求助:我的电脑中了Rootkit.AdProt.g这个病毒 bbs.ikaka.com

awan0931 - 2006-11-26 11:25:00

我的电脑中了Rootkit.AdProt.g这个病毒杀不死每次开机就提示有这个病毒瑞星监控的内存监控被禁用小伞是黄色!!!求救怎么办啊 !!!在线等!!!!!!!!!!!!!!!!!!!!!

McFee - 2006-11-26 11:28:00

请提供病毒路径
用SRENG扫描日志看看

awan0931 - 2006-11-26 11:40:00

病毒名称处理结果发现日期路径文件病毒来源
Worm.Snake.a 删除成功 2006-11-26 07:30 C:\WINDOWS AdobeR.exe 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:30 C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\EN\StaticPages readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:30 C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoCanvas\2.0\ACDInTouch\EN\StaticPages readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MTMTWFWR readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KFSH6PE3 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CLE705Y3 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8BMJ8729 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\桌面\GPRS\动感大挪移内部免注册版\doc readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\桌面\GPRS\浏览无界限---无界浏览器最新版8绿色版 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\桌面\GPRS\Opera V9.02 Build 8573┊极为出色浏览器┊多国语言绿色特别版 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:31 C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sigyetzm.default readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sigyetzm.default\bookmarkbackups readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\Microsoft Shared\Stationery readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\1028 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\1033 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\2052 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\System\ado readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Common Files\Real\Update_OB\UI readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\NetMeeting readme.eml>>HTML TEXT 本机
Trojan.Clicker.Agent.afg 删除成功 2006-11-26 07:32 C:\Program Files\装机人员工具 UPIEA(IE插件屏蔽) 2006.exe 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Real\RealPlayer\DataCache\admodules readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:32 C:\Program Files\Real\RealPlayer\DataCache\Devices readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer\DataCache\GetMedia readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer\DataCache\Login readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer\DataCache\mstore readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer\DataCache\webresources readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer\Firstrun readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Real\RealPlayer readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\WinRAR readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\Thunder Network\Thunder\Program readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\3DShow readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\Dat readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\GroupLive\CacheFile\index_loge_normal readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\GroupLive\CacheFile readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\QQBuddy\Dat readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:33 C:\Program Files\QQ2006\QBox\msg readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:34 C:\Program Files\QQ2006 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:34 C:\Program Files\Microsoft Office\OFFICE11\2052 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:34 C:\Program Files\Herosoft\Hero 9\DVDSkin\skin2\HTML readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:34 C:\Program Files\Herosoft\Hero 9\DVDSkin\skin6\HTML readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:35 C:\Program Files\Herosoft\Hero 9 readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:35 C:\Program Files\Tencent\TT readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:35 C:\Program Files\CNNIC\Cdn readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:35 C:\Program Files\Mozilla Firefox\res readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:35 C:\Program Files\Mozilla Firefox\defaults\profile readme.eml>>HTML TEXT 本机
Dropper.Agent.dvv 删除成功 2006-11-26 07:39 G:\新建文件夹\硬件检测工具检测工具.exe 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:39 G:\新建文件夹\硬件检测工具\everest readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:40 G:\Program Files\PPLive\xml readme.eml>>HTML TEXT 本机
Exploit.HTML.Iframe.FileDownload 清除成功 2006-11-26 07:40 G:\gprs\GPRS_PC驱动_中性\GPRS_PC驱动_中性\重要15包月\马赫5无线上网加速器Mach5_setup readme.eml>>HTML TEXT 本机

己所不欲勿施于人 - 2006-11-26 11:42:00

是用 SRENG

awan0931 - 2006-11-26 11:43:00

2006-11-26,11:25:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(wallpaper)(c:\windows\system32\壁纸自动换.exe) []
(SoundMan)(SOUNDMAN.EXE) [Realtek Semiconductor Corp.]
(Windows XPlan)() []
(ConnMgr)(C:\Program Files\中国移动随e行客户端软件\TaskCtrl.exe) []
(CdnCtr)(C:\Program Files\CNNIC\Cdn\cdnup.exe) [CNNIC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(SysTime)(C:\PROGRA~1\WinKld\WinKld.dll) [www.88dog.com]
(webwork)(C:\WINDOWS\webwork\webwork.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) []
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) []

awan0931 - 2006-11-26 11:45:00

启动文件夹

服务

[Rising RealTime Monitor / RsRavMon]
("C:\Program Files\Rising\Rav\RavMonD.exe")(Beijing Rising Technology Co., Ltd.)

--------------------------------------------------------------------------------

浏览器加载项

[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} (C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[NOW!Imaging]
{9AA2F14F-E956-44B8-8694-A5B615CDF341} (C:\Program Files\Mach5 Speed Wireless\components\NOWImaging.dll, N/A)
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC)
[红心游戏]
{00000000-DAEB-480d-867B-D746D955765B} (D:\GAME\redheart\GameHall.exe, )
[豪杰超级解霸9]
{367E0A21-8601-4986-9C9A-153BF5ACA118} (C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, herosoft)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} (C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} (C:\WINDOWS\system32\aliedit\pta.dll, )
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} (C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} (C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC)
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD)
[NOW!Imaging]
{9AA2F14F-E956-44B8-8694-A5B615CDF341} (C:\Program Files\Mach5 Speed Wireless\components\NOWImaging.dll, N/A)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} (C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC)
[使用超级解霸播放]
(C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A)
[使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[访问通用网址]
(C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A)

awan0931 - 2006-11-26 11:46:00

正在运行的进程

[PID: 668][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 716][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 788][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 800][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 944][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1016][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1068][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1164][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1232][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1616][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2696 (xpsp_sp2_gdr.050610-1519))
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[PID: 1868][C:\Program Files\Rising\Rav\RavMonD.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 47)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsLog.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\HOOKSYS.dll] (Beijing Rising Technology Co., Ltd.)(18, 1, 0, 12)
[C:\Program Files\Rising\Rav\Scanner.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 33)
[C:\Program Files\Rising\Rav\libload.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\VirusLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 13)
[C:\Program Files\Rising\Rav\regmon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\HookWeb.dll] (rising)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\expscan.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\mPorts.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 3)
[C:\Program Files\Rising\Rav\MailMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\Program Files\Rising\Rav\SpamEng.dll] (N/A)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\engine.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 35)
[C:\Program Files\Rising\Rav\UnExe.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanExec.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\Program Files\Rising\Rav\ScanEx.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 34)
[C:\Program Files\Rising\Rav\RSUnpack.dll] (Beijing Rising Technology Co., Ltd.)(1, 0, 0, 21)
[C:\Program Files\Rising\Rav\ExtFile.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 24)
[C:\Program Files\Rising\Rav\PostTrt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 18)
[C:\Program Files\Rising\Rav\NvFile.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 7)
[C:\Program Files\Rising\Rav\ScanMac.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\ScanSct.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\RsStore.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\ExtOLE.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[PID: 2016][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\PROGRA~1\WinKld\Winkld.dat] (www.88dog.com)(2, 0, 0, 1)
[C:\WINDOWS\webwork\albus.dll] (N/A)(1, 0, 0, 4)
[C:\WINDOWS\webwork\webwork.nls] (N/A)(N/A)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 2)
[PID: 228][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: dnsrv(bld4act))
[PID: 420][C:\Program Files\CNNIC\Cdn\cdnup.exe] (CNNIC)(2, 5, 0, 6)
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] (CNNIC)(2, 5, 0, 6)
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] (CNNIC)(2, 4, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] (CNNIC)(2, 2, 0, 3)
[PID: 572][C:\Program Files\Rising\Rav\RavStub.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[PID: 892][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 960][C:\WINDOWS\SOUNDMAN.EXE] (Realtek Semiconductor Corp.)(5, 1, 0, 52)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)

awan0931 - 2006-11-26 11:46:00

[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 1172][C:\Program Files\中国移动随e行客户端软件\TaskCtrl.exe] ()(1, 0, 0, 1)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 1204][C:\Program Files\Rising\Rav\RavTask.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 22)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 1260][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 1344][C:\Program Files\Rising\Rav\Ravmon.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 39)
[C:\Program Files\Rising\Rav\RsGuiLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 26)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\PngDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 192][C:\Program Files\Rising\Rav\RsAgent.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 12)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[PID: 204][C:\WINDOWS\msagent\AgentSvr.exe] (Microsoft Corporation)(2.00.0.3422)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 2324][C:\WINDOWS\system32\conime.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[PID: 3640][C:\Program Files\Internet Explorer\iexplore.exe] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] (CNNIC)(2, 5, 0, 6)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll] (CNNIC)(1.0.0.6)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll] (Yahoo.)(1, 0, 5, 1006)
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 2)
[C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll] (CNNIC)(1, 1, 0, 0)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\Rising\Rav\RavScrCh.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] (Adobe Systems, Inc.)(9,0,28,0)
[C:\WINDOWS\system32\WINABCX.IME] (PKUETI)(5.22.216)
[PID: 2392][C:\Program Files\Tencent\TT\TTraveler.exe] (腾讯公司)(3.1.0.261)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] (腾讯公司)(1, 1, 0, 5)
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] ()(1, 0, 0, 3)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\Rising\Rav\RavScrCh.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] (深圳市腾讯计算机系统公司QQ工作小组)(1, 0, 0, 4)
[PID: 1936][C:\Program Files\Tencent\TT\TCPlus.exe] (腾讯公司)(1, 0, 0, 5)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\Program Files\Tencent\TT\QQDownload.dll] (Tencent Technology (Shenzhen) Company Limited)(1, 0, 101, 28)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)
[C:\Program Files\Tencent\TT\TNProxy.dll] (Tencent Technology(Shenzhen) Company Limited)(2, 1, 101, 60)
[PID: 3292][E:\1_060708203040\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\Program Files\CNNIC\Cdn\imaoe.dll] (CNNIC)(2, 2, 0, 1)
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] (CNNIC)(2, 1, 0, 3)
[C:\Program Files\CNNIC\Cdn\cdndet.dll] (CNNIC)(2, 5, 0, 0)
[C:\WINDOWS\system32\cdnns.dll] (CNNIC)(2, 0, 0, 0)

awan0931 - 2006-11-26 11:46:00

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

--------------------------------------------------------------------------------

Winsock 提供者

awan0931 - 2006-11-26 11:47:00

请高手帮忙啊斑竹也看看啊先谢谢了!!!!!!!!

红夜鬼1 - 2006-11-26 11:52:00

下载超级兔子,御载webwork

C:\WINDOWS\system32\cdnns.dll到安全模式下删除

解决方法：

1.如果装了STYXP和系统变脸王的先卸载,恢复WINDOWS默认登陆桌面主题。

2.卸载瑞星监控中心：点击『开始』－『程序』－『瑞星杀毒软件』－『添加删除组件』－『添加删除』－取消『瑞星监控中心』的勾选，然后连续点击『下一步』直至『完成』。

3.安装瑞星监控中心：点击『开始』－『程序』－『瑞星杀毒软件』－『添加删除组件』－『添加删除』－选择『瑞星监控中心』的勾选，然后连续点击『下一步』直至『完成』。

4.如果还不行，见http://forum.ikaka.com/topic.asp?board=39&artid=8173472

awan0931 - 2006-11-26 12:00:00

不行啊继续救助

awan0931 - 2006-11-26 12:15:00

bang bang 帮帮我啊

红夜鬼1 - 2006-11-26 12:23:00

http://forum.ikaka.com/topic.asp?board=28&artid=8215367
参考这个

awan0931 - 2006-11-26 12:26:00

红夜魔能给我说的详细点么?先谢谢你

awan0931 - 2006-11-26 12:27:00

1111111111111111

awan0931 - 2006-11-26 12:44:00

怎么没人回答啊

awan0931 - 2006-11-26 13:07:00

awan0931 - 2006-11-26 13:32:00

3333333333333333333333

awan0931 - 2006-11-26 15:43:00

4444444444444444

awan0931 - 2006-11-26 16:04:00

00000000000000000

瑞星卡卡安全论坛