cangyi - 2006-11-26 19:23:00
电脑中了流氓软件 ,我也不知道什么名字
卡卡找不到,
桌面上有4个联接,一个免费成人电影,一个成人视频聊天,一个免费获QQ币,一个免费点歌送朋友. 这四个网页删除以后,过一段时间就自己又出现了, 并且收藏夹也自动生成一些这类的东西, 每阁一段时间自动打开网页,,,,,, 卡卡找不到.. 杀毒也没用.......
我对瑞星失望了.........
我怕aaa病毒 - 2006-11-26 19:25:00
用兔子杀下
cangyi - 2006-11-26 19:27:00
用了 东方卫士也用了 都不管用... 什么都查不到啊... 郁闷
高歌猛进 - 2006-11-26 19:30:00
扫个日志上来
cangyi - 2006-11-26 20:03:00
进程名称 路径 数值名称 数值数据 操作日期 操作方式 操作结果
C:\Program Files\Internet Explorer\iexplore.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.hao123.com/sendmail.php 2006-10-09 09:17 修改 同意修改
C:\WINDOWS\Explorer.EXE HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page www.8xdy.com/xin.htm 2006-10-09 09:18 修改 同意修改
C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN csrss C:\WINDOWS\csrss.exe 2006-10-14 20:45 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL HomePage 2006-10-14 20:45 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.zh3g.com 2006-10-17 20:10 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.zh3g.com 2006-10-18 21:04 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.zh3g.com 2006-10-19 20:28 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.zh3g.com 2006-10-21 20:22 修改 同意修改
C:\Documents and Settings\All Users\Templates\temp.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN System C:\Program Files\Common Files\System\Update.exe 2006-11-03 20:56 修改 同意修改
C:\WINDOWS\system32\kb20060926a.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://www.kzdh.com/ 2006-11-03 20:57 修改 同意修改
C:\WINDOWS\csrss.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page http://mmdy.23liao.com/lian.htm 2006-11-23 21:57 修改 拒绝修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN csrss 2006-11-23 21:59 删除 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2006-11-23 21:59 修改 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN KernelFaultCheck 2006-11-23 22:03 删除 同意修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig 2006-11-23 22:05 删除 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2006-11-23 22:05 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2006-11-23 22:11 修改 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig 2006-11-23 22:24 删除 同意修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2006-11-23 22:27 修改 同意修改
E:\dfvsx_v3.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN dfvsx "C:\Program Files\DFVSX\DFVSX.exe" -Min 2006-11-23 22:37 修改 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN dfvsx 2006-11-23 22:55 删除 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe 2006-11-23 22:55 修改 同意修改
D:\Program Files\Super Rabbit\MagicSet\SRCK.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE KKDelay ; C:\Program Files\Rising\AntiSpyware\RunOnce.exe 2006-11-23 23:58 修改 同意修改
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSConfig 2006-11-24 07:04 删除 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2006-11-24 07:59 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2006-11-26 09:17 修改 同意修改
cangyi - 2006-11-26 20:12:00
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(RavTask)("D:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(csrss)(; C:\WINDOWS\csrss.exe) [Microsoft Corporation]
(dfvsx)(; "C:\Program Files\DFVSX\DFVSX.exe" -Min) [N/A]
(helper.dll)(; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32) [N/A]
(HotKeysCmds)(; C:\WINDOWS\system32\hkcmd.exe) [(Verified)Intel Corporation]
(IgfxTray)(; C:\WINDOWS\system32\igfxtray.exe) [(Verified)Intel Corporation]
(KernelFaultCheck)(; %systemroot%\system32\dumprep 0 -k) [N/A]
(MINI_BFYY)(; ) [N/A]
(NeroFilterCheck)(; C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh]
(SoundMan)(; SOUNDMAN.EXE) [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(EXPLORER.EXE) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
cangyi - 2006-11-26 20:13:00
启动文件夹
N/A
--------------------------------------------------------------------------------
服务
[Indexing Manager / AtHome]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\dnbotb52.dll)(N/A)
[CAC03559 / CAC03559]
(C:\WINDOWS\system32\CAC03559.EXE -service)(Microsoft Corporation)
[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Rising Process Communication Center / RsCCenter]
("D:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon]
("D:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[System Event Logger / SDTSTA]
(C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\XUOBYH23.DLL,Export 1087)(N/A)
--------------------------------------------------------------------------------
驱动程序
[AhnFlt2K / AhnFlt2K]
(\??\C:\WINDOWS\system32\drivers\AhnFlt2K.sys)(Ahnlab, Inc.)
[AhnRec2K / AhnRec2K]
(\??\C:\WINDOWS\system32\drivers\AhnRec2K.sys)(Ahnlab, Inc.)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[AliIde / AliIde]
(\SystemRoot\System32\DRIVERS\aliide.sys)(N/A)
[BaseTDI / BaseTDI]
(\??\C:\WINDOWS\system32\drivers\basetdi.sys)(Beijing Rising Technology Co., Ltd.)
[CmdIde / CmdIde]
(\SystemRoot\System32\DRIVERS\cmdide.sys)(CMD Technology, Inc.)
[ExpScaner / ExpScaner]
(\??\D:\Program Files\Rising\Rav\ExpScan.sys)()
[HookCont / HookCont]
(\??\D:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising tech Co. ltd)
[HookReg / HookReg]
(\??\D:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys]
(\??\D:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[ialm / ialm]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[MegaIDE / MegaIDE]
(\SystemRoot\System32\DRIVERS\MegaIDE.sys)(LSI Logic Corporation.)
[MEMSCAN / MEMSCAN]
(\??\D:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[msqmx / msqmx]
(\??\C:\WINDOWS\system32\drivers\msqmx.sys)(Microsoft Corporation)
[npkcrypt / npkcrypt]
(\??\C:\Program Files\Tencent\qq\npkcrypt.sys)(N/A)
[nv / nv]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsAntiSpyware / RsAntiSpyware]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising)
[RSPPSYS / RSPPSYS]
(\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys)(Rising)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(N/A)
[TCP/IP Protocol Driver / Tcpip]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[v3engine / v3engine]
(\??\C:\WINDOWS\system32\drivers\v3engine.sys)(AhnLab, Inc.)
[V3Flt2K / V3Flt2K]
(\??\C:\Program Files\DFVSX\V3Flt2K.sys)(Ahnlab, Inc.)
[ViaIde / ViaIde]
(\SystemRoot\system32\DRIVERS\viaide.sys)(Microsoft Corporation)
cangyi - 2006-11-26 20:14:00
浏览器加载项
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} (%SystemRoot%\system32\msxml3.dll, N/A)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[WebVGPlayer Class]
{AA899B43-24BD-4B6B-BBD0-45557D8D11E0} (C:\PROGRA~1\VIEWGOOD\WEBPLA~1\VGPlayer.dll, )
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.)
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} (, N/A)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.)
[用比特精灵下载(&B)]
(C:\Program Files\BitSpirit\bsurl.htm, N/A)
怀安LEDA電腦 - 2006-11-26 20:31:00
[CAC03559 ](C:\WINDOWS\system32\CAC03559.EXE -service
csrss)(; C:\WINDOWS\csrss.exe)
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\Common Files\System\update.exe
C:\WINDOWS\system32\kb20060926a.exe
C:\DOCUME~1\user\LOCALS~1\Temp\svchost.exe
去清除这些文件吧/.
© 2000 - 2026 Rising Corp. Ltd.