系统中毒,无法删除、复制文件！瑞星无法查杀，附日志。 bbs.ikaka.com

冥都幽灵 - 2008-3-3 15:33:00

2008-03-03,15:11:42

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<VTTimer><VTTimer.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<VTTrayp><VTtrayp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<StatusClient><C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto> [Hewlett-Packard]
<TomcatStartup><C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe> [Hewlett-Packard]
<RavTask><"e:\Rising\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

冥都幽灵 - 2008-3-3 15:33:00

==================================
启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> E:\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQL$HOTSUN1 / MSSQL$HOTSUN1][Running/Auto Start]
<D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\sqlservr.exe -sHOTSUN1><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<"C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"><Microsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"e:\Rising\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"E:\RISING\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLAgent$HOTSUN1 / SQLAgent$HOTSUN1][Stopped/Manual Start]
<D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\sqlagent.EXE -i HOTSUN1><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
<system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================

冥都幽灵 - 2008-3-3 15:34:00

浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash.ocx, Macromedia, Inc.>
[使用迅雷下载]
<E:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<E:\Thunder\Program\getallurl.htm, N/A>

==================================

冥都幽灵 - 2008-3-3 15:35:00

==================================
正在运行的进程
[PID: 616 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 960 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1052 / SYSTEM][e:\Rising\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1068 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1168 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1228 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 1264 / SYSTEM][E:\RISING\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.74]
[E:\RISING\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\RISING\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\RISING\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\RISING\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[E:\RISING\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\RISING\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\RISING\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[E:\RISING\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 8]
[E:\RISING\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
[E:\RISING\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[E:\RISING\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[E:\RISING\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 30]
[E:\RISING\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\RISING\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
[e:\Rising\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[E:\RISING\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[E:\RISING\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[E:\RISING\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[e:\Rising\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[e:\Rising\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[E:\RISING\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[E:\RISING\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\RISING\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[E:\RISING\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\RISING\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[E:\RISING\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\RISING\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 44]
[E:\RISING\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[E:\RISING\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[E:\RISING\urutils.dll] [, 20, 0, 0, 4]
[E:\RISING\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[E:\RISING\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\RISING\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
[E:\RISING\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[E:\RISING\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[E:\RISING\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
[PID: 1460 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hppamon0.dll] [HP, 5, 0, 5, 0]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\system32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0]
[C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 1511, 0]
[C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0]
[C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 5, 60, 1520, 0]
[C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 5, 60, 1407, 0]

冥都幽灵 - 2008-3-3 15:35:00

[PID: 1860 / SYSTEM][E:\RISING\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[E:\RISING\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\RISING\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\RISING\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1968 / yangchang][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1976 / yangchang][C:\WINDOWS\system32\VTTimer.exe] [S3 Graphics, Inc., 2.00.01-0307]
[PID: 1984 / yangchang][C:\WINDOWS\system32\VTtrayp.exe] [S3 Graphics Co., Ltd., 2.00.41-1031]
[C:\WINDOWS\system32\VTDisply.dll] [S3 Graphics Co., Ltd., 2.00.58-0523]
[C:\WINDOWS\system32\VTGamma2.dll] [S3 Graphics Co., Ltd., 2.00.28-1128]
[C:\WINDOWS\system32\VTInfo2.dll] [S3 Graphics Co., Ltd., 2.00.35-1031]
[C:\WINDOWS\system32\VTOvrlay.dll] [S3 Graphics Co., Ltd., 2.00.38-1117B]
[PID: 1992 / yangchang][C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe] [Hewlett-Packard, 00.00.13]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\hpptui0.dll] [Hewlett-Packard, 01.00.35]
[PID: 2008 / yangchang][E:\Rising\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.22]
[E:\Rising\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Rising\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Rising\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Rising\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Rising\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 2016 / yangchang][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 2032 / yangchang][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1113.00 (xpsp_sp2_rc1.040311-2315)]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0382.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[PID: 128 / yangchang][E:\Rising\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.11]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Rising\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Rising\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Rising\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Rising\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 30]
[E:\Rising\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\Rising\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[E:\Rising\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\Rising\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Rising\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Rising\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[E:\Rising\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\Rising\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[E:\Rising\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 396 / yangchang][C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll] [N/A, ]
[C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll] [N/A, ]
[C:\WINDOWS\system32\d4channel.dll] [Hewlett-Packard, 02.07.00]
[PID: 808 / SYSTEM][D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[D:\Hotsun\MSDESP4\BinnMSSQL$HOTSUN1\Binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[PID: 2812 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 3064 / yangchang][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 2880 / yangchang][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
[e:\Rising\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 2028 / yangchang][D:\Hotsun\WIS\WIS30.exe] [N/A, ]
[C:\Program Files\Common Files\System\Ole DB\sqloledb.dll] [Microsoft Corporation, 2000.085.1113.00 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\YutianEx.DLL] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\System\Ole DB\SQLOLEDB.RLL] [Microsoft Corporation, 2000.085.1113.00 built by: (_sqlbld)]
[e:\Rising\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 3448 / yangchang][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Rising\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash.ocx] [Macromedia, Inc., 6,0,79,0]
[PID: 2184 / yangchang][E:\d\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\d\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1328 / yangchang][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

==================================

冥都幽灵 - 2008-3-3 15:35:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1992, C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\APACHE TOMCAT 4.0\WEBAPPS\TOOLBOX\STATUSCLIENT\STATUSCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2032, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 396, C:\PROGRAM FILES\HEWLETT-PACKARD\TOOLBOX2.0\JAVASOFT\JRE\1.3.1\BIN\JAVAW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2028, D:\HOTSUN\WIS\WIS30.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

天月来了 - 2008-3-3 15:40:00

没看出异常

再详细说说怎么个无法删除、复制文件！

瑞星无法查杀？？是无法启动？还是没查出东西？？

冥都幽灵 - 2008-3-3 16:32:00

删除、复制文件弹出explorer.exe遇到问题需要关闭，瑞星没有查出病毒

tianxunmycool - 2008-3-3 16:53:00

1.停止SQL服务,卸載迅雷.删除小榕工具(如果存在)
2.修复磁盘错误.
3.从安装光盘恢复EXPLORER文件.
4.取消杀毒软件的自我保护.
5.如果所有磁盘拒绝访问:
首先，打开组策略编辑器（运行gpedit.msc），找到“防止从我的电脑访问驱动器”，设成未配置。不行的话，再更改一下不能访问的驱动器的安全属性，把磁盘的读写权限设成新系统的已有帐户。之前，以管理员身份进入系统，在工具-文件夹选项中，把使用简单文件夹共享前的对勾取掉。右击d盘-属性-安全-高级-所有者，“将所有者更改为”选择本地新帐户administrator，勾上“替换容器所有者”，应用。返回安全页面，添加上新系统的everyone帐户，权限设成完全控制。

如果之前用过什么安全软件设置过这些磁盘或者加密过的话，最好重装上，重设一下。如果以前对磁盘上的文件进行efs加密，重装系统后需要把个人证书导入才能打开加密文件，否则重装系统即使你还用以前的帐户和密码登陆，也不可以打开加密的文件。破解办法网上也有，很麻烦的。
6.访问中国我之国论坛搜索答案.

冥都幽灵 - 2008-3-3 16:55:00

sql是我一个软件用的,不能卸载

瑞星卡卡安全论坛