瑞星被关，IE被修改，病毒也杀不完，高手来帮忙啊 bbs.ikaka.com

dycsss - 2006-12-13 13:10:00

瑞星杀毒不能升级，实时监控被关闭，IE被修改，用卡卡去扫描却说不用修复，下面是扫描日志高手斑竹们帮看看，
Logfile of Kaka v2. 0. 2. 5 Scan Module v1. 0. 3. 5
Scan saved at 12:47:48, on 2006-12-13
Platform: Microsoft Windows XP Professional Service Pack 1 (Build 2600)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll (file missing)
O2 - BHO: (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [Super Rabbit IEPro] F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Taskmor.exe] C:\WINDOWS\taskmor.exe
O4 - HKCU\..\Run: [Explore.exe] C:\WINDOWS\explore.exe
O4 - HKCU\..\Run: [svc] C:\DOCUME~1\csl\LOCALS~1\Temp\relpop.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\rfw\Rfw.exe
O4 - HKLM\..\Run: [Intranet] C:\WINDOWS\intranet.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - HKLM\..\Run: [sys] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [mhs2] C:\DOCUME~1\csl\LOCALS~1\Temp\smss.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\qq\CoralQQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 珊瑚虫超级搜索 - C:\Program Files\yok\yoksch.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

dycsss - 2006-12-13 13:11:00

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O15 - Trusted Zone:
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (PowerCreator VGAPlayer Control) - http://202.103.25.125/cj1/glxyl/glxyl01/VGAPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143966091453
O16 - DPF: {73B89AFD-69DA-7E37-6E79-9139DE76DED9} - http://www.hzs.cn/webfix.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} - http://www.95599.cn/download/ABC.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA56B08-2171-4F94-A240-0605E115AF4D}: NameServer = 202.101.172.51,202.101.172.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24903C2-A0BB-452B-B41B-05A946F66327}: NameServer = 60.191.244.5 60.191.244.2
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O23 - Service: ewido security suite control (ewido security suite control) - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Network Services (Network Services) - - C:\WINDOWS\System\services.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - HP - C:\WINDOWS\System32\hpzipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\rising\Rav\Ravmond.exe"
O23 - Service: System Set Service (SystemSet) - - C:\WINDOWS\System32\service.exe
O23 - Service: WebClient (WebClient) - - C:\WINDOWS\System32\svchost.exe -k localservice
O23 - Service: Windows Createddos (Windows Processdos) - - C:\WINDOWS\System32\3721.exe

dycsss - 2006-12-13 13:12:00

帮忙把那些没用的都去掉好了这电脑就上网看电影玩游戏。。

dycsss - 2006-12-13 13:21:00

还有瑞星升级安装的时候提示是安装被用户停止了，现在打开的主页就是http:// 修改不回来

zq77 - 2006-12-13 13:22:00

用hijackthis扫日志日志不要修改

dycsss - 2006-12-13 13:47:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 13:36:04, 日期 2006-12-13
操作系统： Windows XP SP1 (WinNT 5.01.2600)
浏览器： Unable to get Internet Explorer version!

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\System32\devgt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\rfw\Rfw.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\System32\conime.exe
f:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\service.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\rising\rav\Rav.exe
C:\Program Files\Tencent\qq\QQ.exe
F:\IE防胁持\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,devgt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\System32\SHDOCVW.DLL
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [rfw] C:\Program Files\rising\rfw\Rfw.exe
O4 - 启动项HKLM\\Run: [Intranet] C:\WINDOWS\intranet.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [sys] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [mhs2] C:\DOCUME~1\csl\LOCALS~1\Temp\smss.exe
O4 - 启动项HKLM\\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [Taskmor.exe] C:\WINDOWS\taskmor.exe
O4 - HKCU\..\Run: [Explore.exe] C:\WINDOWS\explore.exe
O4 - HKCU\..\Run: [svc] C:\DOCUME~1\csl\LOCALS~1\Temp\relpop.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\qq\CoralQQ.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 珊瑚虫超级搜索 - C:\Program Files\yok\yoksch.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {339C1EE2-1029-46B8-81F1-360217F26FC4} (PowerCreator VGAPlayer Control) - http://202.103.25.125/cj1/glxyl/glxyl01/VGAPlayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143966091453
O16 - DPF: {73B89AFD-69DA-7E37-6E79-9139DE76DED9} - http://www.hzs.cn/webfix.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} - http://www.95599.cn/download/ABC.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA56B08-2171-4F94-A240-0605E115AF4D}: NameServer = 202.101.172.51,202.101.172.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{B24903C2-A0BB-452B-B41B-05A946F66327}: NameServer = 60.191.244.5 60.191.244.2
O23 - NT 服务: ewido security suite control - ewido networks - f:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - NT 服务: Network Services - Unknown owner - C:\WINDOWS\System\services.exe
O23 - NT 服务: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: System Set Service (SystemSet) - Unknown owner - C:\WINDOWS\system32\service.exe
O23 - NT 服务: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\System32\3721.exe

zq77 - 2006-12-13 13:53:00

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,devgt.exe
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
修复

O4 - 启动项HKLM\\Run: [Intranet] C:\WINDOWS\intranet.exe
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - 启动项HKLM\\Run: [sys] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [mhs2] C:\DOCUME~1\csl\LOCALS~1\Temp\smss.exe
O4 - HKCU\..\Run: [Taskmor.exe] C:\WINDOWS\taskmor.exe
O4 - HKCU\..\Run: [Explore.exe] C:\WINDOWS\explore.exe
O4 - HKCU\..\Run: [svc] C:\DOCUME~1\csl\LOCALS~1\Temp\relpop.exe
修复
删除
C:\WINDOWS\intranet.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\DOCUME~1\csl\LOCALS~1\Temp\smss.exe
C:\WINDOWS\taskmor.exe
C:\WINDOWS\explore.exe
C:\DOCUME~1\csl\LOCALS~1\Temp\relpop.exe

删除 C:\WINDOWS\Download\ C:\WINDOWS\down\ C:\WINDOWS\Intel\ 这三个文件夹
清空临时文件和TEMP下所有文件

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
修复

O23 - NT 服务: Network Services - Unknown owner - C:\WINDOWS\System\services.exe
O23 - NT 服务: System Set Service (SystemSet) - Unknown owner - C:\WINDOWS\system32\service.exe
O23 - NT 服务: Windows Createddos (Windows Processdos) - Unknown owner - C:\WINDOWS\System32\3721.exe
三只鸽子

到瑞星主页下专杀

瑞星卡卡安全论坛