瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】我也有个烦人的启动项目还有XXXX.dll

总有病毒 - 2007-9-4 17:42:00

我家机器也种了烦人的XXXXX.dll一堆，还有一个隐藏的自启动项，用瑞星看不到，运行MSconfig、木马杀客、安全卫士、。。。。。。查看启动项目一切正常，还有的看到了就是清理不了，也进注册表删了删完后随意一点别的目录再点回来那5、6项的XXXXX.dll有在那了。用了Sreng才能看到系统自启动的那几项，可删还删不了，我估计是一种很麻烦的木马吧~~！我在C:\Windows\systme32\下找到了那几个XXXX.dll当我删除的时候系统提示我文件写保护，或是正在使用，再一看进程有一个co..什么的进程我分解以后告诉我他是用来执行木马程序的什么什么东东，，，，总之就是愁呀```忙了一中午也没忙明白，一会我回家扫个报告上来大家帮忙分析下被？菜鸟求助~~~~！！！！嗷嗷急`~~~！！

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

总有病毒 - 2007-9-4 17:45:00

以下是我刚才抓的几张图供高手们帮忙分析下`````关键是怎么删都删不了````74我了````

安全卫士下:

附件: 723366200794173510.jpg

总有病毒 - 2007-9-4 17:48:00

优化大师下``::

附件: 723366200794173726.jpg

日不懂啊 - 2007-9-4 17:50:00

你用SRENG 找出所有*******.DLL的文件启动项

在C：\WINDOWS\SYSTEM32\
下找出来,依次改名为1.DLL 2.DLL ...
重起
把改名的文件都删除
把注册表里
[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows]
<AppInit_DLLs>
这项设置为空
用SRENG把启动项目里的那些蓝色的 *****.dll的启动项目删除
然后全盘杀毒

SRENG下载地址:
下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip

总有病毒 - 2007-9-4 17:51:00

瑞星:

附件: 723366200794174028.jpg

总有病毒 - 2007-9-4 17:53:00

多谢大哥```我马上就行动```!!!!

附件: 723366200794174220.jpg

火影忍者 - 2007-9-4 18:00:00

把SRE日志发上来.
(SRE--智能扫描--扫描--保存报告)

日不懂啊 - 2007-9-4 18:01:00

引用:

【火影忍者的贴子】把SRE日志发上来.
(SRE--智能扫描--扫描--保存报告)
………………

火影大大也来了

总有病毒 - 2007-9-4 18:09:00

1999-01-01,17:22:17

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><avzxamn.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\system32\rsjzapm.dll> []
<{1D47B341-43DF-4563-753F-345FFA3157D1}><C:\WINDOWS\system32\kvmxama.dll> []
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{1C87A354-ABC3-DEDE-FF33-3213FD7447C1}><C:\WINDOWS\system32\kvdxama.dll> []
<{134345F1-DACF-3452-CB7D-4620F34A1531}><C:\WINDOWS\system32\rsztapm.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> []

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Help and Support / helpsvc]
<C:\WINDOWS\system32\inetres.exe><1>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDapPlayer_Now.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, N/A>
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin10.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1148][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1260][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1288][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1536][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1636][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1792][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\kvmxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[PID: 1876][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 500][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 640][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] <Beijing Rising Technology Co., Ltd.><19, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1392][C:\WINDOWS\system32\SoundMan.exe] <1><1.00>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[PID: 1280][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsjzapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\rarjapi.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvdxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsztapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsmyapm.dll] <N/A><N/A>
[D:\电子阅读器\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><19, 0, 0, 9>
[PID: 1116][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsmyapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsztapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvdxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\rarjapi.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsjzapm.dll] <N/A><N/A>
[PID: 2264][C:\WINDOWS\system32\cmd.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2404][C:\WINDOWS\system32\alcwzrd.exe] <番茄花园><1.00>
[PID: 2460][C:\WINDOWS\system32\Alcmtr.exe] <1><1.00>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[PID: 2700][E:\绿色软件\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\avzxamn.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvmxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsmyapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsztapm.dll] <N/A><N/A>
[C:\WINDOWS\system32\kvdxama.dll] <N/A><N/A>
[C:\WINDOWS\system32\rarjapi.dll] <N/A><N/A>
[C:\WINDOWS\system32\rsjzapm.dll] <N/A><N/A>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

总有病毒 - 2007-9-4 18:10:00

【回复“日不懂啊”的帖子】

大侠我已经改到了地3个 3.dll

总有病毒 - 2007-9-4 18:14:00

引用:

【日不懂啊的贴子】你用SRENG 找出所有*******.DLL的文件启动项

在C：\WINDOWS\SYSTEM32\
下找出来,依次改名为1.DLL 2.DLL ...
重起
把改名的文件都删除
把注册表里
[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows]
<AppInit_DLLs>
这项设置为空
用SRENG把启动项目里的那些蓝色的 *****.dll的启动项目删除
然后全盘杀毒

SRENG下载地址:
下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip

………………

大哥我导出了那些XXXXX.dll早目录里找不到呀,因为名字不是对应的,怎么办呀?我就找到了3个,第3个文件还是中间有一个字母不对应我硬改地,我机器是不是要从做呀>?
我这才做了3天的系统.

日不懂啊 - 2007-9-4 18:17:00

找出C:\WINDOWS\system32\inetres.exe
压缩加密，发给我邮箱571wind@163.com 谢谢

处理方法（试试看，没实践过不知道行不行）
先改名
C:\WINDOWS\system32\avzxamn.dll> []
C:\WINDOWS\system32\rsjzapm.dll> []
C:\WINDOWS\system32\kvmxama.dll> []
C:\WINDOWS\system32\rarjapi.dll> []
C:\WINDOWS\system32\kvdxama.dll> []
C:\WINDOWS\system32\rsztapm.dll> []
C:\WINDOWS\system32\rsmyapm.dll> []

用SRENG删除服务
[Help and Support / helpsvc]
<C:\WINDOWS\system32\inetres.exe><1>
删除
C:\WINDOWS\system32\inetres.exe
再用WINRAR搜索下相关inetres 如果有inetres.dll也删除

重起，进入安全模式
删除改了名字的
C:\WINDOWS\system32\avzxamn.dll> []
C:\WINDOWS\system32\rsjzapm.dll> []
C:\WINDOWS\system32\kvmxama.dll> []
C:\WINDOWS\system32\rarjapi.dll> []
C:\WINDOWS\system32\kvdxama.dll> []
C:\WINDOWS\system32\rsztapm.dll> []
C:\WINDOWS\system32\rsmyapm.dll> []

再用SRENG启动项目里删除
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\system32\rsjzapm.dll> []
<{1D47B341-43DF-4563-753F-345FFA3157D1}><C:\WINDOWS\system32\kvmxama.dll> []
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{1C87A354-ABC3-DEDE-FF33-3213FD7447C1}><C:\WINDOWS\system32\kvdxama.dll> []
<{134345F1-DACF-3452-CB7D-4620F34A1531}><C:\WINDOWS\system32\rsztapm.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> []
把
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><avzxamn.dll> []
设置为空

还有你日志不全，不知道有没有漏掉的东西

日不懂啊 - 2007-9-4 18:19:00

引用:

【总有病毒的贴子】

引用:

【日不懂啊的贴子】你用SRENG 找出所有*******.DLL的文件启动项

在C：\WINDOWS\SYSTEM32\
下找出来,依次改名为1.DLL 2.DLL ...
重起
把改名的文件都删除
把注册表里
[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows]
<AppInit_DLLs>
这项设置为空
用SRENG把启动项目里的那些蓝色的 *****.dll的启动项目删除
然后全盘杀毒

SRENG下载地址:
下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip

………………

大哥我导出了那些XXXXX.dll早目录里找不到呀,因为名字不是对应的,怎么办呀?我就找到了3个,第3个文件还是中间有一个字母不对应我硬改地,我机器是不是要从做呀>?
我这才做了3天的系统.

………………

名字不是对应的

晕了...

总有病毒 - 2007-9-4 18:39:00

你看这个软件的名字一一对应着找下去就能找到第2个等到第3个的时候对应的
C:\WINDOWS\sya... 下的文件名就找不到只能找一个相似的出来,等到第4个的时候也是一样的只能找到 kvdxacf.dll kvdxais.exe kvdxama.dll kvmxacf.dll kvmxais.exe

我的日志不全么? 要不我在导一次吧我现在就按照你说的弄一下
删一下服务试试吧我估计原因在于我的QQ吧我昨天在天空下了一个珊瑚虫2007
应该没什么事吧也不怎么清楚了我什么网站都没进过就是一直在聊天
也许是我QQ太靓了吧哈哈`````

附件: 723366200794182907.jpg

总有病毒 - 2007-9-4 18:44:00

找出C:\WINDOWS\system32\inetres.exe
压缩加密，发给我邮箱571wind@163.com 谢谢

根本找不到文件你看看图片最下面的哪个是不是
我怎么感觉这好象是这破毒的障眼法呢?

附件: 723366200794183356.jpg

总有病毒 - 2007-9-4 18:55:00

[CODE]

1999-01-01,18:38:01

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kvdxama.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\system32\rsjzapm.dll> [N/A]
<{1D47B341-43DF-4563-753F-345FFA3157D1}><C:\WINDOWS\system32\kvmxama.dll> [N/A]
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{1C87A354-ABC3-DEDE-FF33-3213FD7447C1}><C:\WINDOWS\system32\kvdxama.dll> []
<{134345F1-DACF-3452-CB7D-4620F34A1531}><C:\WINDOWS\system32\rsztapm.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\inetres.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ITERAID_Service_Install / iteraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\QQ\npkcrypt.sys><N/A>
[PNP20559 / PNP20559][Running/Boot Start]
<\SystemRoot\system32\Drivers\pnp20559.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDapPlayer_Now.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin10.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

总有病毒 - 2007-9-4 18:55:00

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1260][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1288][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1536][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1636][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1776][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[PID: 1792][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\kvmxama.dll] [N/A, ]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[PID: 1876][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 2000][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\psapi.dll] [Microsoft Corporation, 4.00]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 500][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 640][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1392][C:\WINDOWS\system32\SoundMan.exe] [1, 1.00]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1280][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\WINDOWS\system32\rsjzapm.dll] [N/A, ]
[C:\WINDOWS\system32\rarjapi.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxama.dll] [N/A, ]
[C:\WINDOWS\system32\rsztapm.dll] [N/A, ]
[C:\WINDOWS\system32\rsmyapm.dll] [N/A, ]
[D:\电子阅读器\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 532][C:\Program Files\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\rsmyapm.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\rsztapm.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxama.dll] [N/A, ]
[C:\WINDOWS\system32\rarjapi.dll] [N/A, ]
[C:\WINDOWS\system32\rsjzapm.dll] [N/A, ]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[PID: 1116][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[C:\WINDOWS\system32\rsmyapm.dll] [N/A, ]
[C:\WINDOWS\system32\rsztapm.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxama.dll] [N/A, ]
[C:\WINDOWS\system32\rarjapi.dll] [N/A, ]
[C:\WINDOWS\system32\rsjzapm.dll] [N/A, ]
[PID: 3456][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\WINDOWS\system32\kvmxama.dll] [N/A, ]
[C:\WINDOWS\system32\rsmyapm.dll] [N/A, ]
[C:\WINDOWS\system32\rsztapm.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxama.dll] [N/A, ]
[C:\WINDOWS\system32\rarjapi.dll] [N/A, ]
[C:\WINDOWS\system32\rsjzapm.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_005.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 11]
[PID: 3040][C:\Documents and Settings\Administrator\桌面\新建文件夹\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\avzxamn.dll] [N/A, ]
[C:\WINDOWS\system32\rsmyapm.dll] [N/A, ]
[C:\WINDOWS\system32\rsztapm.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxama.dll] [N/A, ]
[C:\WINDOWS\system32\rarjapi.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\新建文件夹\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
MZ?
[E:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell\\Auto\\command=IO.pif
[F:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell\\Auto\\command=IO.pif
[G:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell\\Auto\\command=IO.pif
[H:\]
[AutoRun]
open=IO.pif
shellexecute=IO.pif
shell\\Auto\\command=IO.pif

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1392, C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 532, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

总有病毒 - 2007-9-4 19:10:00

顶顶顶``~~~~~~~~~

总有病毒 - 2007-9-4 19:30:00

顶`~~~~~~~~~~~~~~``

日不懂啊 - 2007-9-4 20:14:00

到家了，吃过饭了，嘿嘿

第1次你的日志没发全。现在全了，除了删除了一个服务以外，其他没有任何进展
我不知道你能不能显示隐藏文件。
你开机进入安全模式（开机按F8）
用WINRAR找到每个盘下的IO.pif和Autorun.inf
先把IO.pif 压缩，加密码放在桌面（一会弄完发给我的邮箱571wind@163.com)
用WINRAR把每个盘下的IO.pif和Autorun.inf删除
用SRENG把服务

[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\inetres.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
删除

后面一直用WINRAR操作吧。
找到C:\WINDOWS\system32\inetres.exe（应该是隐藏的）删除
下面的找到改名
C:\WINDOWS\system32\avzxamn.dll> []
C:\WINDOWS\system32\rsjzapm.dll> []
C:\WINDOWS\system32\kvmxama.dll> []
C:\WINDOWS\system32\rarjapi.dll> []
C:\WINDOWS\system32\kvdxama.dll> []
C:\WINDOWS\system32\rsztapm.dll> []
C:\WINDOWS\system32\rsmyapm.dll> []
重起还是安全模式删除改了名字的
C:\WINDOWS\system32\avzxamn.dll> []
C:\WINDOWS\system32\rsjzapm.dll> []
C:\WINDOWS\system32\kvmxama.dll> []
C:\WINDOWS\system32\rarjapi.dll> []
C:\WINDOWS\system32\kvdxama.dll> []
C:\WINDOWS\system32\rsztapm.dll> []
C:\WINDOWS\system32\rsmyapm.dll> []

再用SRENG把注册表里
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> []
<{12FAACDE-34DA-CCD4-AB4D-DA34485A3421}><C:\WINDOWS\system32\rsjzapm.dll> []
<{1D47B341-43DF-4563-753F-345FFA3157D1}><C:\WINDOWS\system32\kvmxama.dll> []
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{1C87A354-ABC3-DEDE-FF33-3213FD7447C1}><C:\WINDOWS\system32\kvdxama.dll> []
<{134345F1-DACF-3452-CB7D-4620F34A1531}><C:\WINDOWS\system32\rsztapm.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> []
删除
把
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><avzxamn.dll> []
设置为空

重起，用卡卡上网助手修复下，看看
我在线看你结果

总有病毒 - 2007-9-4 20:39:00

多谢大哥实话说我怕我的邮箱被盗
一直都没敢上什么邮箱或QQ
不过我一定会先按你说的压缩加密后保存好
等我机器没了这病毒后我一定给你发过去
请谅解``~~1!!!!
你说的压缩我会弄你说的加密是不是加个密码呀?>

我已经按你说的每个盘下的那两个文件都压缩保存了
可是C'D盘下没有Autorun.inf文件剩下的盘里都找到了Autorun.inf这个文件和IO.pif文件也都加了密码密码就是123456 你看我做的对不对?
要是对的话我就从启了,安全模式下上不了网的```我等你的回复```

总有病毒 - 2007-9-4 20:53:00

顶~~~~~~~~~~~~~~~~~~~~~!!!!!

总有病毒 - 2007-9-4 20:55:00

顶`~~~~~~~~~~~!

日不懂啊 - 2007-9-4 20:57:00

对对对，你搞搞看，我也没有多少把握，你的东西没见过，呵呵

总有病毒 - 2007-9-4 22:07:00

我已经按照以上步骤完全操作完毕
这是我现在的报告帮忙分析下`~
谢谢`~!

[CODE]

2007-09-04,21:50:37

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ITERAID_Service_Install / iteraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\QQ\npkcrypt.sys><N/A>
[PNP20559 / PNP20559][Running/Boot Start]
<\SystemRoot\system32\Drivers\pnp20559.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDapPlayer_Now.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin10.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\QQ\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

总有病毒 - 2007-9-4 22:07:00

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1468][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1604][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1620][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1728][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1836][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1860][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\psapi.dll] [Microsoft Corporation, 4.00]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 200][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 504][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1288][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\电子阅读器\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 668][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1644][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336][E:\绿色软件\SREngPS\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\绿色软件\SREngPS\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

日不懂啊 - 2007-9-4 22:20:00

日志没问题了

总有病毒 - 2007-9-4 22:20:00

顶`~~~~~~~~~~~~

总有病毒 - 2007-9-4 22:52:00

大哥谢谢你了我的问题解决了我想问下我这个问题是怎么引起的
以后我上网要注意下那些问题呢?
我的安全设置是不是有问题?我刚才用恶意软件清理助手搜到3721了,然后我清理了,我又查出很多可以项目,帮忙看看是不是有木马的可执行程序或是潜伏着的现在已休眠的木马``我需要删除那些项目呢?

附件: 723366200794224142.jpg

日不懂啊 - 2007-9-4 23:19:00

怎么你这些东西哪儿来的，感觉很不面善么
前3个肯定有问题了，日期都不对...
头大了

12

查看完整版本: 【求助】我也有个烦人的启动项目还有XXXX.dll

© 2000 - 2026 Rising Corp. Ltd.