瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 各位高手路过的帮帮我看看啊?十万火急

12   1  /  2  页   跳转

各位高手路过的帮帮我看看啊?十万火急

收藏
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-20 20:38 | 只看楼主 短消息 资料
字号: 1楼

各位高手路过的帮帮我看看啊?十万火急

Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 3. 6
Scan saved at 20:22:20, on 2006-12-20
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=piaoxue.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://vod.51zc.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xplus_spy] ; "E:\xvcclip.exe" /min
O4 - HKLM\..\Run: [KuGoo3] F:\酷狗\KuGoo3\KuGoo.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ismrwd89] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ismrwd89.dll,DllUnregisterServer
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKLM\..\Run: [ghaikr26] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ghaikr26.dll,DllUnregisterServer
O4 - HKLM\..\Run: [LHotkey] LHotkey.exe
O4 - HKLM\..\Run: [Thunder] "G:\新建文件夹\ThunderShell.exe" /s
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\播放器\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [DAEMON Tools-2052] "G:\CD\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] F:\超级兔子\MagicSet\SRFC.EXE /Load
O4 - HKLM\..\Run: [Lingoes] "F:\英汉\Dictionary 1.0\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te266/fyf
O4 - HKLM\..\Run: [umxira66] %systemroot%\system32\Rundll32.exe %systemroot%\system32\umxira66.dll,DllUnregisterServer
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SysExplr.EXE
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\KakaToolBar\RunOnce.exe
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - G:\新建文件夹\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\新建文件夹\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O11 - Options group: [TBH]  QQ地址栏搜索插件
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/windows/ie_intl/cn/start/
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\system32\dajava.cab
O16 - DPF: Internet Explorer Classes for Java - file://C:\WINDOWS\system32\iejava.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2547FC-086A-4B8E-AA38-21A60489A09F}: NameServer = 202.96.128.166 202.96.128.86
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O22 - SharedTaskScheduler: Windows Media Player 核心预加载程序 - {78BF3960-61F0-4F4E-825D-3554FA61E847} - C:\WINDOWS\system32\wmpkn.dll
O23 - Service: 956CAA4C (956CAA4C) -  - C:\WINDOWS\system32\956caa4c.exe -service
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Access Connection Management (Remote Access Connection Management) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs
网页不断出现 IE工具栏不断被安装搜索软件 主页不断被改成http://piaoxue.5009.cn//
开机出现ggrrc.dll无法加载
最后编辑2006-12-22 17:12:10
分享到:
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-12-20 21:47 | 短消息 资料
字号: 2楼

请下载SREng2(最新版) ,使用“智能扫描”,按下“扫描”按钮进行扫描,
扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:17 | 只看楼主 短消息 资料
字号: 3楼

Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 3. 6
Scan saved at 19:04:18, on 2006-12-21
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=piaoxue.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://vod.51zc.com
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}? - (no file)
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0}? - (no file)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O3 - Toolbar:  (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xplus_spy] ; "E:\xvcclip.exe" /min
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [KuGoo3] F:\酷狗\KuGoo3\KuGoo.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [ismrwd89] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ismrwd89.dll,DllUnregisterServer
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKLM\..\Run: [ghaikr26] %systemroot%\system32\Rundll32.exe %systemroot%\system32\ghaikr26.dll,DllUnregisterServer
O4 - HKLM\..\Run: [LHotkey] LHotkey.exe
O4 - HKLM\..\Run: [Thunder] "G:\新建文件夹\ThunderShell.exe" /s
O4 - HKLM\..\Run: [StormCodec_Helper] "G:\播放器\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [DAEMON Tools-2052] "G:\CD\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] F:\超级兔子\MagicSet\SRFC.EXE /Load
O4 - HKLM\..\Run: [Lingoes] "F:\英汉\Dictionary 1.0\Lingoes.exe" -cphs
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te266/fyf
O4 - HKLM\..\Run: [umxira66] %systemroot%\system32\Rundll32.exe %systemroot%\system32\umxira66.dll,DllUnregisterServer
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SysExplr.EXE
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\KakaToolBar\RunOnce.exe
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - G:\新建文件夹\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - G:\新建文件夹\getallurl.htm
O11 - Options group: [TBH] 中文搜搜
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/windows/ie_intl/cn/start/
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\system32\dajava.cab
O16 - DPF: Internet Explorer Classes for Java - file://C:\WINDOWS\system32\iejava.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2547FC-086A-4B8E-AA38-21A60489A09F}: NameServer = 202.96.128.166 202.96.128.86
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O22 - SharedTaskScheduler: Windows Media Player 核心预加载程序 - {78BF3960-61F0-4F4E-825D-3554FA61E847}? - (no file)
O23 - Service: 956CAA4C (956CAA4C) -  - C:\WINDOWS\system32\956caa4c.exe -service
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Remote Access Connection Management (Remote Access Connection Management) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: RestoreService (RestoreService) - Microsoft Corporation All rights reserved - C:\WINDOWS\system32\svchost.exe -k restoreservice
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:44 | 只看楼主 短消息 资料
字号: 4楼

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <svc><C:\WINDOWS\svchost.exe>  [N/A]
    <91cast><>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KuGoo3><F:\酷狗\KuGoo3\KuGoo.exe>  []
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ismrwd89><%systemroot%\system32\Rundll32.exe %systemroot%\system32\ismrwd89.dll,DllUnregisterServer>  [N/A]
    <runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <ghaikr26><%systemroot%\system32\Rundll32.exe %systemroot%\system32\ghaikr26.dll,DllUnregisterServer>  [N/A]
    <LHotkey><LHotkey.exe>  [Chicony]
    <Thunder><"E:\迅雷5\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <StormCodec_Helper><"G:\播放器\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <DAEMON Tools-2052><"G:\CD\daemon.exe"  -lang 2052>  [DAEMON'S HOME]
    <Super Rabbit SafeEdit><F:\超级兔子\MagicSet\SRFC.EXE /Load>  [Super Rabbit Soft]
    <Lingoes><"F:\英汉\Dictionary 1.0\Lingoes.exe" -cphs>  [N/A]
    <sdmmrnm><D;]XJOEPXT]ufnq]te266/fyf>  [N/A]
    <umxira66><%systemroot%\system32\Rundll32.exe %systemroot%\system32\umxira66.dll,DllUnregisterServer>  [N/A]
    <SysExplr><C:\Herosoft\HeroV8\SysExplr.EXE>  [N/A]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <91cast><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <main><rundll32.exe "C:\program files\internet explorer\use061219.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebSecurity><C:\WINDOWS\system32\PvSec.dll>  []
    <NetWork><C:\WINDOWS\system32\reporter.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{78BF3960-61F0-4F4E-825D-3554FA61E847}?><>  [N/A]
    <{78BF3960-61F0-4F4E-825D-3554FA61E847}><C:\WINDOWS\system32\wmpkn.dll>  [N/A]
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:44 | 只看楼主 短消息 资料
字号: 5楼

启动文件夹
N/A

==================================
服务
[956CAA4C / 956CAA4C]
  <C:\WINDOWS\system32\956CAA4C.EXE -service><N/A>
[DCOM 服务器进程启动器 / DcomLaunch]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[E6B758B0 / E6B758B0]
  <C:\WINDOWS\system32\E6B758B0.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Access Connection Management / Remote Access Connection Management]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnhost.dll><N/A>
[RestoreService / RestoreService]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[Remote Procedure Call (RPC) / RpcSs]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Terminal Services / TermService]
  <C:\WINDOWS\System32\svchost -k DComLaunch-->%SystemRoot%\System32\termsrv.dll><Microsoft Corporation>
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:44 | 只看楼主 短消息 资料
字号: 6楼

驱动程序
[00006fe9 / 00006fe9]
  <\SystemRoot\system32\drivers\00006fe9.SYS><N/A>
[agfeeica / agfeeica]
  <\SystemRoot\system32\drivers\agfeeica.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[c10723187 / c10723187]
  <\SystemRoot\System32\drivers\c10723187.sys><N/A>
[c10811250 / c10811250]
  <\SystemRoot\System32\drivers\c10811250.sys><N/A>
[ciiegghh / ciiegghh]
  <\SystemRoot\system32\drivers\ciiegghh.sys><中国互联网络信息中心(CNNIC)>
[d343bus / d343bus]
  <\SystemRoot\system32\DRIVERS\d343bus.sys><>
[d343port / d343port]
  <\SystemRoot\system32\DRIVERS\d343port.sys><>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[FixDrv / FixDrv]
  <C:\WINDOWS\SYSTEM32\DRIVERS\FixDrv.SYS><N/A>
[ghaikr2 / ghaikr26]
  <\SystemRoot\System32\DRIVERS\ghaikr26.sys><N/A>
[hdfs / hdfs]
  <\??\C:\WINDOWS\system32\drivers\hdfs.sys><N/A>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HpaFilt / HpaFilt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaFilt.SYS><Lenovo Software inc.>
[HpaLower / HpaLower]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaLower.SYS><N/A>
[ismrwd8 / ismrwd89]
  <\SystemRoot\System32\DRIVERS\ismrwd89.sys><N/A>
[jmwmad6 / jmwmad67]
  <\SystemRoot\System32\DRIVERS\jmwmad67.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[losjncck / losjncck]
  <\SystemRoot\system32\drivers\losjncck.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
  <\??\E:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[parcls / parcls]
  <\??\C:\WINDOWS\system32\drivers\parcls.sys><N/A>
[pciidey / pciidey]
  <C:\WINDOWS\SYSTEM32\DRIVERS\pciidey.SYS><Windows (R) 2000 DDK provider>
[StarForce Protection Environment Driver v6 / prodrv06]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rboa / rboat]
  <\SystemRoot\System32\DRIVERS\rboat.sys><N/A>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[umxira6 / umxira66]
  <\SystemRoot\System32\DRIVERS\umxira66.sys><N/A>
[viagfx / viagfx]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:45 | 只看楼主 短消息 资料
字号: 7楼

浏览器加载项
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <E:\迅雷5\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, N/A>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MallObj Class]
  {3B30B48F-617D-4F73-A20F-D3D54357F103} <C:\WINDOWS\system32\mallgoo2.dll, 上海奥德易海科技>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[XBTBPos00 Class]
  {88C43374-ECEE-4DB9-A06E-F69C7871B0A9} <C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <E:\迅雷5\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll, N/A>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[MallObj Class]
  {3B30B48F-617D-4F73-A20F-D3D54357F103} <C:\WINDOWS\system32\mallgoo2.dll, 上海奥德易海科技>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <G:\新建文件夹\MediaAddin02.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[XBTBPos00 Class]
  {88C43374-ECEE-4DB9-A06E-F69C7871B0A9} <C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CPub Object]
  {C68AE9C0-0909-4DDC-B661-C11970042753} <C:\WINDOWS\system32\svrhost.dll, Osborn Technologies, Inc.>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\flash.ocx, Macromedia, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[]
  {F770522B-198D-4134-9D74-D30F41B3BA44} <C:\WINDOWS\system32\llrvaevgxaiugkg.dll, N/A>
[Abobe Flash Play 9]
  {F85E8BAB-1A14-4090-9C50-6B9141450239} <C:\Program Files\Abobe Flash Play 9\Cab301b48.dll, N/A>
[&使用迅雷下载]
  <E:\迅雷5\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\迅雷5\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:47 | 只看楼主 短消息 资料
字号: 8楼

正在运行的进程
[PID: 600][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1088][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\messenger\msnhost.dll]  [N/A, N/A]
[PID: 1152][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1284][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1676][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 580][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 624][C:\Program Files\Rising\KakaToolBar\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [C:\Program Files\Rising\KakaToolBar\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 672][C:\WINDOWS\LHotkey.exe]  [Chicony, 1. 0. 0. 1]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 680][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 920][C:\Herosoft\HeroV8\SysExplr.EXE]  [N/A, N/A]
    [C:\Herosoft\HeroV8\HttpReq.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\CoolMenu.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\httphlp.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\AVCDROM.dll]  [N/A, N/A]
    [C:\Herosoft\HeroV8\Sys936.DLL]  [N/A, N/A]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1032][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1932][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\drivers\restore.dll]  [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[PID: 1960][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2184][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2448][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3640][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\PvSec.dll]  [, 5, 1, 100, 2500]
    [C:\WINDOWS\system32\reporter.dll]  [N/A, N/A]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
    [E:\迅雷5\ComDlls\XunLeiBHO_004.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 1, 14]
gototop
 
电脑新手2
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2006-08-10
  • 来自:
发表于: 2006-12-21 19:47 | 只看楼主 短消息 资料
字号: 9楼

[G:\快乐影音\HappyPlayer\Codecs\mmfinfo.dll]  [N/A, N/A]
    [G:\快乐影音\HappyPlayer\Codecs\mkunicode.dll]  [N/A, N/A]
    [C:\Program Files\Acrobatchs\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 1140][C:\Program Files\VnetClient1.6\VnetClient.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\flash.ocx]  [Macromedia, Inc., 7,0,19,0]
[PID: 1516][E:\迅雷5\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 2, 252]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [E:\迅雷5\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [E:\迅雷5\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [E:\迅雷5\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\迅雷5\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [E:\迅雷5\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [E:\迅雷5\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 12]
    [E:\迅雷5\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\WINDOWS\system32\Macromed\Flash\flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [E:\迅雷5\Components\DTAG\DTAG.dll]  [, 1, 0, 0, 1]
    [E:\迅雷5\Program\LiveUpdate.dll]  [, 1, 0, 0, 9]
    [E:\迅雷5\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [E:\迅雷5\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 0, 14]
    [E:\迅雷5\Components\InMedia\iEmbed07.dll]  [ , 3, 1, 0, 58]
    [E:\迅雷5\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [E:\迅雷5\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 42]
    [E:\迅雷5\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\迅雷5\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 3]
    [E:\迅雷5\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [E:\迅雷5\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\迅雷5\Plugins\ExplorerHelper\ExplorerHelper.dll]  [, 1, 0, 0, 1]
    [E:\迅雷5\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
[PID: 1172][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 2768][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 2980][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINDOWS\system32\xunleibho_v13.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 48]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 1, 14]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 2892][C:\Program Files\FlashGet\flashget.exe]  [Amaze Soft, 1, 6, 0, 0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1956][C:\DOCUME~1\Admin\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A
gototop
 
红夜鬼1
头像
横据古稀狮
  • 帖子:8602
  • 注册: 2006-10-18
  • 来自:
发表于: 2006-12-21 20:39 | 短消息 资料
字号: 10楼

运行SREng2,使用“启动项目”--注册表--删除
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wmpkn.dll
C:\WINDOWS\system32\reporter.dll

运行(双击)SRENG2,点“启动项目,服务,点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
956CAA4C
E6B758B0
Remote Access Connection Management
RestoreService
Remote Procedure Call (RPC)
Terminal Services
,选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2,点“启动项目,服务,点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
00006fe9
agfeeica
c10723187
c10811250
ciiegghh
ghaikr2
,选择“删除服务”
点“设置”选择“否”

重启按F8进入安全模式下
显示隐藏文件
删除: 
SystemRoot\System32\DRIVERS\ghaikr26.sys
SystemRoot\system32\drivers\00006fe9.SYS
\SystemRoot\system32\drivers\agfeeica.sys
SystemRoot\System32\drivers\c10723187.sys
SystemRoot\System32\drivers\c10811250.sys
SystemRoot\system32\drivers\ciiegghh.sys
SystemRoot%\System32\termsrv.dll
SystemRoot%\system32\rpcss.dl
C:\WINDOWS\system32\drivers\restore.dll
C:\Program Files\Messenger\msnhost.dll
C:\WINDOWS\system32\E6B758B0.EXE
:\WINDOWS\system32\956CAA4C.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wmpkn.dll
C:\WINDOWS\system32\reporter.dll
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT