出差几天，回来电脑就打不开了，版主帮忙看看，谢谢！ bbs.ikaka.com

小小dada - 2006-11-13 9:52:00

这是在带网络连接的安全模式下打开的。

HijackThis_815汉化版扫描日志 V1.99.1
保存于 9:35:54, 日期 2006-11-13
操作系统： Windows XP SP1 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\sys32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\无锡绿业物资有限公司1\桌面\HijackThis1991zww.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~2\tbhelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com

小小dada - 2006-11-13 9:53:00

O2 - BHO: (no name) - {003169BC-AB68-482F-AEA6-B51A47BDDB83} - C:\WINDOWS\system32\ATIAngetser.dll
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\giudfidjg\trgjiw.dll
O2 - BHO: IeEventObj Class - {0FAFD871-DFE0-496D-8953-0D5BA28E9766} - C:\Program Files\Internet Explorer\PLUGINS\AviPlayer.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Google Bar - {12365484-96a1-6974-3269-123555124655} - C:\WINDOWS\System32\GoogleBar.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5196.dll
O2 - BHO: MsXmlExObj Class - {449840D6-2E92-47B5-AED3-B03A41CE9CE4} - C:\WINDOWS\System32\MSXMLR~1.DLL
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: DabObj Class - {70D509DD-32A5-4E11-B9C1-865433C8443C} - C:\WINDOWS\System32\dabapi.dll
O2 - BHO: 360安全卫士 - {8C7A85DB-99B6-4477-B14B-28FC27766244} - C:\WINDOWS\System32\gcnbfkrb.dll
O2 - BHO: (no name) - {930FD663-1720-4E8A-BC62-681A8BCEA428} - C:\WINDOWS\system32\adsnwer.dll
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\System32\drivers\spoolsv.dll
O2 - BHO: (no name) - {A878C4B6-640F-4C84-953F-31F38D9D4C80} - C:\WINDOWS\system32\ATSerioserar.dll
O2 - BHO: XBTBPos00 - {BD72EF1D-E47A-454F-AEA5-9F4C3ABE4EE5} - C:\PROGRA~1\ABOBEF~2\CAB301~1.DLL
O2 - BHO: TBSB00889 - {E9582697-E409-4312-B454-4B43F994D9DF} - C:\PROGRA~1\ABOBEF~1\ABOBEF~1.DLL
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\System32\AlxTB1.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\BitComet\BitCometBar\BitCometBar0.1.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - IE工具栏增项: Abobe Flash Play9 - {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} - C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll
O3 - IE工具栏增项: Abobe Flash Play 9 - {055187D9-1D7B-4C60-8324-F53F935E8AEE} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

小小dada - 2006-11-13 9:53:00

O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe
O4 - 启动项HKLM\\Run: [SubOlccr] C:\Patriot\SubOlccr.exe
O4 - 启动项HKLM\\Run: [RfwMain] "F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "F:\Program Files\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [QuickTime Task] "F:\新建文件夹\Storm Codec\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - 启动项HKLM\\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\WINDOWS\System32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [systemdll] regsvr32 /s c:\WINDOWS\system32\system.dll
O4 - 启动项HKLM\\Run: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\Run: [dabrun] rundll32.exe "C:\WINDOWS\System32\dabapi.dll",Rundll32
O4 - 启动项HKLM\\Run: [C:\WINDOWS\System32\15.exe] C:\WINDOWS\System32\15.exe
O4 - 启动项HKLM\\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\RunOnce: [getmid] rundll32.exe C:\WINDOWS\System32\dabapi.dll,Rundll32 getmid
O4 - 启动项HKLM\\RunOnce: [RavStub] "F:\Program Files\Rav\ravstub.exe" /RUNONCE
O4 - 启动项HKLM\\RunOnce: [xbcqvf86] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbcqvf86.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [kkicfc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\kkicfc80.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [ebiugd65] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ebiugd65.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [dwntrk81] %systemroot%\system32\Rundll32.exe %systemroot%\system32\dwntrk81.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

小小dada - 2006-11-13 9:54:00

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - IE右键菜单中的新增项目: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - IE右键菜单中的新增项目: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.wuxi.cn/plugin/PowerPlr.ocx
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2165DA8-C4A7-48AC-9B94-23F38E6BA361}: NameServer = 221.228.255.1

小小dada - 2006-11-13 9:54:00

O20 - AppInit_DLLs: 578685M.BMP
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\System32\cmspl.dll
O23 - NT 服务: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - NT 服务: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rav\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rav\Ravmond.exe

红夜鬼1 - 2006-11-13 10:18:00

运行Hijackthis，把下面的选中打上钩，修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\explorer.exe
O1 - Hosts: 222.88.90.22 www.4199.com
O1 - Hosts: 222.88.90.22 4199.com
O1 - Hosts: 222.88.90.22 www.9505.com
O1 - Hosts: 222.88.90.22 9505.com
O1 - Hosts: 222.88.90.22 7939.com
O1 - Hosts: 222.88.90.22 www.7939.com
O1 - Hosts: 222.88.90.22 www.3448.com
O1 - Hosts: .72g.com
O1 - Hosts: 203.171.236.215 www.muchina.com
O1 - Hosts: 203.171.236.215 xyq.163.com
O1 - Hosts: 203.171.236.215 xy2.163.com
O1 - Hosts: 203.171.236.215 www.the9.com
O1 - Hosts: 203.171.236.215 www.5173.com
O1 - Hosts: 203.171.236.215 www.tkgame.com
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 www.ddspn.com
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5196.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL

O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [systemdll] regsvr32 /s c:\WINDOWS\system32\system.dll
O4 - 启动项HKLM\\Run: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\Run: [dabrun] rundll32.exe "C:\WINDOWS\System32\dabapi.dll",Rundll32
O4 - 启动项HKLM\\Run: [C:\WINDOWS\System32\15.exe] C:\WINDOWS\System32\15.exe
O4 - 启动项HKLM\\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - 启动项HKLM\\RunOnce: [getmid] rundll32.exe C:\WINDOWS\System32\dabapi.dll,Rundll32 getmid
O4 - 启动项HKLM\\RunOnce: [xbcqvf86] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbcqvf86.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [kkicfc80] %systemroot%\system32\Rundll32.exe %systemroot%\system32\kkicfc80.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [ebiugd65] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ebiugd65.dll,DllUnregisterServer
O4 - 启动项HKLM\\RunOnce: [dwntrk81] %systemroot%\system32\Rundll32.exe %systemroot%\system32\dwntrk81.dll,DllUnregisterServer
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\kbmw.dll
O20 - AppInit_DLLs: 578685M.BMP

显示隐藏文件
删除：
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\System32\SHDOCVW.DLL
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Download\svhost32.exe
c:\winla\winla.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\System32\15.exe
%systemroot%\system32\dwntrk81.dll
%systemroot%\system32\ebiugd65.dll
%systemroot%\system32\kkicfc80.dll
%systemroot%\system32\xbcqvf86.dll
c:\windows\kbmw.dll
578685M.BMP搜索一下

小小dada - 2006-11-13 11:44:00

01项和02项、10项没法修复的，版主帮忙看看吧

红夜鬼1 - 2006-11-13 11:56:00

查找HOSTS文件，用记事打开，清除里面的
只留这一项：127.0.0.1

小小dada - 2006-11-13 15:26:00

清除不掉，修改后保存老是说hosts正在被使用，无法修改。

红夜鬼1 - 2006-11-13 15:28:00

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

小小dada - 2006-11-13 16:00:00

006-11-13,15:39:51

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
<MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [N/A]
<ws_d><; C:\WINDOWS\ws32.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PreAnnotate><; C:\WINDOWS\System32\PreAnntt.exe> [N/A]
<SubOlccr><; C:\Patriot\SubOlccr.exe> [N/A]
<RfwMain><"F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"F:\Program Files\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<QuickTime Task><"F:\新建文件夹\Storm Codec\qttask.exe" -atboottime> [N/A]
<Lexmark 4200 Series><"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"> [Lexmark International, Inc.]
<FaxCenterServer4_in_1><"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s> [N/A]
<C:\WINDOWS\System32\15.exe><C:\WINDOWS\System32\15.exe> [N/A]
<assistse><; "C:\PROGRA~1\3721\assistse.exe"> [N/A]
<ccenter><; d:\Program Files\rising\Rav\CCenter.exe> [N/A]
<EyeTel><; F:\EyeTel\EyeTel.exe -a> [N/A]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [N/A]
<MINI_BFYY><; F:\新建文件夹\Storm Downloader\StormDownloader.exe> [N/A]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<RavMon><; F:\Program Files\rav\RavMon.exe> [Beijing Rising Technology Co., Ltd.]
<RavTimer><; F:\Program Files\rav\RavTimer.exe> [N/A]
<RealTray><; d:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A]
<rfw><; F:\Program Files\rav\Rfw\Rfw.exe> [N/A]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [N/A]
<WinampAgent><; "E:\zqz\winnap\Winampa.exe"> [N/A]
<WService><; WService.EXE> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [N/A]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Corporation]
<NetWork><C:\WINDOWS\System32\cmspl.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><%SystemRoot%\System32\logon.scr> [(Verified)Microsoft Corporation]

==================================

小小dada - 2006-11-13 16:01:00

启动文件夹
N/A

==================================
服务
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[EpsonBidirectionalService / EpsonBidirectionalService]
<C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe><N/A>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[Imsvc / Imsvc]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Webmail.dll><>
[Indexing Service / IndexingService]
<2 - 系统找不到指定的文件。
><N/A>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[LexBce Server / LexBceS]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[MessageService / MessageService]
<C:\WINDOWS\System32\Svchost.exe -k MessageService-->C:\WINDOWS\System32\MsServices\svchost.dll><N/A>
[msgsat / msgsat]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnhost.dll><>
[Rising Personal Firewall Service / RfwService]
<f:\program files\rav\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"F:\Program Files\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"F:\Program Files\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WindowService / WindowService]
<C:\WINDOWS\System32\Svchost.exe -k WindowService-->C:\WINDOWS\System32\drivers\Register_nos.dll><N/A>
[WinTab Service / WinTabService]
<"C:\WINDOWS\System32\Drivers\WTSRV.EXE"><N/A>

==================================

小小dada - 2006-11-13 16:01:00

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys]
<\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[dwntrk8 / dwntrk81]
<\SystemRoot\System32\DRIVERS\dwntrk81.sys><N/A>
[ebiugd6 / ebiugd65]
<\SystemRoot\System32\DRIVERS\ebiugd65.sys><N/A>
[ExpScaner / ExpScaner]
<\??\F:\Program Files\Rav\ExpScan.sys><>
[GEARAspiWDM / GEARAspiWDM]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HookCont / HookCont]
<\??\F:\Program Files\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\F:\Program Files\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\F:\Program Files\Rav\HookSys.sys><Rising>
[jr / jr]
<\??\C:\WINDOWS\System32\drivers\jr.sys><N/A>
[kkicfc8 / kkicfc80]
<\SystemRoot\System32\DRIVERS\kkicfc80.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\F:\Program Files\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\f:\program files\rav\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NetworkX / NetworkX]
<\SystemRoot\system32\ckldrv.sys><N/A>
[New0 / New0]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
<\??\F:\Program Files\rav\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Helper Driver / sfhlp01]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiS315 / SiS315]
<System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Serial Tablet Port Driver / Tablet2k]
<System32\DRIVERS\Tablet2k.sys><Windows (R) 2000 DDK provider>
[Tablet Class Driver / TClass2k]
<System32\DRIVERS\TClass2k.sys><Windows (R) 2000 DDK provider>
[HID Tablet Port Driver / UCTblHid]
<"C:\WINDOWS\System32\Drivers\UCTblHid.sys"><Windows (R) 2000 DDK provider>
[udsvmgg / udsvmggf]
<\SystemRoot\System32\DRIVERS\udsvmggf.sys><N/A>

==================================

小小dada - 2006-11-13 16:01:00

浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <F:\BitComet\BitCometBar\BitCometBar0.1.dll, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, N/A>
[Abobe Flash Play9]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll, IE Toolbar>
[Abobe Flash Play 9]
{055187D9-1D7B-4C60-8324-F53F935E8AEE} <C:\Program Files\Abobe Flash Play 9\tbu03305\Cab301b48.dll, N/A>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Tech. Co., Ltd.>

==================================
正在运行的进程
[PID: 288][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 340][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 364][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 408][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 420][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 572][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 616][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1136][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
[C:\WINDOWS\System32\mp3infp.dll] [win32lab.com, 2.50.5.0]
[F:\Program Files\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1524][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1380][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1820][C:\Program Files\Super Rabbit\MagicSet\SRIEH.EXE] [Super Rabbit Soft, 7.86.0001]
[PID: 1924][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[F:\Program Files\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[PID: 516][E:\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

瑞星卡卡安全论坛