求救弄了一天也没弄好 bbs.ikaka.com

dandan2222 - 2006-11-17 17:47:00

ogfile of HijackThis v1.99.1
Scan saved at 17:35:51, on 2006-11-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\Documents and Settings\dandan\桌面\ha_hijackthis_1991\HijackThis.exe
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\dandan\桌面\sreng2\SREng\SREng.exe
D:\Documents and Settings\dandan\桌面\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: 125.91.14.230 www.kzdh.com
O1 - Hosts: 125.91.14.230 www.7255.com
O1 - Hosts: 125.91.14.230 www.7322.com
O1 - Hosts: 125.91.14.230 www.7939.com
O1 - Hosts: 125.91.14.230 www.piaoxue.com
O1 - Hosts: 125.91.14.230 www.feixu.net
O1 - Hosts: 125.91.14.230 www.6781.com
O1 - Hosts: 125.91.14.230 www.7b.com.cn
O1 - Hosts: 125.91.14.230 7b.com.cn
O1 - Hosts: 125.91.14.230 www.918188.com
O1 - Hosts: 125.91.14.230 hao.allxue.com
O1 - Hosts: 125.91.14.230 good.allxue.com
O1 - Hosts: 125.91.14.230 baby.allxue.com
O1 - Hosts: 125.91.14.230 www.allxue.com
O1 - Hosts: 125.91.14.230 about.lank.la
O1 - Hosts: 125.91.14.230 www.x114x.com
O1 - Hosts: 125.91.14.230 www.37ss.com
O1 - Hosts: 125.91.14.230 www.7k.cc
O1 - Hosts: 125.91.14.230 www.73ss.com
O1 - Hosts: 125.91.14.230 www.hao123.com
O1 - Hosts: 125.91.14.230 www.81915.com
O1 - Hosts: 125.91.14.230 222.88.90.22
O1 - Hosts: 125.91.14.230 www.9991.com
O1 - Hosts: 125.91.14.230 www.my123.com
O1 - Hosts: 125.91.14.230 www.haokan123.com
O1 - Hosts: 125.91.14.230 www.5566.net
O1 - Hosts: 125.91.14.230 www.gjj.cc
O1 - Hosts: 125.91.14.230 www.2345.com
O1 - Hosts: 125.91.14.230 dl.hao318.com
O1 - Hosts: 125.91.14.230 www.123wa.com
O2 - BHO: symndis - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5} - D:\WINDOWS\system32\rasacd.dll (file missing)
O2 - BHO: (no name) - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5}? - (no file)
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [Super Rabbit SRCK] "D:\Program Files\Super Rabbit\MagicSet\srck.exe" /autokill:10,3
O4 - HKLM\..\RunOnce: [KKDelay] D:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\cdnns.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148118432811
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS2\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS3\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS5\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS6\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS7\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O17 - HKLM\System\CS8\Services\Tcpip\..\{25250F1A-BAD2-476A-B3CC-0454EEC6CD7F}: NameServer = 202.99.96.68 202.99.64.69
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - D:\WINDOWS\system32\cmspl.dll (file missing)
O23 - Service: Security Machine Manager (BRGNS) - Unknown owner - D:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network Management Center Time (W32Times) - Unknown owner - D:\WINDOWS\system32\timeman32.exe (file missing)

dandan2222 - 2006-11-17 17:52:00

以下是SREng扫描日志
2006-11-17,17:37:36

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><; "D:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<Super Rabbit IEPro><; D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Super Rabbit SRCK><"D:\Program Files\Super Rabbit\MagicSet\srck.exe" /autokill:10,3> [Super Rabbit Soft]
<KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<NetWork><D:\WINDOWS\system32\cmspl.dll> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Security Machine Manager / BRGNS]
<D:\WINDOWS\SYSTEM32\RUNDLL.EXE D:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[System Administrator / ClipArt]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\mssapi.dll><N/A>
[ClipBook / ClipSrv]
<D:\WINDOWS\system32\clipsrv.exe><N/A>
[Human Interface Device Access / HidServ]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MessageServices / MessageServices]
<D:\WINDOWS\system32\Svchost.exe -k MessageServices-->D:\WINDOWS\system32\MsServices\update\svchost.dll><N/A>
[msgsat / msgsat]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\Program Files\Messenger\msnhost.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
<D:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Network Management Center Time / W32Times]
<D:\WINDOWS\system32\timeman32.exe><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bootbus / bootbus]
<\??\D:\WINDOWS\system32\drivers\bootbus.sys><N/A>
[d347bus / d347bus]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[ecegjebd / ecegjebd]
<\SystemRoot\system32\drivers\ecegjebd.sys><N/A>
[ExpScaner / ExpScaner]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI]
<\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ids00035 / ids00035]
<\??\D:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00035.sys><N/A>
[jr / jr]
<\??\D:\WINDOWS\system32\drivers\jr.sys><N/A>
[kmsinput / kmsinput]
<\??\D:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mmc / mmc]
<\??\D:\WINDOWS\system32\drivers\mmc.sys><N/A>
[mProcRs / mProcRs]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
<\??\D:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[nwupspx / nwupspx]
<\SystemRoot\system32\drivers\nwupspx.sys><N/A>
[ProcServ / ProcServ]
<\??\D:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03]
<\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[STEC3 / STEC3]
<\??\D:\WINDOWS\system32\STEC3.sys><AntiCracking>
[TSP / TSP]
<\??\D:\WINDOWS\system32\drivers\klif.sys><N/A>
[vaxscsi / vaxscsi]
<\SystemRoot\System32\Drivers\vaxscsi.sys><Alcohol Soft Co., Ltd.>
[VIA AGP Bus Filter / viaagp]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA AGP Filter / viaagp1]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAPFD / VIAPFD]
<\SystemRoot\System32\Drivers\VIAPFD.SYS><VIA Technologies. Inc.>
[vmfilter303 / vmfilter303]
<system32\drivers\vmfilter303.sys><Vimicro Corporation>
[w / w]
<\??\D:\WINDOWS\system32\drivers\w.sys><N/A>

==================================

红夜鬼1 - 2006-11-17 17:53:00

运行Hijackthis，把下面的选中打上钩，修复

O1 - Hosts: 125.91.14.230 www.kzdh.com
O1 - Hosts: 125.91.14.230 www.7255.com
O1 - Hosts: 125.91.14.230 www.7322.com
O1 - Hosts: 125.91.14.230 www.7939.com
O1 - Hosts: 125.91.14.230 www.piaoxue.com
O1 - Hosts: 125.91.14.230 www.feixu.net
O1 - Hosts: 125.91.14.230 www.6781.com
O1 - Hosts: 125.91.14.230 www.7b.com.cn
O1 - Hosts: 125.91.14.230 7b.com.cn
O1 - Hosts: 125.91.14.230 www.918188.com
O1 - Hosts: 125.91.14.230 hao.allxue.com
O1 - Hosts: 125.91.14.230 good.allxue.com
O1 - Hosts: 125.91.14.230 baby.allxue.com
O1 - Hosts: 125.91.14.230 www.allxue.com
O1 - Hosts: 125.91.14.230 about.lank.la
O1 - Hosts: 125.91.14.230 www.x114x.com
O1 - Hosts: 125.91.14.230 www.37ss.com
O1 - Hosts: 125.91.14.230 www.7k.cc
O1 - Hosts: 125.91.14.230 www.73ss.com
O1 - Hosts: 125.91.14.230 www.hao123.com
O1 - Hosts: 125.91.14.230 www.81915.com
O1 - Hosts: 125.91.14.230 222.88.90.22
O1 - Hosts: 125.91.14.230 www.9991.com
O1 - Hosts: 125.91.14.230 www.my123.com
O1 - Hosts: 125.91.14.230 www.haokan123.com
O1 - Hosts: 125.91.14.230 www.5566.net
O1 - Hosts: 125.91.14.230 www.gjj.cc
O1 - Hosts: 125.91.14.230 www.2345.com
O1 - Hosts: 125.91.14.230 dl.hao318.com
O1 - Hosts: 125.91.14.230 www.123wa.com
O2 - BHO: symndis - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5} - D:\WINDOWS\system32\rasacd.dll (file missing)
O2 - BHO: (no name) - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5}? - (no file)
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\cdnns.dll' missing
请下载LSPFix和WinsockXPFix这两个软件，
小软件下载
http://free5.ys168.com/?ufwihgu168
　　重新启动电脑, 进入安全模式。运行LSPFix.exe，删除：

cdnns.dll
如果无法上网，请运行WinsockXPFix，
让它修复一下。

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

6981313 - 2006-11-17 17:55:00

到http://free5.ys168.com/?jxsbb下载
LSPFix.zip 178.3KB lsp修复工具
WinsockxpFix.rar 0.6MB lsp修复工具
执行完以下步骤后,用LSPFix修复LSP，如果不能正常上网用WinsockxpFix修复。
修复：
O1 - Hosts: 125.91.14.230 www.kzdh.com
O1 - Hosts: 125.91.14.230 www.7255.com
O1 - Hosts: 125.91.14.230 www.7322.com
O1 - Hosts: 125.91.14.230 www.7939.com
O1 - Hosts: 125.91.14.230 www.piaoxue.com
O1 - Hosts: 125.91.14.230 www.feixu.net
O1 - Hosts: 125.91.14.230 www.6781.com
O1 - Hosts: 125.91.14.230 www.7b.com.cn
O1 - Hosts: 125.91.14.230 7b.com.cn
O1 - Hosts: 125.91.14.230 www.918188.com
O1 - Hosts: 125.91.14.230 hao.allxue.com
O1 - Hosts: 125.91.14.230 good.allxue.com
O1 - Hosts: 125.91.14.230 baby.allxue.com
O1 - Hosts: 125.91.14.230 www.allxue.com
O1 - Hosts: 125.91.14.230 about.lank.la
O1 - Hosts: 125.91.14.230 www.x114x.com
O1 - Hosts: 125.91.14.230 www.37ss.com
O1 - Hosts: 125.91.14.230 www.7k.cc
O1 - Hosts: 125.91.14.230 www.73ss.com
O1 - Hosts: 125.91.14.230 www.hao123.com
O1 - Hosts: 125.91.14.230 www.81915.com
O1 - Hosts: 125.91.14.230 222.88.90.22
O1 - Hosts: 125.91.14.230 www.9991.com
O1 - Hosts: 125.91.14.230 www.my123.com
O1 - Hosts: 125.91.14.230 www.haokan123.com
O1 - Hosts: 125.91.14.230 www.5566.net
O1 - Hosts: 125.91.14.230 www.gjj.cc
O1 - Hosts: 125.91.14.230 www.2345.com
O1 - Hosts: 125.91.14.230 dl.hao318.com
O1 - Hosts: 125.91.14.230 www.123wa.com
O2 - BHO: symndis - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5} - D:\WINDOWS\system32\rasacd.dll (file missing)
O2 - BHO: (no name) - {166DF856-08F0-4D1C-991D-7CE3DB5C26F5}? - (no file)
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\cdnns.dll' missing
O23 - Service: Security Machine Manager (BRGNS) - Unknown owner - D:\WINDOWS\SYSTEM32\RUNDLL.EXE (file missing)
O23 - Service: Network Management Center Time (W32Times) - Unknown owner - D:\WINDOWS\system32\timeman32.exe (file missing)
安全模式下删除:(如果还有的话)
D:\WINDOWS\system32\timeman32.exe
打开控制面板-管理工具-服务
禁止Network Management Center Time (W32Times) 服务

dandan2222 - 2006-11-17 17:55:00

浏览器加载项
[symndis]
{166DF856-08F0-4D1C-991D-7CE3DB5C26F5} <D:\WINDOWS\system32\rasacd.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <D:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <D:\WINDOWS\system32\netidp.dll, N/A>
[symndis]
{166DF856-08F0-4D1C-991D-7CE3DB5C26F5} <D:\WINDOWS\system32\rasacd.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <D:\WINDOWS\system32\usercrd.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SrchHook Class]
{6E1BC898-505A-44F4-BC88-BCE43016AC96} <D:\WINDOWS\system32\BarSea.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[UMU Class]
{86450826-9507-44DC-9009-F92D2F5864EE} <D:\WINDOWS\system32\sysag.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RealWebStart Class]
{88E2AFD9-0FE2-471F-9337-86C9DED12058} <D:\Program Files\Real\RealGame\gamehall\RealgameAdaptor.dll, N/A>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <D:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <D:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SPlayerCtrl Class]
{B0CE7123-982E-4A0C-A0D6-E4F32B9BAEDF} <D:\PROGRA~1\sina\STVPLA~1\STVPLA~1.DLL, 北京新浪信息技术有限公司>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[bingo]
{B626AE7E-4F5D-4CD4-B457-D8693015DEFC} <D:\WINDOWS\system32\amvda.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[iChatX Object]
{C07405FD-84D1-4A25-94E8-68609EA8335B} <D:\Program Files\iChat视频控件\ichatx.dll, 深圳市东方博雅科技有限公司>
[EyeOnIE Class]
{C14393E1-95FF-4DFF-9BE0-EA008D4EF930} <D:\PROGRA~1\test\BHOPLU~1.DLL, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[MHHlprObj Class]
{D0543C13-1424-4685-B1FE-20DE3C539E9D} <D:\WINDOWS\system32\mhhelper.dll, mhhelper.com>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

水树雨下 - 2006-11-17 17:57:00

O10项不要修，卸载中文上网

dandan2222 - 2006-11-17 17:59:00

请教一下我电脑进不去安全模式了等半天还是光标怎么办?

dandan2222 - 2006-11-17 18:02:00

他说的都修了修完后一堆英文对话框闪亮登场~~~点一下后接着好象是个错误信息都是英文好多不明白啥事~~~~

6981313 - 2006-11-17 18:07:00

引用:

【水树雨下的贴子】O10项不要修，卸载中文上网
………………

谢谢,学习!

dandan2222 - 2006-11-17 18:08:00

正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][D:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 908][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][D:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
[D:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
[D:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
[D:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[D:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
[D:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
[D:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[D:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1204][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1320][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436][D:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1660][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[D:\Program Files\Super Rabbit\HappyPlayer\Codecs\mmfinfo.dll] [N/A, N/A]
[D:\Program Files\Super Rabbit\HappyPlayer\Codecs\mkunicode.dll] [N/A, N/A]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9371]
[D:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9371]
[D:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[D:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
[D:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, N/A]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1676][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[PID: 1796][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[PID: 1808][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[PID: 1876][D:\Program Files\Unlocker\UnlockerAssistant.exe] [N/A, N/A]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[PID: 1920][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[PID: 1524][D:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371]
[D:\WINDOWS\system32\nvapi.dll] [N/A, N/A]
[PID: 1704][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2252][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3536][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]
[D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[D:\WINDOWS\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 0]
[PID: 2212][D:\Documents and Settings\dandan\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[D:\WINDOWS\system32\rdzl7.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
125.91.14.230 www.kzdh.com
125.91.14.230 www.7255.com
125.91.14.230 www.7322.com
125.91.14.230 www.7939.com
125.91.14.230 www.piaoxue.com
125.91.14.230 www.feixu.net
125.91.14.230 www.6781.com
125.91.14.230 www.7b.com.cn
125.91.14.230 7b.com.cn
125.91.14.230 www.918188.com
125.91.14.230 hao.allxue.com
125.91.14.230 good.allxue.com
125.91.14.230 baby.allxue.com
125.91.14.230 www.allxue.com
125.91.14.230 about.lank.la
125.91.14.230 www.x114x.com
125.91.14.230 www.37ss.com
125.91.14.230 www.7k.cc
125.91.14.230 www.73ss.com
125.91.14.230 www.hao123.com
125.91.14.230 www.81915.com
125.91.14.230 222.88.90.22
125.91.14.230 www.9991.com
125.91.14.230 www.my123.com
125.91.14.230 www.haokan123.com
125.91.14.230 www.5566.net
125.91.14.230 www.gjj.cc
125.91.14.230 www.2345.com
125.91.14.230 dl.hao318.com
125.91.14.230 www.123wa.com

==================================
终于发完了....汗

瑞星卡卡安全论坛