http://www.pctutu.com/下载超级兔子清理流氓软件

正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 220][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 388][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 420][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 508][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 540][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 0, 0, 0]
    [C:\WINNT\system32\hpdcmon.dll]  [Hewlett-Packard, 03.40.00]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 572][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 620][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 640][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 772][C:\Program Files\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 692][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
[PID: 888][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\vision\VISVER.DLL]  [, 1, 2, 0, 7]
[PID: 960][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 980][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1016][C:\WINNT\system32\Rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\downlo~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 6]
    [C:\WINNT\downlo~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 7]
    [C:\WINNT\downlo~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 1, 0, 3, 4]
[PID: 1348][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [ , 2, 0, 0, 1001]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [, 2, 0, 2, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 0, 1006]
[PID: 964][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  [Yahoo!, 1, 0, 1, 1001]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo, 1, 0, 1, 1006]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo, 1, 0, 0, 9]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo, 1, 0, 1, 1001]
    [C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo, 1, 0, 0, 2]
[PID: 1388][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1404][C:\WINNT\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
[PID: 1460][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 936][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 676][D:\office\Office\EXCEL.EXE]  [Microsoft Corporation, 9.0.2823]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [C:\Program Files\rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF0I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF7I.dll]  [Rogue Wave Software, Inc. & Hewlett-Packard Company, 7.0.0.1]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF3I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF1I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
    [C:\WINNT\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 8, 0, 0]
    [C:\WINNT\system32\WbCodeU.dll]  [N/A, 2, 8, 0, 0]
[PID: 1368][C:\Program Files\MSN Messenger\msnmsgr.exe]  [Microsoft Corporation, 7.0.0816]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [D:\Program Files\MSNShell\BIN\ShellDll02.dll]  [MSNShell Team, 4.2.25.3]
    [D:\Program Files\MSNShell\BIN\Skin\SkinPlusPlusDLL.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINNT\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 8, 0, 0]
    [C:\WINNT\system32\WbCodeU.dll]  [N/A, 2, 8, 0, 0]

[PID: 1364][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINNT\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [, 2, 0, 2, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 0, 1006]
    [C:\Program Files\CoolWebsite\QuickLink.dll]  [Fengcent, 1, 0, 0, 2]
    [C:\WINNT\system32\winsearch.dll]  [Win Search,Inc., 1.0.0.0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 1, 0, 2, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [Yahoo!, 2, 0, 5, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [, 1, 2, 7, 1006]
    [C:\PROGRA~1\vision\vision.dll]  [, 1, 2, 0, 7]
    [C:\PROGRA~1\vision\alvsn.dll]  [N/A, 1, 0, 0, 4]
    [D:\Program Files\rarext.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [N/A, 1, 0, 0, 1013]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1604][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\WINNT\downlo~1\CnsHint.dll]  [3721, 1, 0, 1, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo, 1, 0, 1, 1000]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [, 2, 0, 2, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 0, 1006]
    [C:\WINNT\downlo~1\cnsplus.dll]  [3721, 1, 0, 0, 2]
    [C:\Program Files\CoolWebsite\QuickLink.dll]  [Fengcent, 1, 0, 0, 2]
    [C:\WINNT\system32\winsearch.dll]  [Win Search,Inc., 1.0.0.0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 1, 0, 2, 1015]
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  [Yahoo., 1, 0, 1, 1001]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [Yahoo!, 2, 0, 5, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [, 1, 2, 7, 1006]
    [C:\PROGRA~1\vision\vision.dll]  [, 1, 2, 0, 7]
    [C:\PROGRA~1\vision\alvsn.dll]  [N/A, 1, 0, 0, 4]
    [c:\program files\google\googletoolbar1.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\WINNT\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [D:\PROGRA~1\FlashGet\getflash.dll]  [N/A, 1, 0, 0, 1]
    [C:\WINNT\downlo~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 6]
    [C:\WINNT\downlo~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 7]
    [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF0I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF7I.dll]  [Rogue Wave Software, Inc. & Hewlett-Packard Company, 7.0.0.1]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF3I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\2\HPBFGF1I.DLL]  [Hewlett-Packard Company, 4.5.3.2]
[PID: 1944][E:\试用类软件\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 0, 1013]
    [E:\试用类软件\sreng2\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

非常感谢各位！我已经全部上传了日志。

哎！病毒名称：Rootkit.Agent.mt
路径：C:\WINNT\system32\drivers\00001dd9.sys

或是：c:\winnt\system32\00001dd9.dat

C:\WINNT\system32\drivers\00001dd9.sys

：c:\winnt\system32\00001dd9.dat
到安全模式下删除,不行下载冰刃删除
http://free.ys168.com/?j7700074

日志不全

推荐使用360安全卫士清理一下流氓

.360下载地址:
http://www.360safe.com/
http://www.xdowns.com/soft/8/9/2006/Soft_31554.html
使用后删除360安全卫士

谢谢指教！我试试。

【回复“弱势风云”的帖子】
好像日志不全吧？

详细内容2006-11-24 18:58:52, 系统禁止本地rundll32.exe发送UDP数据包，地址为：0.0.0.0:4270 => 192.168.0.1:53[域名解析]程序名称为：C:\WINNT\system32\rundll32.exe

重新安装防火墙后这个网络连接让我拒绝了，是不是点错了，导致我上网很慢呢？请教！日志差了个文件关联！谢谢！
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

【回复“红夜鬼1”的帖子】
修复如下服务项：
[Network IPSEC Connections / SOCEESe]
<C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

[VisionService / VisionService]
<C:\WINNT\system32\rundll32.exe C:\PROGRA~1\vision\VISVER.DLL,Service><Microsoft Corporation>

＝＝＝＝＝＝＝＝＝＝＝

修复如下驱动项：
[New0 / New0]
<\??\C:\WINNT\system32\new.sys><N/A>

＝＝＝＝＝＝＝＝＝

修复如下浏览器加载项：
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>

[WinSearch]
{27E96DE0-8211-42CF-9A1E-FA6246A95B77} <C:\WINNT\system32\winsearch.dll, Win Search,Inc.>

[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >

[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>

[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >

＝＝＝＝＝＝＝＝＝＝＝＝

开始－－运行
输入regedit
确定
进入注册表
依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services](X代表1,2,3,4....)
找到后删除如下文件夹：
SOCEESe
VisionService
New0

依次展开
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Enum\Root\](X代表1,2,3,4....)
删除如下文件夹：
LEGACY_SOCEESe
LEGACY_VisionService
LEGACY_New0

＝＝＝＝＝＝＝＝＝＝＝＝

卸载
C:\Program Files\CoolWebsite\
C:\Program Files\vision\

＝＝＝＝＝＝＝＝＝＝＝＝

删除
C:\Program Files\CoolWebsite\
C:\Program Files\vision\
C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL
C:\WINNT\system32\new.sys
C:\WINNT\system32\drivers\00001dd9.sys
c:\winnt\system32\00001dd9.dat
C:\WINNT\system32\winsearch.dll