瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 打开某些网页时总是自动转到http://www.huaiyunle.net/

12   1  /  2  页   跳转

打开某些网页时总是自动转到http://www.huaiyunle.net/

收藏
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-10 22:35 | 只看楼主 短消息 资料
字号: 1楼

打开某些网页时总是自动转到http://www.huaiyunle.net/

我的ie 昨天出问题了,打开ip138.com等网站是总是自动转到http://www.huaiyunle.net/
最后编辑2006-10-12 01:14:26.640000000
分享到:
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-10-10 23:05 | 短消息 资料
字号: 2楼

请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
gototop
 
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 12:55 | 只看楼主 短消息 资料
字号: 3楼

2006-10-11,12:42:52

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <瑞星杀毒><D:\Rising\Rav\Rav.exe>  [Beijing Rising Technology Co., Ltd.]
    <瑞星监控><D:\Rising\Rav\RavMon.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\RESOUR~1\Themes\Slate\myscr.scr>  [Matt Ginzton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[ClipBook / ClipBook]
  <C:\WINDOWS\system32\clipsvr.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MATLAB Server / matlabserver]
  <D:\matlab6.5\webserver\bin\win32\matlabserver.exe><N/A>
[PopWinIe / PopWinIe]
  <C:\WINDOWS\system32\PopWin.exe -service><Microsoft Corporation>
[PsShutdown / PsShutdownSvc]
  <C:\WINDOWS\System32\PSSDNSVC.EXE><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[DS1410D / DS1410D]
  <SYSTEM32\drivers\DS1410D.SYS><Dallas Semiconductor MAXIM>
[ExpScaner / ExpScaner]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Hardlock / Hardlock]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt]
  <\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[HookCont / HookCont]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MINICD / MINICD]
  <\??\C:\WINDOWS\system32\minicd.sys><http://www.138soft.com>
[mProcRs / mProcRs]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\D:\qq2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[vaxscsi / vaxscsi]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
gototop
 
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 12:56 | 只看楼主 短消息 资料
字号: 4楼

==================================
浏览器加载项
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\web迅雷\MediaAddin08.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\qq2005\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq2005\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 856][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][D:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [D:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [D:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [D:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [D:\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1060][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [d:\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1168][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\clipsvr.exe]  [Microsoft Corporation, 5, 2, 3790, 0]
[PID: 1524][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1588][D:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1924][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1940][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1944][c:\windows\powermsgr.exe]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 400][D:\Rising\Rav\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [D:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 468][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 748][D:\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 876][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
[PID: 364][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
[PID: 1404][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2340][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-

2158)]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
[PID: 2444][D:\Real\RealPlay.exe]  [RealNetworks, Inc., 6.0.12.1348]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll]  [RealNetworks, Inc., 7.0.1.3251]
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.0.6244]
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  [RealNetworks, Inc., 0.1.0.3749]
    [D:\Real\lang\gemctl_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.3985]
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll]  [RealNetworks, Inc., 7.0.0.3671]
    [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll]  [RealNetworks, Inc., 7.0.0.4309]
    [C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  [RealNetworks, Inc., 10.0.0.2668]
gototop
 
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 12:57 | 只看楼主 短消息 资料
字号: 5楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [UltraEdit.ini]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
222.223.155.118 auto.search.msn.com
222.223.155.118 dnsc.yahoo.com.cn
222.223.155.118 abc.265.com
222.223.155.118 265.com
222.223.155.118 www.265.com
222.223.155.118 hao123.com
222.223.155.118 www.hao123.com
222.223.155.118 9991.com
222.223.155.118 www.9991.com
222.223.155.118 gjj.cc
222.223.155.118 www.gjj.cc
222.223.155.118 ppgou.com
222.223.155.118 www.ppgou.com
222.223.155.118 t2t2.com
222.223.155.118 www.t2t2.com
222.223.155.118 5566.net
222.223.155.118 www.5566.net
222.223.155.118 qu123.com
222.223.155.118 www.qu123.com
222.223.155.118 855.com
222.223.155.118 www.855.com
222.223.155.118 7b.com.cn
222.223.155.118 www.7b.com.cn
222.223.155.118 v111.com
222.223.155.118 www.v111.com
222.223.155.118 xp13.com
222.223.155.118 www.xp13.com
222.223.155.118 521521.com
222.223.155.118 www.521521.com
222.223.155.118 19ku.com
222.223.155.118 www.19ku.com
222.223.155.118 37021.com
222.223.155.118 www.37021.com
222.223.155.118 da123.com
222.223.155.118 www.da123.com
222.223.155.118 x05.net
222.223.155.118 www.x05.net
222.223.155.118 ip138.com
222.223.155.118 www.ip138.com
222.223.155.118 ipseeker.cn
222.223.155.118 www.ipseeker.cn
222.223.155.118 123cha.com
222.223.155.118 www.123cha.com
222.223.155.118 ip.cn
222.223.155.118 www.ip.cn
222.223.155.118 letscool.cn
222.223.155.118 www.letscool.cn
222.223.155.118 yok.com
222.223.155.118 www.yok.com
222.223.155.118 yeskee.com
222.223.155.118 www.yeskee.com
222.223.155.118 reg.yeskee.com
222.223.155.118 qyule.com
222.223.155.118 www.qyule.com
222.223.155.118 99jk.com
222.223.155.118 www.99jk.com
222.223.155.118 shop.xf200.com

==================================
gototop
 
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 13:01 | 只看楼主 短消息 资料
字号: 6楼

谢谢无邪大哥,小菜鸟忙着上课,不能实时在线◎望谅解
还有就是桌面上老是出现那个免费算命的快捷方式,杀了一次也没有用!!!
用木马分析专家扫出几个木马,可惜没有注册杀不掉
gototop
 
病毒处理
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2006-09-16
  • 来自:
发表于: 2006-10-11 17:48 | 短消息 资料
字号: 7楼

222.223.155.118 auto.search.msn.com
222.223.155.118 dnsc.yahoo.com.cn
222.223.155.118 abc.265.com
222.223.155.118 265.com
222.223.155.118 www.265.com
222.223.155.118 hao123.com
222.223.155.118 www.hao123.com
222.223.155.118 9991.com
222.223.155.118 www.9991.com
222.223.155.118 gjj.cc
222.223.155.118 www.gjj.cc
222.223.155.118 ppgou.com
222.223.155.118 www.ppgou.com
222.223.155.118 t2t2.com
222.223.155.118 www.t2t2.com
222.223.155.118 5566.net
222.223.155.118 www.5566.net
222.223.155.118 qu123.com
222.223.155.118 www.qu123.com
222.223.155.118 855.com
222.223.155.118 www.855.com
222.223.155.118 7b.com.cn
222.223.155.118 www.7b.com.cn
222.223.155.118 v111.com
222.223.155.118 www.v111.com
222.223.155.118 xp13.com
222.223.155.118 www.xp13.com
222.223.155.118 521521.com
222.223.155.118 www.521521.com
222.223.155.118 19ku.com
222.223.155.118 www.19ku.com
222.223.155.118 37021.com
222.223.155.118 www.37021.com
222.223.155.118 da123.com
222.223.155.118 www.da123.com
222.223.155.118 x05.net
222.223.155.118 www.x05.net
222.223.155.118 ip138.com
222.223.155.118 www.ip138.com
222.223.155.118 ipseeker.cn
222.223.155.118 www.ipseeker.cn
222.223.155.118 123cha.com
222.223.155.118 www.123cha.com
222.223.155.118 ip.cn
222.223.155.118 www.ip.cn
222.223.155.118 letscool.cn
222.223.155.118 www.letscool.cn
222.223.155.118 yok.com
222.223.155.118 www.yok.com
222.223.155.118 yeskee.com
222.223.155.118 www.yeskee.com
222.223.155.118 reg.yeskee.com
222.223.155.118 qyule.com
222.223.155.118 www.qyule.com
222.223.155.118 99jk.com
222.223.155.118 www.99jk.com
222.223.155.118 shop.xf200.com
NB啊!这么多网站都连接到病毒站222.223.155.118
gototop
 
hongkong001
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 19:02 | 只看楼主 短消息 资料
字号: 8楼

病毒  你说什么病毒站啊?222.223.155.118是一个病毒网站吗?  有没有什么好的办法,我装的是正版的瑞星啊,不过装的有点晚了,那时候机子好像就有病毒了,不过杀了二次,好像也没有了啊  ,昨天我还杀了一个Trojan.DL.YBHO.a呢
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-10-11 21:12 | 短消息 资料
字号: 9楼

打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务PopWinIe,PsShutdown ,选择“删除服务”点“设置”选择“否”。(每一个逗号隔开的就是一个病毒的服务,请逐一删除)

打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务sptd,MINICD,选择“删除服务”点“设置”选择“否”最后重启。(每一个逗号隔开的就是一个病毒的服务,请逐一删除)
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe,分别删除
C:\WINDOWS\system32\PopWin.exe
C:\WINDOWS\System32\PSSDNSVC.EXE
C:\WINDOWS\system32\minicd.sys
C:\WINDOWS\System32\Drivers\sptd.sys
(删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

打开一个IE窗口,工具,internte选项,点“删除文件”弹出一个窗口勾选“删除所有脱机内容”删除cookies,确定。
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,Internet Explorer”“全选”“修复"看看能不能解决问题。
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-10-11 21:12 | 短消息 资料
字号: 10楼

追加一项。
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,HOSTS 文件

222.223.155.118 auto.search.msn.com
222.223.155.118 dnsc.yahoo.com.cn
222.223.155.118 abc.265.com
222.223.155.118 265.com
222.223.155.118 www.265.com
222.223.155.118 hao123.com
222.223.155.118 www.hao123.com
222.223.155.118 9991.com
222.223.155.118 www.9991.com
222.223.155.118 gjj.cc
222.223.155.118 www.gjj.cc
222.223.155.118 ppgou.com
222.223.155.118 www.ppgou.com
222.223.155.118 t2t2.com
222.223.155.118 www.t2t2.com
222.223.155.118 5566.net
222.223.155.118 www.5566.net
222.223.155.118 qu123.com
222.223.155.118 www.qu123.com
222.223.155.118 855.com
222.223.155.118 www.855.com
222.223.155.118 7b.com.cn
222.223.155.118 www.7b.com.cn
222.223.155.118 v111.com
222.223.155.118 www.v111.com
222.223.155.118 xp13.com
222.223.155.118 www.xp13.com
222.223.155.118 521521.com
222.223.155.118 www.521521.com
222.223.155.118 19ku.com
222.223.155.118 www.19ku.com
222.223.155.118 37021.com
222.223.155.118 www.37021.com
222.223.155.118 da123.com
222.223.155.118 www.da123.com
222.223.155.118 x05.net
222.223.155.118 www.x05.net
222.223.155.118 ip138.com
222.223.155.118 www.ip138.com
222.223.155.118 ipseeker.cn
222.223.155.118 www.ipseeker.cn
222.223.155.118 123cha.com
222.223.155.118 www.123cha.com
222.223.155.118 ip.cn
222.223.155.118 www.ip.cn
222.223.155.118 letscool.cn
222.223.155.118 www.letscool.cn
222.223.155.118 yok.com
222.223.155.118 www.yok.com
222.223.155.118 yeskee.com
222.223.155.118 www.yeskee.com
222.223.155.118 reg.yeskee.com
222.223.155.118 qyule.com
222.223.155.118 www.qyule.com
222.223.155.118 99jk.com
222.223.155.118 www.99jk.com
222.223.155.118 shop.xf200.com
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT