[CODE]

2007-06-28,21:30:30

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功

能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000

Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup> 

[NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft

Windows 2000 Publisher]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing

Rising Technology Co., Ltd.]
    <NvMediaCenter><; RUNDLL32.EXE

C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <C-Media Mixer><; Mixer.exe /startup>  [(Verified)Microsoft Windows

Hardware Compatibility Publisher, E=""]
    <QuickTime Task><; "D:\QuickTime\qttask.exe" -atboottime>  [Apple

Computer, Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot>  [RealNetworks, Inc.]
    <RealTray><; C:\Program Files\Real\RealPlayer\Realplay.exe

SYSTEMBOOTHIDEPLAYER>  [N/A]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising

Technology Co., Ltd.]
    <Microsoft Autorun5><C:\WINNT\system32\mosou.exe>  []
    <Microsoft Autorun7><C:\WINNT\system32\nwizqjsj.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
   

<Userinit><C:\WINNT\system32\userinit.exe,C:\WINNT\system32\Com\smss.exe,> 

[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellE

xecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> 

[Beijing Rising Technology Co., Ltd.]
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINNT\system32\Time.dll>  []

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma

Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe

Systems, Inc.]><H>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft

Office.lnk --> D:\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><H>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader

Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe

Systems Incorporated]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk

--> D:\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[FireDaemon Service: Secure / Secure][Running/Auto Start]
  <c:\Windows\system32\Dap\\mssvchost.exe -s><>
[SystemUpdate / SystemUpdate][Running/Auto Start]
  <C:\Program Files\Windows Media Player\xp32s.exe><N/A>
[FireDaemon Service: WindowsUpdate / WindowsUpdate][Stopped/Auto Start]
  <c:\Windows\system32\Dap\\mssvchost.exe -s><>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k

netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co.,

Ltd.>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Motorola USB Cable Modem Windows Driver / ndiscm][Running/Manual Start]
  <system32\DRIVERS\NetMotCM.sys><Motorola Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co.,

Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co.,

Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\RISING\RAV\RSPPSYS.sys><Rising>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上

海浩方在线信息技术有限公司>
[铭泰在线词语解释]
  {63A96E48-1CD6-4346-B1EE-F2CA91642FF8} <d:\sunv\Dfkc3000\WebCBand.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[东方网译]
  {E1CC05A7-50AD-4A1A-8C5E-50145D933731} <d:\sunv\Dfkc3000\DFWYBand.dll, >
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx,

Microsoft Corporation>
[东方网译]
  {AB6BEAD2-325B-4729-BB13-DB24509EFA54} <d:\sunv\Dfkc3000\DFWYBand.dll, >
[铭泰在线词语解释]
  {CAEEE31B-6844-479C-ADAA-73B6D482E782} <d:\sunv\Dfkc3000\WebCBand.dll, >
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINNT\system32\SHDOCVW.DLL,

Microsoft Corporation>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000}

<C:\WINNT\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[System Requirements Lab Class]
  {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} <C:\WINNT\Downloaded Program

Files\sysreqlab2.dll, Husdawg, LLC>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx,

Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000}

<C:\WINNT\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[YOKHttpFilter Class]
  {686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\PROGRA~1\yok\adblock.dll, N/A>
[YOKAdBlock Class]
  {718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\PROGRA~1\yok\adblock.dll, N/A>
[Alexa Web Search]
  <http://client.alexa.com/holiday/script/actions/search.htm, N/A>
[Get Alexa Data]
  <http://client.alexa.com/holiday/script/actions/sitedata.htm, N/A>
[Mail to a Friend...]

  <http://client.alexa.com/holiday/script/actions/mailto.htm, N/A>
[See Related Links]
  <http://client.alexa.com/holiday/script/actions/related.htm, N/A>
[Write a Review...]
  <http://client.alexa.com/holiday/script/actions/review.htm, N/A>
[添加到QQ表情]
  <d:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 160][\SystemRoot\System32\smss.exe]  [Microsoft Corporation,

5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation,

5.00.2195.6601]
[PID: 208][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation,

5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 236][C:\WINNT\system32\services.exe]  [Microsoft Corporation,

5.00.2195.7035]
    [C:\WINNT\system32\secmgnt.dll]  [N/A, ]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp.,

2195.6605.297.3]
[PID: 248][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation,

5.00.2195.7011]
[PID: 1156][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]
    [C:\WINNT\system32\nwizqjsj.dll]  [N/A, ]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19,

0, 0, 9]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe

Systems Incorporated, 7.0.9.2006121800]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe

Systems, Inc., 7.0.0.0]
[PID: 1168][C:\WINNT\system32\Com\smss.exe]  [FREE, 1.00]
    [C:\WINNT\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 1240][C:\WINNT\system32\conime.exe]  [Microsoft Corporation,

5.00.2195.6655]
[PID: 1364][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] 

[RealNetworks, Inc., 0.1.0.1622]
[PID: 1332][C:\WINNT\system32\internat.exe]  [Microsoft Corporation,

5.00.2920.0000]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]
[PID: 1220][C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe] 

[RealNetworks, Inc., 7.0.0.1176]
    [C:\WINNT\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Update_OB\athn3270.dll] 

[RealNetworks, Inc., 7.0.0.1187]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks,

Inc., 6.0.9.2068]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]
[PID: 656][D:\Tencent\QQ\TIMPlatform.exe]  [TENCENT, 7,0,313,1681]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]
    [d:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 1772][D:\Tencent\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]
    [D:\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1,

0, 5]
    [D:\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [D:\Tencent\TT\TTNetFavor.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [d:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18,

0, 0, 4]
    [C:\WINNT\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc.,

9,0,45,0]
    [C:\WINNT\system32\Macromed\Common\SwSupport.dll]  [Adobe Systems, Inc.,

10.2r22]
[PID: 980][F:\系统辅助\System Repair Engineer\SREng.EXE]  [Smallfrogs Studio,

2.4.12.806]
    [C:\WINNT\system32\MOSOU.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [768] C:\Program Files\Windows Media Player\xp32s.exe

==================================


[/CODE]

隐藏进程
[768] C:\Program Files\Windows Media Player\xp32s.exe

楼上的？怎么说，可以具体一点吗？

随便数了一下  楼主至少被 7-9个黑客控制

鼠标是 黑客在和你抢鼠标

怎么办？

如果没有过什么手工杀毒的经验和看日志的经验 建议重装系统吧

打开SREng-启动项目->注册表->删除以下启动项目
<Microsoft Autorun5><C:\WINNT\system32\mosou.exe> []
<Microsoft Autorun7><C:\WINNT\system32\nwizqjsj.exe> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINNT\system32\Time.dll> []


删除下面的服务（运行SRENG--->启动项目--->服务--->Win32服务应用程序--->选择要删除的服务--->选择删除服务--->点击设置--->出现提示里选择否，确认删除。）
[SystemUpdate / SystemUpdate][Running/Auto Start]
<C:\Program Files\Windows Media Player\xp32s.exe><N/A>

重启删除
C:\WINNT\system32\secmgnt.dll
C:\WINNT\system32\MOSOU.dll
C:\WINNT\system32\nwizqjsj.dll
C:\Program Files\Windows Media Player\xp32s.exe
C:\WINNT\system32\Time.dll
C:\WINNT\system32\mosou.exe
C:\WINNT\system32\nwizqjsj.exe

光标问题好象已经解决！非常感谢火影忍者！！
但是  C:\WINNT\system32\secmgnt.dll删除不了
   

反复再删，不行就改名删，再不行就扫个新日志瞧瞧。估计还有没清理正确。