【求助】老毛病，向大虾门求救~~~！！ bbs.ikaka.com

D调小强 - 2006-11-1 8:58:00

开机自动运行一个广告，无关闭只有点击后连接到一个网站 www.37ss.com 然后广告隐藏。查看任务管理器可发现正在运行的是Explorer ，进程中多了ad1.exe的系统进程。用超级兔子、卡巴斯基 360安全卫士等查杀恶意软件和恶意程序均不起作用。regedit和msconfig我不熟，所以尽管对HKEY_LOCAL_MACHINE\Software＼Microsoft＼Windows＼CurrentVersion＼Winlogon以及HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt做了一些更改也不见效果。只要起机就弹出那个广告页，关了之后隔一段时间还弹。请大家帮帮我这个初学者，在下万分感激。。。。。如果实在实在没法了我只有全格掉重分区彻底点重做了。。。
下面是我用SYSTEM REPAIR ENGINEER的扫描结果！

2006-11-01,06:29:12

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<NvCplDaemon><rem RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><rem nwiz.exe /install> [N/A]
<NvMediaCenter><rem RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<kis><"D:\卡巴斯基\avp.exe"> [Kaspersky Lab]
<IMSCMig><rem C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP]
<D:\卡巴斯基\avp.exe -r><Kaspersky Lab>
[Remote Route Service / Framework]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jpqtbk97.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Windows Installer / MSIServer]
<C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Security Machine Manager / NHLscA]
<C:\WINDOWS\SYSTEM32\RUN32.EXE C:\WINDOWS\SYSTEM32\WBEM\AOYVBN93.DLL,Export 1087><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Distributed Link Tracking Server / TrkWks]
<C:\WINDOWS\system32\svchost.exe -k netsvsc-->%SystemRoot%\system32\est.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[43262171 / 43262171]
<C:\WINDOWS\SYSTEM32\DRIVERS\43262171.SYS><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><N/A>
[HTTP / HTTP]
<System32\Drivers\HTTP.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat]
<system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[kl1 / kl1]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[npkcrypt / npkcrypt]
<\??\D:\qq\npkcrypt.sys><N/A>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[StarForce Protection Environment Driver v6 / prodrv06]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Helper Driver / sfhlp01]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[Microcode Update Driver / Update]
<system32\DRIVERS\update.sys><Microsoft Corporation>

==================================

D调小强 - 2006-11-1 9:00:00

浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\超级兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\超级兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\超级兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\超级兔子\MagicSet\haokanbar.dll, Xiang Feng Technology>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<D:\迅雷5\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\迅雷5\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\OFFICE11\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 660][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 800][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1148][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\卡巴斯基\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1196][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1688][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.6681]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.6681]
[C:\WINDOWS\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.6681]
[PID: 1960][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 196][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.24]
[PID: 496][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.6681]
[PID: 544][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 164][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][G:\一些安装程序\系统检测修复专家\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[D:\卡巴斯基\adialhk.dll] [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.135.150.114 www.8000qq.com
61.135.150.114 www.800f.net
61.135.150.114 www.1000sf.cn
61.135.150.114 jfengsha.comfb
61.135.150.114 www.1000yf.net
61.135.150.114 www.159sifu.com
61.135.150.114 www.9s5.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.wym.cn
61.135.150.114 www.cc4f.cn
61.135.150.114 mafan.net
61.135.150.114 www.6688qn.net
61.135.150.114 www.sf8.com.cn
61.135.150.114 www.13177.com
61.135.150.114 ip94.fd4f.com
61.135.150.114 www.521it.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.fwoool.cn
61.135.150.114 www.5u37.net
61.135.150.114 www.87sf.com
61.135.150.114 ww1.swoool.com
61.135.150.114 wooljsz.cn
61.135.150.114 www.57wool.com
61.135.150.114 www.58816.com
61.135.150.114 www.spbuy.net
61.135.150.114 chuanqisjsf.blwool.com
61.135.150.114 www.woool188.com
61.135.150.114 www.sf1260.com
61.135.150.114 linf23.b12.cnwg.cn
61.135.150.114 www.wooolweb.com
61.135.150.114 www.yq520.net
61.135.150.114 www.cs222.com
61.135.150.114 www.ok22.com
61.135.150.114 www.7100sf.com
61.135.150.114 www.1352sf.com
61.135.150.114 www.458wool.cn
61.135.150.114 www.555woool.cn
61.135.150.114 www.kaosf.com
61.135.150.114 www.siyuwl.com
61.135.150.114 www.csjsz.cn
61.135.150.114 www.13177.com
61.135.150.114 www.458cs.com
61.135.150.114 www.5573.com
61.135.150.114 www.02945.com
61.135.150.114 www.pkchina.net
61.135.150.114 www.5181314.com
61.135.150.114 www.fknf2.com
61.135.150.114 www2.yoursf.com
61.135.150.114 www.paocs.com
61.135.150.114 www.sfboke.com
61.135.150.114 www.tt878.com
61.135.150.114 ww1.woool188.com
61.135.150.114 www.cs119.com
61.135.150.114 www.xdwoool.net
61.135.150.114 www.tt515.com

==================================

瑞星卡卡安全论坛