 0]

lnsyzb - 2006-10-26 21:09:00

[C:\Program Files\kingsoft\PowerWord 2006\AccountActivate.dll] [N/A, N/A]
[C:\Program Files\kingsoft\PowerWord 2006\DicMngr.dll] [Kingsoft, 2, 0, 0, 0]
[C:\Program Files\kingsoft\PowerWord 2006\doshow.dll] [N/A, N/A]
[C:\Program Files\kingsoft\PowerWord 2006\ITextOut.dll] [Kingsoft, 1, 1, 0, 0]
[C:\Program Files\kingsoft\PowerWord 2006\KPic10.dll] [N/A, N/A]
[C:\Program Files\kingsoft\PowerWord 2006\ijl11.dll] [Intel Corporation, 1.1.2]
[C:\Program Files\kingsoft\PowerWord 2006\NormGrab.DLL] [Kingsoft Co, Ltd., 6, 0, 0, 0]
[C:\Program Files\kingsoft\PowerWord 2006\toTTSEngine50.dll] [Kingsoft Corporation, 1, 0, 0, 1]
[C:\Program Files\kingsoft\PowerWord 2006\xfile.dll] [N/A, N/A]
[C:\Program Files\kingsoft\PowerWord 2006\DBCore10.dll] [Kingsoft Corp., 1, 0, 0, 0]
[C:\Program Files\kingsoft\PowerWord 2006\XdictGrb.dll] [Kingsoft Co, Ltd., 9, 0, 0, 0]
[C:\Program Files\kingsoft\PowerWord 2006\KAVPassport.DLL] [Kingsoft Corporation, 2005, 4, 7, 25]
[PID: 468][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 260][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2380][C:\Program Files\HelloNet\HNMainUI.exe] [N/A, 2, 3, 0, 1]
[C:\Program Files\HelloNet\HNKernel.dll] [HelloNet, 2.2.0.1]
[C:\Program Files\HelloNet\HNUtils.dll] [N/A, 2, 2, 0, 1]
[C:\Program Files\HelloNet\HNRes_0804.dll] [N/A, 2, 2, 0, 1]
[C:\Program Files\HelloNet\plugins\Diagnose.dll] [HelloNet, 2.2.0.1]
[PID: 2984][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\system32\ATIDEMGREDEM.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll] [Adobe System, 9]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Flash8.ocx] [Macromedia, Inc., 8,0,0,434]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 3396][C:\Downloads\系统修复工具\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

lnsyzb - 2006-10-26 21:10:00

好不容易贴完了,请帮忙看一下吧,谢谢了

lnsyzb - 2006-10-26 21:15:00

http://www.m8china.com/public/hot/这个叫精彩动漫随时欢享的网站又跳出来了,好象流氓网页随时在变,这网上流氓怎么这么多啊!!!!!

学习技术的懒呀 - 2006-10-26 21:21:00

【回复“lnsyzb”的帖子】
我和你的是一样的病症.........而且还严重出现~.exe 解压缩的都不能用

lnsyzb - 2006-10-26 21:23:00

好象现在好多人都有中了这个毒,瑞星都解决不了,不知有没有什么高手能帮忙? 在下这里先谢过了.

lnsyzb - 2006-10-26 21:27:00

http://www.1717kan.cn/index_11344444.asp这个也是流氓网站,大家一定要注意,揭发其丑恶嘴脸,大家都抵制它!!!
反对流氓网站,人人有责!!!

lnsyzb - 2006-10-26 21:42:00

http://www.qqplayer.net/003.htm这也是一个流氓网页,怎么办呢,请大家帮忙吧......

lnsyzb - 2006-10-27 7:57:00

有高手在线吗,请帮忙看一下日志

lnsyzb - 2006-10-27 8:48:00

急啊,班竹，能不能帮忙看看

lish217 - 2006-10-27 9:07:00

我的也是一样，而且个个盘里面都自动打开IE；删都删不掉

蒋大少少 - 2006-10-27 9:19:00

我推荐一个----------windows清理助手
地址http://www.arswp.com/
一款用户拥有完全控制权的软件清理工具：

1、独有的清理技术，可以彻底清理有驱动保护的恶意软件；

2、引擎和脚本分离，立场中立，清理操作对用户完全透明；

3、自定义查杀规则，控制权完全由用户掌握；

4、开放的用户接口，可以满足您的个性化清理需求,用户自定义脚本文件,实现对一些特殊软件的清理，并可将其共享给所有用户使用！

5、即时更新脚本库，使您拥有更强劲的清理能力！

纯绿色软件，不需安装，解压即可运行！

我只用了一遍
把N多瑞星清理不了的和没清理干净的东西全部清理完了，包括rootkit.ads.i，还有其他N多的广告木马。都是瑞星清理不了的或者清理后流下来的垃圾。这个软件的好处是他只认微软出品的文件或者软件，其他计算机上不是微软的软件他都根据对计算机性能的影响列出等级，用户可以有选择的清理。而病毒无论隐藏的多么好，但毕竟不是微软的系统文件，这样一来就露馅了，自主选择的查杀一下，用瑞星再杀一遍，发现再未出现找到rootkit.ads.i的现象了。呵呵。希望有用！

瑞星卡卡安全论坛