瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.OnLineGames Adware.Cdn Adware.Boran 刚重装就跑回来三个

12   1  /  2  页   跳转

Trojan.OnLineGames Adware.Cdn Adware.Boran 刚重装就跑回来三个

收藏
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-09 23:18 | 只看楼主 短消息 资料
字号: 1楼

Trojan.OnLineGames Adware.Cdn Adware.Boran 刚重装就跑回来三个

07 05 11 晚

  问题应该已经结决了,电脑的时间没有再改,不过早上杀毒的时候,还是发现很多病毒,放在7楼了.晚上在杀的时候,只有刚下的软件里发现病毒,幸福中…… 呃……感谢 桃子CiCi 都是按你教的方法现在已经搞定了,爽歪歪呀……, 还要感谢:春天的小水竹 后面给我的提示。

  呃,还有件事,不要在百度软件上下东西,下个超级免子,结果还赠送后门病毒,太过份了!!


五一前,电脑中的.Trojan.onlinegames 后来听建议把电脑重装了,可能是之前文件又拷回来的原因,电脑又一堆一堆的病毒,太恐怖了.现在卡巴的保护盾都打不开了,瑞星的监控也不自己启动了.

现在的电脑,我自己都看不了,在重装一次我也没意见,不过这刚重装了两天就这样了.真是没办法了.


附扫描:

2007-05-09,22:37:50

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <g7w><C:\DOCUME~1\kunbu\LOCALS~1\Temp\c0nime.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"E:\程序\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\程序\瑞星\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <testrun><C:\WINDOWS\testexe.exe>  [N/A]
    <!AVG Anti-Spyware><"E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <mppds><C:\WINDOWS\mppds.exe>  [N/A]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\System32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp>  [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\guard.exe><N/A>
[F7F7FAFF / F7F7FAFF]
  <C:\WINDOWS\System32\53F61708.EXE -d><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Windows ivxs RunThem / ivxs]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\dqsn\nacx.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <e:\程序\瑞星\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\程序\瑞星\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\程序\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\程序\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WinWLServiceNow / WinWLServiceNow]
  <C:\DOCUME~1\kunbu\LOCALS~1\Temp\RAVWL.EXE><N/A>
最后编辑2007-05-11 14:07:01.937000000
分享到:
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-09 23:28 | 只看楼主 短消息 资料
字号: 2楼

==================================
驱动程序
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran]
  <system32\drivers\cdntran.sys><CNNIC>
[chbhjghb / chbhjghb]
  <\SystemRoot\system32\drivers\chbhjghb.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\E:\程序\瑞星\RISING\RAV\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[HCF_MSFT / HCF_MSFT]
  <System32\DRIVERS\HCF_MSFT.sys><Conexant>
[HookCont / HookCont]
  <\??\E:\程序\瑞星\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\E:\程序\瑞星\RISING\RAV\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\程序\瑞星\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\程序\瑞星\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\E:\程序\瑞星\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\程序\瑞星\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\E:\程序\瑞星\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\程序\瑞星\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[]
  {907A3125-34DE-4F9D-8815-BC42059DA9F7} <C:\WINDOWS\system32\dygnclnitpbcg.dll, N/A>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\程序\淘宝旺旺\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[上传到QQ网络硬盘]
  <E:\程序\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\程序\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\程序\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\程序\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 500][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 652][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 896][E:\程序\瑞星\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 912][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1224][E:\程序\瑞星\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [E:\程序\瑞星\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\程序\瑞星\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\程序\瑞星\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [E:\程序\瑞星\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\程序\瑞星\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\程序\瑞星\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\程序\瑞星\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\程序\瑞星\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\程序\瑞星\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [E:\程序\瑞星\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [E:\程序\瑞星\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\程序\瑞星\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\程序\瑞星\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\程序\瑞星\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [E:\程序\瑞星\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [E:\程序\瑞星\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\程序\瑞星\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\程序\瑞星\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [E:\程序\瑞星\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\程序\瑞星\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 27]
    [E:\程序\瑞星\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [E:\程序\瑞星\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\程序\瑞星\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\程序\瑞星\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 50]
    [E:\程序\瑞星\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [E:\程序\瑞星\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [E:\程序\瑞星\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [E:\程序\瑞星\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [E:\程序\瑞星\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [E:\程序\瑞星\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [E:\程序\瑞星\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 17]
    [E:\程序\瑞星\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [E:\程序\瑞星\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [E:\程序\瑞星\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\程序\瑞星\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[PID: 1304][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp]  [N/A, N/A]
    [C:\WINDOWS\System32\testdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, N/A]
    [C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.54.5.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\dygnclnitpbcg.dll]  [N/A, N/A]
[PID: 1384][e:\程序\瑞星\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 34]
    [e:\程序\瑞星\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [e:\程序\瑞星\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [e:\程序\瑞星\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [e:\程序\瑞星\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\程序\瑞星\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [e:\程序\瑞星\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1532][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1756][e:\程序\瑞星\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [e:\程序\瑞星\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\程序\瑞星\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\程序\瑞星\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\程序\瑞星\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\程序\瑞星\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 300][E:\程序\瑞星\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [E:\程序\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\程序\瑞星\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\程序\瑞星\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\程序\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 436][E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 452][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 968][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1856][C:\WINDOWS\System32\tcpsvcs.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1960][C:\WINDOWS\System32\snmp.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2524][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3108][E:\程序\杀毒程序\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\testdll.dll]  [N/A, N/A]
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-09 23:28 | 只看楼主 短消息 资料
字号: 3楼

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        localhost
127.0.0.1        popwin.9983.com
61.152.169.246    www.kuaiso.com
61.152.169.246    www.my6688.cn
61.152.169.246    www.union123.com
61.152.169.246    www.ktan.cn
61.152.169.246    www.2t2t.cn
61.152.169.246    www.cq530.com
61.152.169.246    www.365tc.com
61.152.169.246    ad.qucha.net
61.152.169.246    www.tan8.cn
61.152.169.246    www.itjj.net
61.152.169.246    www.start188.com
61.152.169.246    www.at58.cn
61.152.169.246    union.yxad.com
61.152.169.246    www.iptan.com
61.152.169.246    www.ip2008.net
61.152.169.246    www.yqif.com
61.152.169.246    www.2t2t.cn
61.152.169.246    www.17tan8.com
61.152.169.246    17tan8.com
61.152.169.246    www.688ip.com
61.152.169.246    www.17tc.com
61.152.169.246    www.zztan.com
61.152.169.246    www.5tanip.com
61.152.169.246    www.16tc.com
61.152.169.246    www.163se.net
61.152.169.246    www.724tc.com
61.152.169.246    www1.6tan.com
61.152.169.246    www2.6tan.com
61.152.169.246    www.6tan.com
61.152.169.246    quxiuu.com
61.152.169.246    www.quxiuu.com
61.152.169.246    www.23b.cn
61.152.169.246    www.ookkw.com
61.152.169.246    www.97725.com
61.152.169.246    down.97725.com
61.152.169.246    www.54699.com
61.152.169.246    web.77276.com
61.152.169.246    www.77276.com
61.152.169.246    d.77276.com
61.152.169.246    do.77276.com
61.152.169.246    i.96981.com
61.152.169.246    wm.103715.com
61.152.169.246    www.138505.com
61.152.169.246    cool.47555.com
61.152.169.246    www.437799.com
61.152.169.246    www.168080.com
61.152.169.246    w.168080.com
61.152.169.246    q.168080.com
61.152.169.246    www.baidu8.org
61.152.169.246    d.qbbd.com
61.152.169.246    w.qbbd.com
61.152.169.246    www.npjxjy.com
61.152.169.246    www.wwwlm.net
61.152.169.246    new2.jixie123.cn
61.152.169.246    www.18dmm.com
61.152.169.246    www.souxse.cn
61.152.169.246    dm1.yiall.com
61.152.169.246    www.nze21.com
61.152.169.246    www.puma163.com
61.152.169.246    www.hyap98.com
61.152.169.246    www.51liulan.cn
61.152.169.246    s.gcuj.com
61.152.169.246    long.down988.cn
61.152.169.246    x.vvcyin.com
61.152.169.246    w.vvcyin.com
61.152.169.246    cc.wzxqy.com
61.152.169.246    ip.315hack.com
61.152.169.246    ip.54liumang.com
61.152.169.246    www.41ip.com
61.152.169.246    xulao.com
61.152.169.246    www.xulao.com
61.152.169.246    www.heixiou.com
61.152.169.246    www.9cyy.com
61.152.169.246    adnx.yygou.cn
61.152.169.246    www1.cw988.cn
61.152.169.246    www2.cw988.cn
61.152.169.246    www.asdwc.com
61.152.169.246    ceoww.com
61.152.169.246    boolom.com
61.152.169.246    www.boolom.com
61.152.169.246    www.tellumore.com
61.152.169.246    www.o1wg.com
61.152.169.246    www.qq756.com
61.152.169.246    ll.chinasese.net
61.152.169.246    www.cnwangmeng.cn
61.152.169.246    0.82211.net
61.152.169.246    rising.whatthishome.com
61.152.169.246    www.canqiou.com
61.152.169.246    www.if56.cn
61.152.169.246    woai777.com
61.152.169.246    www.cz-kc.com
61.152.169.246    www.f1ash8.net
61.152.169.246    new.hackpp.com
61.152.169.246    ad.taoip.cn
61.152.169.246    www.game53.com
61.152.169.246    up.boolom.com
61.152.169.246    t.gcuj.com
61.152.169.246    w.zpx520.com
61.152.169.246    www.08325.cn
61.152.169.246    d.fangni.net
61.152.169.246    psxiaokan1.mei7.com
61.152.169.246    jd.54liumang.com
61.152.169.246    www.ipvip.info
61.152.169.246    www.tao168188.com
61.152.169.246    ww.qqzheng.cn
61.152.169.246    mmm.021mm8.com
61.152.169.246    www.urlad.cn
61.152.169.246    www.810810.org
61.152.169.246    my.pkgame8.com
61.152.169.246    www.chunliao.net
61.152.169.246    www.89622.com
61.152.169.246    at2.810810.org

==================================
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-10 00:52 | 只看楼主 短消息 资料
字号: 4楼

恩,还有,时间变成了,2005年,我改了之后,电脑又自己跳回到前年了.地址栏里多出一堆,我从来没上的网站.
gototop
 
桃子CiCi
头像
飘泊而立狮
  • 帖子:547
  • 注册: 2007-01-30
  • 来自:
发表于: 2007-05-10 01:29 | 短消息 资料
字号: 5楼

按如下步骤进行。如有疑问请加QQ:176498851
声明:如下涉及到要删除或停止禁用的服务,驱动,进程以及文件如有明白其用处的,请保留。若不确定一律清除。

Icesword v1.20
最新版本下载地址:
中文:http://202.38.64.10/~jfpan/download/IceSword120_cn.zip MD5 :cfb8514add1fbfb510b0084e837e561c
==========================================================================
清空临时文件夹:具体路径: C:\documents and settings\用户名\LOCALS~1\Temp
进入安全模式下[安全模式进入方法:重启电脑时按住F8 选择进入安全模式],
==========================================================================
用冰刃修改注册表:
启动项目需删除的:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<g7w><C:\DOCUME~1\kunbu\LOCALS~1\Temp\c0nime.exe> [N/A]

[HKEY_CURRENT_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<testrun><C:\WINDOWS\testexe.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\ctfnom.exe> [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> [N/A]



==========================================================================
运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除(选中有问题的服务后,点“

删除服务”,点“设置”按钮即可。 注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中

修改启动类型,点设置):
[F7F7FAFF / F7F7FAFF]
<C:\WINDOWS\System32\53F61708.EXE -d><Microsoft Corporation>
[Windows ivxs RunThem / ivxs]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\dqsn\nacx.dll><N/A>
[WinWLServiceNow / WinWLServiceNow]
<C:\DOCUME~1\kunbu\LOCALS~1\Temp\RAVWL.EXE><N/A>


==========================================================================
运行SREng-在"启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除(选中有问题的服务后,点“删除服务”

,点“设置”按钮即可。 注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类

型,点设置):
  [chbhjghb / chbhjghb]
<\SystemRoot\system32\drivers\chbhjghb.sys><N/A>
[HCF_MSFT / HCF_MSFT]
<System32\DRIVERS\HCF_MSFT.sys><Conexant>


==========================================================================
下载冰刃后运行,结束进程:
文件-设置-勾选“禁止进程创建”
选中以[PID]开头的进程,右键-模块信息-卸载或强制解除(所插入的子进程)
[PID: 1304][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, N/A]
[C:\WINDOWS\System32\testdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.54.5.0]
[C:\WINDOWS\system32\dygnclnitpbcg.dll] [N/A, N/A]

[PID: 3108][E:\程序\杀毒程序\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\System32\testdll.dll] [N/A, N/A]



==========================================================================
用冰刃删除文件:
依次删除如下:
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, N/A]
[C:\WINDOWS\System32\testdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.54.5.0]
[C:\WINDOWS\system32\dygnclnitpbcg.dll] [N/A, N/A]
C:\WINDOWS\System32\53F61708.EXE
\SystemRoot\system32\drivers\chbhjghb.sys
<System32\DRIVERS\HCF_MSFT.sys


恢复“禁止进程创建”项
=========================================================================
在删除所对应的文件之后清理注册表;运行-regedit-我的电脑-编辑-查找-依次输入
testdll.dll
NewInfo.bmp
mppds.dll
chbhjghb.sys
53F61708.EXE
mp3infp.dll

按F3继续,直到搜索完毕,凡查找到的一律删除!
===========================================================================
用SRENG修复HOST,点击保存;
重启计算机。
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-10 21:33 | 只看楼主 短消息 资料
字号: 6楼

1、上面的步骤基本都做完了,不过下面这些没有找到,

在安全模示下,点冰刃,文件,设置,选“禁止进程创建”确定,
在进程里,找不到[PID]开头的文件.还有下面这些文件,这一步都就没做.
图片是重启后冰刃进程的图片.

==========================================================================
下载冰刃后运行,结束进程:
文件-设置-勾选“禁止进程创建”
选中以[PID]开头的进程,右键-模块信息-卸载或强制解除(所插入的子进程)
[PID: 1304][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, N/A]
[C:\WINDOWS\System32\testdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.54.5.0]
[C:\WINDOWS\system32\dygnclnitpbcg.dll] [N/A, N/A]

[PID: 3108][E:\程序\杀毒程序\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\DOCUME~1\kunbu\LOCALS~1\Temp\Gjzo0.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\System32\testdll.dll] [N/A, N/A]

==========================================================================



2、在删除的文件中,这些没有找到.其它的都删掉了。
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
\SystemRoot\system32\drivers\chbhjghb.sys


3、重启过很多次了,电脑时间都是正常的。不过地址栏里,不知道那来的网站,还在那里。

4、正常启动之后,打开冰刃再关闭,电脑很快就会重启,每次都是这样。而且没有任何提示的,就黑屏了。不过不开冰刃,或是打开后不关闭,就不会重启.好像有些不正常.

下面附刚刚的扫描结果:

2007-05-10,21:09:36

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"E:\程序\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\程序\瑞星\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <!AVG Anti-Spyware><"E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\guard.exe><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <e:\程序\瑞星\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\程序\瑞星\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\程序\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\程序\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

附件附件:

下载次数:682
文件类型:image/pjpeg
文件大小:
上传时间:2007-5-10 21:33:58
描述:
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-10 21:38 | 只看楼主 短消息 资料
字号: 7楼

==================================
驱动程序
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\E:\程序\杀毒\卡巴斯基\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran]
  <system32\drivers\cdntran.sys><CNNIC>
[ExpScaner / ExpScaner]
  <\??\E:\程序\瑞星\RISING\RAV\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[HCF_MSFT / HCF_MSFT]
  <System32\DRIVERS\HCF_MSFT.sys><Conexant>
[HookCont / HookCont]
  <\??\E:\程序\瑞星\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\E:\程序\瑞星\RISING\RAV\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\程序\瑞星\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\程序\瑞星\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\E:\程序\瑞星\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\程序\瑞星\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\E:\程序\瑞星\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\程序\瑞星\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[]
  {907A3125-34DE-4F9D-8815-BC42059DA9F7} <C:\WINDOWS\system32\dygnclnitpbcg.dll, N/A>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\程序\淘宝旺旺\WangWang\WangWangX4.dll, 阿里软件(中国)有限公司>
[上传到QQ网络硬盘]
  <E:\程序\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\程序\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\程序\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\程序\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 600][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 644][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 656][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 940][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1096][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1568][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1632][e:\程序\瑞星\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [e:\程序\瑞星\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\程序\瑞星\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\程序\瑞星\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\程序\瑞星\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\程序\瑞星\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 364][E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [E:\程序\杀毒程序\卡巴斯基\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 392][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 892][C:\WINDOWS\System32\tcpsvcs.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1016][C:\WINDOWS\System32\snmp.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1984][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2084][E:\程序\杀毒程序\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-11 10:30 | 只看楼主 短消息 资料
字号: 8楼

太恐怖了,昨天扫完一个病毒都没有了,怎么上早又扫出一堆.稍后附上一会的日志.


C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002874.DLL -> Backdoor.Agent.ahj : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002909.DLL -> Backdoor.Agent.ahj : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002932.DLL -> Backdoor.Agent.ahj : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0005035.EXE -> Backdoor.Agent.ahj : 已清除.
C:\WINDOWS\system32\FA5CC5C5.DLL -> Backdoor.Agent.ahj : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP18\A0007492.exe -> Downloader.Small.czl : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0000851.exe -> Downloader.Small.czl : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0002840.exe -> Downloader.Small.czl : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002936.exe -> Downloader.Small.czl : 已清除.
C:\WINDOWS\system32\ctfnom.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP18\A0007499.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP18\A0007522.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP18\A0007644.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002925.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0002973.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0002987.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0002994.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0002995.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0004003.exe -> Downloader.Small.czl : 已清除.
E:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0005007.exe -> Downloader.Small.czl : 已清除.
E:\程序\QQ\TIMPlatform.exe -> Downloader.Small.czl : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0000304.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0000835.exe -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0002830.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP6\A0002848.exe -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002867.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002904.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002927.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002935.exe -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0004004.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0005008.dll -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0005032.dll -> Trojan.Nilage.bjt : 已清除.
C:\WINDOWS\testexe.exe -> Trojan.Nilage.bjt : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002944.dll -> Trojan.OnLineGames.es : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002868.dll -> Trojan.OnLineGames.sd : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002903.dll -> Trojan.OnLineGames.sd : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002926.dll -> Trojan.OnLineGames.sd : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP7\A0002945.exe -> Trojan.OnLineGames.sd : 已清除.
C:\System Volume Information\_restore{F4E18A08-F25C-4FB6-997B-DBCB790BAE0E}\RP8\A0002952.exe -> Trojan.OnLineGames.sd : 已清除.
gototop
 
kunbu
头像
拙长孩提狮
  • 帖子:82
  • 注册: 2006-07-14
  • 来自:
发表于: 2007-05-11 10:38 | 只看楼主 短消息 资料
字号: 9楼

2007-05-11,10:22:07

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"E:\程序\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\程序\瑞星\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <!AVG Anti-Spyware><"E:\程序\杀毒程序\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\System32\ctfnom.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\程序\杀毒程序\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <e:\程序\瑞星\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\程序\瑞星\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\程序\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\程序\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran]
  <system32\drivers\cdntran.sys><CNNIC>
[ExpScaner / ExpScaner]
  <\??\E:\程序\瑞星\RISING\RAV\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[HCF_MSFT / HCF_MSFT]
  <System32\DRIVERS\HCF_MSFT.sys><Conexant>
[HookCont / HookCont]
  <\??\E:\程序\瑞星\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\E:\程序\瑞星\RISING\RAV\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\程序\瑞星\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\程序\瑞星\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\E:\程序\瑞星\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\程序\瑞星\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\E:\程序\瑞星\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\程序\瑞星\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-05-11 10:39 | 短消息 资料
字号: 10楼

呵呵!!!!
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT