瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】急!病的不轻!!!高手救下!附日志!!!!!

12   1  /  2  页   跳转

【求助】急!病的不轻!!!高手救下!附日志!!!!!

收藏
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 08:55 | 只看楼主 短消息 资料
字号: 1楼

【求助】急!病的不轻!!!高手救下!附日志!!!!!

2006-11-28,08:34:23

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <DrvMon.exe><; C:\WINDOWS\system32\DrvMon.exe>  [Alcor Micro, Corp.]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <91cast><>  [N/A]
    <svc><C:\WINDOWS\svchost.exe>  [N/A]
    <updatereal><C:\WINDOWS\realupdate.exe other>  [N/A]
    <msnnt><C:\WINDOWS\winamps.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <{942699A0-07D0-2052-0816-020110200056}><"C:\Program Files\Common Files\{942699A0-07D0-2052-0816-020110200056}\Update.exe" te-110-12-0000113>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Thunder><; "C:\PROGRA~1\THUNDE~1\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <WEP Manager for NT><; webpmgr.exe>  [N/A]
    <ASocksrv><SocksA.exe>  [N/A]
    <RavAV><C:\WINDOWS\RavMonE.exe>  [N/A]
    <WinStar><C:\WINDOWS\IEXPL0RE.exe>  [Microsoft Corporation]
    <91cast><>  [N/A]
    <svc><C:\WINDOWS\svchost.exe>  [N/A]
    <winla><c:\winla\winla.exe>  []
    <IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run>  [Microsoft Corporation]
    <System><C:\WINDOWS\system32\testtestt.exe>  [N/A]
    <sdmmrnm><D;]XJOEPXT]ufnq]te262/fyf>  [N/A]
    <rzt><C:\WINDOWS\Intel\rundll32.exe>  [N/A]
    <mhs><C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\mhs.exe>  [N/A]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <jiahus><c:\windows\system32\svchqs.exe>  [N/A]
    <WindowsStar><C:\WINDOWS\system32\sexmple.exe>  [N/A]
    <Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  [N/A]
    <IpWins><C:\Program Files\ipwins\ipwins.exe>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system18.sys>  [N/A]

==================================
最后编辑2006-11-28 10:16:52
分享到:
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:04 | 只看楼主 短消息 资料
字号: 2楼

启动文件夹
[Microsoft Office 16]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office 16.lnk --> C:\PROGRA~1\COMMON~1\16OSA.EXE [Copyright? Microsoft Corporation 1994-1999.  All rights reserved.]><N>

==================================
服务
[Remote Procedure Call (RPC) Administrative Service / 6to4]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rpcadmin.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Indexing Service / IndexingService]
  <C:\WINDOWS\system32\cisrv.exe><Microsoft Corporation>
[IPSEC Client / NHLscA]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\MTJCKY80.DLL,Export 1087><N/A>
[WindowsNt Workstation / NTWorkStan]
  <C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>
[Safe network plug-in of pb / plug-in]
  <><N/A>
[RestoreService / RestoreService]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\service.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Aspi32 / Aspi32]
  <System32\drivers\aspi32.sys><Adaptec>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Coach Digital Camera on USB / CoachUsb]
  <system32\DRIVERS\CoachUsb.sys><FotoNation Ltd.>
[Intel(R) PRO Adapter Driver / E100B]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[EKSWDR03 / EKSWDR03]
  <\??\C:\WINDOWS\system32\EKSWDR03.SYS><Eastman Kodak Company>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ihjgjhbh / ihjgjhbh]
  <\SystemRoot\system32\drivers\ihjgjhbh.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KRegEx / KRegEx]
  <\??\C:\WINDOWS\system32\drivers\KRegEx.sys><N/A>
[KSysCall / KSysCall]
  <\??\C:\PROGRA~1\KV2005\KSysCall.sys><N/A>
[LT Modem Driver / ltmodem5]
  <system32\DRIVERS\ltmdmnt.sys><LT>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nwlnksipx / nwlnksipx]
  <\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PProtect / PProtect]
  <\??\C:\WINDOWS\system32\drivers\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>

==================================
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:05 | 只看楼主 短消息 资料
字号: 3楼

浏览器加载项
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Google Bar]
  {12365484-96a1-6974-3269-123555124655} <C:\WINDOWS\system32\GoogleBar.dll, Google Inc.>
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[BHOobj Class]
  {3CF67E17-3AF1-4813-88B9-F3B2490D2216} <C:\WINDOWS\system32\KIE.dll, >
[]
  {50297A03-863A-47C6-98F8-9FE6C44FDD63} <C:\WINDOWS\system32\inetreser.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder32.dll, N/A>
[XBTBPos00 Class]
  {A9A96F9D-825B-42B0-923C-CD101C447D74} <C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL, N/A>
[888Bar]
  {C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll, N/A>
[Webacc Class]
  {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\PROGRA~1\THUNDE~1\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, Fengcent>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\PROGRA~1\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, N/A>
[888Bar]
  {C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll, N/A>
[Abobe Flash Play 9]
  {0C1E6CF3-2894-4E6A-B91D-DDC52F021206} <C:\Program Files\Abobe Flash Play 9\Cab301b48.dll, N/A>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[Abobe Flash Play 9]
  {0C1E6CF3-2894-4E6A-B91D-DDC52F021206} <C:\Program Files\Abobe Flash Play 9\Cab301b48.dll, N/A>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Google Bar]
  {12365484-96A1-6974-3269-123555124655} <C:\WINDOWS\system32\GoogleBar.dll, Google Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[BHOobj Class]
  {3CF67E17-3AF1-4813-88B9-F3B2490D2216} <C:\WINDOWS\system32\KIE.dll, >
[]
  {50297A03-863A-47C6-98F8-9FE6C44FDD63} <C:\WINDOWS\system32\inetreser.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Vision]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:05 | 只看楼主 短消息 资料
字号: 4楼

{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder32.dll, N/A>
[XBTBPos00 Class]
  {A9A96F9D-825B-42B0-923C-CD101C447D74} <C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[888Bar]
  {C004DEC2-2623-438E-9CA2-C9043AB28508} <C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll, N/A>
[Webacc Class]
  {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, N/A>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[&使用迅雷下载]
  <C:\PROGRA~1\THUNDE~1\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\PROGRA~1\THUNDE~1\Thunder\Program\GetAllUrl.htm, N/A>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:06 | 只看楼主 短消息 资料
字号: 5楼

正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1024][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1200][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1532][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 6]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 3]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 1612][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EKLM4700.DLL]  [Eastman Kodak Company, 1.1]
    [C:\WINDOWS\system32\EKPECP1A.DLL]  [Eastman Kodak Company, 1.1]
[PID: 1896][C:\WINDOWS\svchost.exe]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1912][C:\winla\winla.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1956][C:\WINDOWS\Intel\rundll32.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 1992][C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\mhs.exe]  [N/A, N/A]
    [C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\mhs.dll]  [N/A, N/A]
[PID: 2032][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 120][C:\WINDOWS\system32\sexmple.exe]  [N/A, N/A]
[PID: 160][C:\Program Files\ipwins\ipwins.exe]  [N/A, N/A]
    [C:\Program Files\ipwins\Services.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 168][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 176][C:\Program Files\Common Files\{942699A0-07D0-2052-0816-020110200056}\Update.exe]  [N/A, N/A]
    [C:\Program Files\Common Files\{942699A0-07D0-2052-0816-020110200056}\System.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 188][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 480][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 492][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\cisrv.exe]  [Microsoft Corporation, 5, 2, 3790, 0]
[PID: 612][c:\windows\pmsgr.exe]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 1100][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1444][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\drivers\service.dll]  [N/A, N/A]
    [c:\windows\system32\drivers\ms_restore.dll]  [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
    [c:\windows\system32\drivers\Old_service.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 1508][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\escwian.dll]  [SEIKO EPSON CORP., 1.02]
[PID: 1696][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1760][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208][c:\windows\system32\wbem\lsass.exe]  [Microsoft, 1.0.0.0]
    [C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\svc8.tmp]  [N/A, N/A]
[PID: 1372][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
[PID: 752][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
    [c:\windows\system32\advwhes.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\inetreser.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
    [C:\PROGRA~1\MMSASS~1\mmsass~1.dll]  [, 1, 2, 0, 6]
    [C:\WINDOWS\system32\SCIntruder32.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll]  [N/A, 1, 0, 0, 1]
    [C:\WINDOWS\system32\svchost.dll]  [, 1, 0, 0, 1]
[PID: 3948][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 3552][D:\顾客\合同户\x项雅芬\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\WINDOWS\system32\ztdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]
[PID: 2172][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\WINDOWS\system32\aelupsvc32.dll]  [, 4, 1, 0, 0]

==================================
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:06 | 只看楼主 短消息 资料
字号: 6楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSTCPChain Provider
    C:\WINDOWS\system32\aelupsvc32.dll(, MFClDLL)
MSTCP Provider
    C:\WINDOWS\system32\aelupsvc32.dll(, MFClDLL)

==================================
Autorun.inf
[D:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[E:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe

==================================
HOSTS 文件
203.171.236.215      www.17173.com
203.171.236.215      www.wowchina.com
203.171.236.215      www.ztgame.com.cn
203.171.236.215      rxjh.17game.com
203.171.236.215      www.17game.com
203.171.236.215      www.kd171.cn
203.171.236.215      www.72g.com
203.171.236.215      www.muchina.com
203.171.236.215      xyq.163.com
203.171.236.215      xy2.163.com
203.171.236.215      www.the9.com
203.171.236.215      www.5173.com
203.171.236.215      www.tkgame.com
59.34.197.239      www.baidu.com
59.34.197.239      baidu.com
59.34.197.239      www.sohu.com
59.34.197.239      sohu.com
59.34.197.239      www.sina.com
59.34.197.239      sina.com
59.34.197.239      www.sina.com.cn
59.34.197.239      sina.com.cn
59.34.197.239      www.163.com
59.34.197.239      163.com
59.34.197.239      www.google.com
59.34.197.239      google.com
59.34.197.239      www.qq.com
59.34.197.239      qq.com
59.34.197.239      www.hao123.com
59.34.197.239      hao123.com
59.34.197.239      ttlttt.com
59.34.197.239      www.ddspn.com

==================================
gototop
 
西门独醉
头像
初生襁褓狮
  • 帖子:122
  • 注册: 2006-08-31
  • 来自:
发表于: 2006-11-28 09:16 | 只看楼主 短消息 资料
字号: 7楼

大虾们帮帮偶哈,谢谢拉!!!~~~
gototop
 
6981313
头像
强壮不惑狮
  • 帖子:880
  • 注册: 2006-04-24
  • 来自:
发表于: 2006-11-28 09:59 | 短消息 资料
字号: 8楼

到http://free5.ys168.com/?jxsbb下载
LSPFix.zip 178.3KB lsp修复工具
WinsockxpFix.rar 0.6MB lsp修复工具
执行完以下步骤后,用LSPFix修复LSP,如果不能正常上网用WinsockxpFix修复。

打开SRENG-启动项目-注册表,删除:
<91cast><> [N/A]
<svc><C:\WINDOWS\svchost.exe> [N/A]
<updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
<msnnt><C:\WINDOWS\winamps.exe> []
<{942699A0-07D0-2052-0816-020110200056}><"C:\Program Files\Common Files\{942699A0-07D0-2052-0816-020110200056}\Update.exe" te-110-12-0000113> [N/A]
WEP Manager for NT><; webpmgr.exe> [N/A]
<ASocksrv><SocksA.exe> [N/A]
<RavAV><C:\WINDOWS\RavMonE.exe> [N/A]
<WinStar><C:\WINDOWS\IEXPL0RE.exe> [Microsoft Corporation]
<91cast><> [N/A]
<svc><C:\WINDOWS\svchost.exe> [N/A]
<System><C:\WINDOWS\system32\testtestt.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
<mhs><C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\mhs.exe> [N/A]
<jiahus><c:\windows\system32\svchqs.exe> [N/A]
<WindowsStar><C:\WINDOWS\system32\sexmple.exe> [N/A]
<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]
<IpWins><C:\Program Files\ipwins\ipwins.exe> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system18.sys> [N/A]
打开SRENG-启动项目-服务-WIN32服务应用程序,选择隐藏已认证的微软项目,找到并删除:
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\MTJCKY80.DLL,Export 1087><N/A>
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\service.dll><N/A>
打开SRENG-启动项目-服务-驱动程序,选择隐藏已认证的微软项目,找到并删除:
<\SystemRoot\system32\drivers\ihjgjhbh.sys><N/A>
<\??\C:\WINDOWS\system32\drivers\PProtect.sys><N/A>


打开SRENG-系统修复-HOSTS文件,修复
203.171.236.215 www.17173.com
203.171.236.215 www.wowchina.com
203.171.236.215 www.ztgame.com.cn
203.171.236.215 rxjh.17game.com
203.171.236.215 www.17game.com
203.171.236.215 www.kd171.cn
203.171.236.215 www.72g.com
203.171.236.215 www.muchina.com
203.171.236.215 xyq.163.com
203.171.236.215 xy2.163.com
203.171.236.215 www.the9.com
203.171.236.215 www.5173.com
203.171.236.215 www.tkgame.com
59.34.197.239 www.baidu.com
59.34.197.239 baidu.com
59.34.197.239 www.sohu.com
59.34.197.239 sohu.com
59.34.197.239 www.sina.com
59.34.197.239 sina.com
59.34.197.239 www.sina.com.cn
59.34.197.239 sina.com.cn
59.34.197.239 www.163.com
59.34.197.239 163.com
59.34.197.239 www.google.com
59.34.197.239 google.com
59.34.197.239 www.qq.com
59.34.197.239 qq.com
59.34.197.239 www.hao123.com
59.34.197.239 hao123.com
59.34.197.239 ttlttt.com
59.34.197.239 www.ddspn.com


安全模式下,显示隐藏文件和文件夹,删除:
C:\WINDOWS\system32\aelupsvc32.dll
C:\WINDOWS\system32\ztdll.dll
<91cast><> [N/A]
<svc><C:\WINDOWS\svchost.exe> [N/A]
<updatereal><C:\WINDOWS\realupdate.exe other> [N/A]
<msnnt><C:\WINDOWS\winamps.exe> []
<{942699A0-07D0-2052-0816-020110200056}><"C:\Program Files\Common Files\{942699A0-07D0-2052-0816-020110200056}\Update.exe" te-110-12-0000113> [N/A]
WEP Manager for NT><; webpmgr.exe> [N/A]
<ASocksrv><SocksA.exe> [N/A]
<RavAV><C:\WINDOWS\RavMonE.exe> [N/A]
<WinStar><C:\WINDOWS\IEXPL0RE.exe> [Microsoft Corporation]
<91cast><> [N/A]
<svc><C:\WINDOWS\svchost.exe> [N/A]
<System><C:\WINDOWS\system32\testtestt.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
<mhs><C:\DOCUME~1\AA3612~1.PMG\LOCALS~1\Temp\mhs.exe> [N/A]
<jiahus><c:\windows\system32\svchqs.exe> [N/A]
<WindowsStar><C:\WINDOWS\system32\sexmple.exe> [N/A]
<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]
<IpWins><C:\Program Files\ipwins\ipwins.exe> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system18.sys> [N/A]
<\SystemRoot\system32\drivers\ihjgjhbh.sys><N/A>
<\??\C:\WINDOWS\system32\drivers\PProtect.sys><N/A>
C:\Program Files\ipwins\Services.dll
[c:\windows\system32\advwhes.dll] [N/A, N/A]
[C:\WINDOWS\system32\inetreser.dll] [N/A, N/A]
C:\WINDOWS\system32\SCIntruder32.dll
C:\PROGRA~1\MMSASS~1\mmsass~1.dll
[C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll]
[C:\WINDOWS\system32\svchost.dll]
C:\Program Files\ipwins\Services.dll
[c:\windows\system32\advwhes.dll] [N/A, N/A]
[C:\WINDOWS\system32\inetreser.dll] [N/A, N/A]
C:\WINDOWS\system32\SCIntruder32.dll
C:\PROGRA~1\MMSASS~1\mmsass~1.dll
[C:\Program Files\Common Files\{342699A0-07D0-2052-0816-020110200056}\888.dll]
[C:\WINDOWS\system32\svchost.dll]
(没有路径的文件,可以用WINDOWS搜索)
打开C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS,编辑HOSTS.写下127.0.0.1 LOCALHOST
用右键打开(注:右键,不是双击)D盘和E盘,删除
Autorun.inf
sxs.exe
结束后,断开网络,重装杀软,超级兔子,卡卡助手!装好后,连接网络,升级,全盘杀毒!用超级兔子清理注册表、流氓软件!然后再用卡卡助手清理!
gototop
 
6981313
头像
强壮不惑狮
  • 帖子:880
  • 注册: 2006-04-24
  • 来自:
发表于: 2006-11-28 10:04 | 短消息 资料
字号: 9楼

累了半天,唉~~~
这台机子基本上没啥了,最直接最有效的方法是把所有盘都格掉,重装!
全盘格,不要只格系统盘!
gototop
 
萧清扬1
头像
初生襁褓狮
  • 帖子:166
  • 注册: 2006-11-24
  • 来自:
发表于: 2006-11-28 10:10 | 短消息 资料
字号: 10楼

哈哈,那不白忙活了?
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT