瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 现在我的电脑。中毒超深。高手们帮帮忙。

1   1  /  1  页   跳转

[求助] 现在我的电脑。中毒超深。高手们帮帮忙。

收藏
woaiSSd
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-01-18
  • 来自:
发表于: 2009-01-18 14:02 | 只看楼主 短消息 资料
字号: 1楼

现在我的电脑。中毒超深。高手们帮帮忙。

用瑞星杀。查是查到。很多删不掉。

我D:
    E:
    F:
  都格式化了。

  还是有毒。

  C:盘里删不掉的病毒软件怎么办。?

[复制到剪贴板]
CODE:
2009-01-18,14:23:55

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RisTray><"F:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{26983C72-A08E-4106-B283-2FC40210CB25}><C:\WINDOWS\system32\impojcni.dll>  [File is missing]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <26983C72><C:\WINDOWS\system32\impojcni.dll>  [File is missing]
    <B5E53A23><>  [N/A]
    <C85B0DCE><>  [N/A]
    <56E6C567><>  [N/A]
    <6290ACDE><>  [N/A]
    <5228D640><>  [N/A]
    <22BC75D3><>  [N/A]
    <87458327><>  [N/A]
    <D686CC78><>  [N/A]
    <84EBF9A5><>  [N/A]
    <835F49B9><>  [N/A]
    <79354977><>  [N/A]
    <1BBF9DB0><>  [N/A]
    <87A3387F><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [File is missing]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [File is missing]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Ris Process Communication Center / RisCCenter][Stopped/Auto Start]
  <F:\Program Files\Rising\Ris\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RisTask Manager / RisTask][Stopped/Auto Start]
  <"F:\Program Files\Rising\Ris\RavTask.exe" RisTask><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <F:\Program Files\Rising\Ris\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <F:\Program Files\Rising\Ris\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Program Files\QQ2007\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\F:\Program Files\Rising\Ris\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\F:\Program Files\Rising\Ris\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[BBNBHO Class]
  {7C696E52-BF38-49A8-9017-ACE15A794707} <C:\WINDOWS\system32\BBN_iCafe_071210.dll, TODO: <Company name>>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[微软]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[BBNBHO Class]
  {7C696E52-BF38-49A8-9017-ACE15A794707} <C:\WINDOWS\system32\BBN_iCafe_071210.dll, TODO: <Company name>>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 392][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 460][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][F:\Program Files\Rising\Ris\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Program Files\Rising\Ris\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [F:\Program Files\Rising\Ris\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [F:\Program Files\Rising\Ris\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Program Files\Rising\Ris\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [F:\Program Files\Rising\Ris\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Program Files\Rising\Ris\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [F:\Program Files\Rising\Ris\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21]
    [F:\Program Files\Rising\Ris\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [F:\Program Files\Rising\Ris\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [F:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Program Files\Rising\Ris\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.75]
    [F:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Program Files\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [F:\Program Files\Rising\Ris\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [F:\Program Files\Rising\Ris\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [F:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [F:\Program Files\Rising\Ris\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [F:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [F:\Program Files\Rising\Ris\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [F:\Program Files\Rising\Ris\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\Program Files\Rising\Ris\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\Program Files\Rising\Ris\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [F:\Program Files\Rising\Ris\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [F:\Program Files\Rising\Ris\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [F:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [F:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17]
    [F:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [F:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Program Files\Rising\Ris\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Program Files\Rising\Ris\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 1140][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.7779]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7779]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][F:\Program Files\Rising\Ris\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Program Files\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [F:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Program Files\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [F:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\Program Files\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
    [F:\Program Files\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Program Files\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
    [F:\Program Files\Rising\Ris\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [F:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [F:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [F:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [F:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 1420][F:\Program Files\Rising\Ris\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Program Files\Rising\Ris\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [F:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1624][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
[PID: 296][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.42]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 324][F:\Program Files\Rising\Ris\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\Program Files\Rising\Ris\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Program Files\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [F:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Program Files\Rising\Ris\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Program Files\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Program Files\Rising\Ris\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [F:\Program Files\Rising\Ris\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [F:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Program Files\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [F:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [F:\Program Files\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
    [F:\Program Files\Rising\Ris\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [F:\Program Files\Rising\Ris\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.90]
    [F:\Program Files\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Program Files\Rising\Ris\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [F:\Program Files\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [F:\Program Files\Rising\Ris\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 5]
    [F:\Program Files\Rising\Ris\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[PID: 332][C:\WINDOWS\system32\ctfmon.exe]  [(Infected) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 920][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\199691]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 584][F:\Program Files\Rising\Ris\RegGuide.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.58]
[PID: 1084][C:\WINDOWS\notepad.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 976][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
[PID: 1860][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.125\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 1952][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.125\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.125\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1196][C:\WINDOWS\notepad.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      v.onondown.com.cn
127.0.0.2      ymsdasdw1.cn
127.0.0.3      h96b.info
127.0.0.0      xxx.zttwp.cn
127.0.0.0      www.hackerbf.cn
127.0.0.0      ww.popdm.cn
127.1.1.1      bbt.etimes888.com
127.1.1.1      219.147.13.53
127.1.1.1      dl.360safe.com
127.1.1.1      20068080.cn
127.1.1.1      l.neter888.cn
127.1.1.1      stat.untang.com
127.1.1.1      www.ikdy.cn
127.0.0.0      geekbyfeng.cn
127.0.0.0      121.14.101.68
127.0.0.0      ppp.etimes888.com
127.0.0.0      www.bypk.com
127.0.0.0      CSC3-2004-crl.verisign.com
127.0.0.1      va9sdhun23.cn
127.0.0.0      udp.hjob123.com
127.1.1.1      999.hfdy2828.com
127.1.1.1      www.hfdy2929.com
127.1.1.1      www.xiazaide1.cn
127.1.1.1      www.vuf51579.cn
127.1.1.1      wm.eo2q.cn
127.1.1.1      d.www-263.com
127.1.1.1      www.ssy1688.cn
127.1.1.1      121.12.173.218
127.1.1.1      qq.18i16.net
127.1.1.1      a.baidu-6661.com
127.1.1.1      www.vuf51579.cn
127.1.1.1      www.1079223105.cn
127.1.1.1      home.xzx6.cn
127.1.1.1      top.fgc3.cn
127.1.1.1      165.246.44.228
127.1.1.1      wwww.ttfafa.com
127.1.1.1      pa.tt-09.com
127.0.0.2      bnasnd83nd.cn
127.0.0.0      www.gamehacker.com.cn
127.0.0.0      gamehacker.com.cn
127.1.1.1      www.cctv-100008.cn
127.1.1.1      222.73.208.141
127.0.0.3      adlaji.cn
127.1.1.1      aiyyw.com
127.0.0.1      858656.com
127.1.1.1      bnasnd83nd.cn
127.0.0.1      my123.com
127.0.0.0      user1.12-27.net
127.0.0.1      8749.com
127.0.0.0      fengent.cn
127.0.0.1      4199.com
127.0.0.1      user1.16-22.net
127.0.0.1      7379.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1      7255.com
127.0.0.1      user1.23-12.net
127.0.0.1      3448.com
127.0.0.1      www.guccia.net
127.0.0.1      7939.com
127.0.0.1      a.o1o1o1.nEt
127.0.0.1      8009.com
127.0.0.1      user1.12-73.cn
127.0.0.1      piaoxue.com
127.0.0.1      3n8nlasd.cn
127.0.0.1      kzdh.com
127.0.0.0      www.sony888.cn
127.0.0.1      about.blank.la
127.0.0.0      user1.asp-33.cn
127.0.0.1      6781.com
127.0.0.0      www.netkwek.cn
127.0.0.1      7322.com
127.0.0.0      ymsdkad6.cn
127.0.0.1      localhost
127.0.0.0      www.lkwueir.cn
127.0.0.1      06.jacai.com
127.0.1.1      user1.23-17.net
127.0.0.1      1.jopenkk.com
127.0.0.0      upa.luzhiai.net
127.0.0.1      1.jopenqc.com
127.0.0.0      www.guccia.net
127.0.0.1      1.joppnqq.com
127.0.0.0      4m9mnlmi.cn
127.0.0.1      1.xqhgm.com
127.0.0.0      mm119mkssd.cn
127.0.0.1      100.332233.com
127.0.0.0      61.128.171.115:8080
127.0.0.1      121.11.90.79
127.0.0.0      www.1119111.com
127.0.0.1      121565.net
127.0.0.0      win.nihao69.cn
127.0.0.1      125.90.88.38
127.0.0.1      16888.6to23.com
127.0.0.1      2.joppnqq.com
127.0.0.0      puc.lianxiac.net
127.0.0.1      204.177.92.68
127.0.0.0      pud.lianxiac.net
127.0.0.1      210.74.145.236
127.0.0.0      210.76.0.133
127.0.0.1      219.129.239.220
127.0.0.0      61.166.32.2
127.0.0.1      219.153.40.221
127.0.0.0      218.92.186.27
127.0.0.1      219.153.46.27
127.0.0.0      www.fsfsfag.cn
127.0.0.1      219.153.52.123
127.0.0.0      ovo.ovovov.cn
127.0.0.1      221.195.42.71
127.0.0.0      dw.com.com
127.0.0.1      222.73.218.115
127.0.0.1      203.110.168.233:80
127.0.0.1      3.joppnqq.com
127.0.0.1      203.110.168.221:80
127.0.0.1      363xx.com
127.0.0.1      www1.ip10086.com.cm
127.0.0.1      4199.com
127.0.0.1      blog.ip10086.com.cn
127.0.0.1      43242.com
127.0.0.1      www.ccji68.cn
127.0.0.1      5.xqhgm.com
127.0.0.0      t.myblank.cn
127.0.0.1      520.mm5208.com
127.0.0.0      x.myblank.cn
127.0.0.1      59.34.131.54
127.0.0.1      210.51.45.5
127.0.0.1      59.34.198.228
127.0.0.1      www.ew1q.cn
127.0.0.1      59.34.198.88
127.0.0.1      59.34.198.97
127.0.0.1      60.190.114.101
127.0.0.1      60.190.218.34
127.0.0.0      qq-xing.com.cn
127.0.0.1      60.191.124.252
127.0.0.1      61.145.117.212
127.0.0.1      61.157.109.222
127.0.0.1      75.126.3.216
127.0.0.1      220.250.64.21
127.0.0.1      75.126.3.217
127.0.0.1      75.126.3.218
127.0.0.0      59.125.231.177:17777
127.0.0.1      75.126.3.220
127.0.0.1      75.126.3.221
127.0.0.1      75.126.3.222
127.0.0.1      772630.com
127.0.0.1      832823.cn
127.0.0.1      8749.com
127.0.0.1      888.jopenqc.com
127.0.0.1      89382.cn
127.0.0.1      8v8.biz
127.0.0.1      97725.com
127.0.0.1      9gg.biz
127.0.0.1      www.9000music.com
127.0.0.1      test.591jx.com
127.0.0.1      a.topxxxx.cn
127.0.0.1      picon.chinaren.com
127.0.0.1      www.5566.net
127.0.0.1      p.qqkx.com
127.0.0.1      news.netandtv.com
127.0.0.1      z.neter888.cn
127.0.0.1      b.myblank.cn
127.0.0.1      wvw.wokutu.com
127.0.0.1      unionch.qyule.com
127.0.0.1      www.qyule.com
127.0.0.1      it.itjc.cn
127.0.0.1      www.linkwww.com
127.0.0.1      vod.kaicn.com
127.0.0.1      www.tx8688.com
127.0.0.1      b.neter888.cn
127.0.0.1      promote.huanqiu.com
127.0.0.1      www.huanqiu.com
127.0.0.1      www.haokanla.com
127.0.0.1      play.unionsky.cn
127.0.0.1      www.52v.com
127.0.0.1      www.gghka.cn
127.0.0.1      icon.ajiang.net
127.0.0.1      new.ete.cn
127.0.0.1      www.stiae.cn
127.0.0.1      o.neter888.cn
127.0.0.1      comm.jinti.com
127.0.0.1      www.google-analytics.com
127.0.0.1      hz.mmstat.com
127.0.0.1      www.game175.cn
127.0.0.1      x.neter888.cn
127.0.0.1      z.neter888.cn
127.0.0.1      p.etimes888.com
127.0.0.1      hx.etimes888.com
127.0.0.1      abc.qqkx.com
127.0.0.1      dm.popdm.cn
127.0.0.1      www.yl9999.com
127.0.0.1      www.dajiadoushe.cn
127.0.0.1      v.onondown.com.cn
127.0.0.1      www.interoo.net
127.0.0.1      bally1.bally-bally.net
127.0.0.1      www.bao5605509.cn
127.0.0.1      www.rty456.cn
127.0.0.1      www.werqwer.cn
127.0.0.1      1.360-1.cn
127.0.0.1      user1.23-16.net
127.0.0.1      www.guccia.net
127.0.0.1      www.interoo.net
127.0.0.1      upa.netsool.net
127.0.0.1      js.users.51.la
127.0.0.1      vip2.51.la
127.0.0.1      web.51.la
127.0.0.1      qq.gong2008.com
127.0.0.1      2008tl.copyip.com
127.0.0.1      tla.laozihuolaile.cn
127.0.0.1      www.tx6868.cn
127.0.0.1      p001.tiloaiai.com
127.0.0.1      s1.tl8tl.com
127.0.0.1      s1.gong2008.com
127.0.0.1      4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 484, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1140, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 976, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1860, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.125\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)
最后编辑woaiSSd 最后编辑于 2009-01-18 14:25:28
分享到:
gototop
 
backway
头像
卡卡反病毒小组
  • 帖子:2473
  • 注册: 2008-11-20
  • 来自:
发表于: 2009-01-18 14:04 | 短消息 资料
字号: 2楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

按步骤操作:先清理后扫描日志过来

关闭IE用下面的工具全选,清理系统临时文件和IE临时文件夹     
http://www.atribune.org/public-beta/ATF-Cleaner.exe

下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.rar(升级后使用)

下载sreng:http://download.kztechs.com/files/sreng2.zip
解压sreng2.zip-->打开SREngLdr.EXE-->勾选  智能扫描、检查进程的数字签名-->扫描-->保存报告用附件上传
注意:扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序
gototop
 
woaiSSd
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-01-18
  • 来自:
发表于: 2009-01-18 14:29 | 只看楼主 短消息 资料
字号: 3楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

又出现一新问题。

点网站里面的 论坛,不自动进入网页。

点 论坛里面的标题。也不进入版块。

启动系统时候。在欢迎使用那卡住了。

下面的启动项目的横条也没有了。

怎么办
最后编辑woaiSSd 最后编辑于 2009-01-18 14:30:09
gototop
 
woaiSSd
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-01-18
  • 来自:
发表于: 2009-01-18 14:37 | 只看楼主 短消息 资料
字号: 4楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

  快点来人吧。
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2009-01-18 14:50 | 短消息 资料
字号: 5楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

这里下载费尔木马强力清除助手,点选“抑制文件再生”删除下面文件。
http://bbs.ikaka.com/attachment.aspx?attachmentid=446804

删除:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WowInitcode.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\199691

不论删除结果如何立即重启电脑,继续下面操作。

你系统内下面两个文件已经被病毒恶意替换了。
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\ctfmon.exe

按照这贴进行相关文件替换操作恢复rpcss服务以及恢复其对应rpcss.dll文件,包括替换回ctfmon.exe文件
http://bbs.ikaka.com/showtopic-8561436.aspx
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除:
启动项目
注册表
    <{26983C72-A08E-4106-B283-2FC40210CB25}><C:\WINDOWS\system32\impojcni.dll>  [File is missing]
    <26983C72><C:\WINDOWS\system32\impojcni.dll>  [File is missing]
    <B5E53A23><>  [N/A]
    <C85B0DCE><>  [N/A]
    <56E6C567><>  [N/A]
    <6290ACDE><>  [N/A]
    <5228D640><>  [N/A]
    <22BC75D3><>  [N/A]
    <87458327><>  [N/A]
    <D686CC78><>  [N/A]
    <84EBF9A5><>  [N/A]
    <835F49B9><>  [N/A]
    <79354977><>  [N/A]
    <1BBF9DB0><>  [N/A]
    <87A3387F><>  [N/A]
——————————————————————————————————————
手工直接去IE浏览器的菜单里找“工具”项里选择“internet选项”点击“删除文件”勾选“删除脱机文件”再点确定清空IE缓存。

下载工具清空能清空的垃圾文件,不能清空的不管它
http://bbs.ikaka.com/attachment.aspx?attachmentid=479547

用W i n d o w s 清理助手 ,清理你那系统。
W i n d o w s 清理助手 下载:http://www.arswp.com/
————————————————————————————————————
再重启电脑,反复检查,操作的结果,

杀毒软件升级至最新版本全盘杀。

记得打全系统漏洞补丁

SRENG工具的各项操作看这里:http://bbs.ikaka.com/showtopic-8545446.aspx
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2009-01-18 14:50 | 短消息 资料
字号: 6楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

c:\windows\system32\ctfmon.exe
文件发上来

http://bbs.ikaka.com/showtopic-8417665.aspx
里2楼
将其中的ctfmon.exe
rpcss.dll
解压到
c:\windows\system32目录

1.建议使用XDelBox删除以下文件Xdelbox1.8下载地址
使用说明:先勾选抑制再生删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除(不论文件是否存在,继续操作重启删除
),电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。




c:\docume~1\admini~1\locals~1\temp\199691
c:\docume~1\admini~1\locals~1\temp\wowinitcode.dat
c:\windows\system32\impojcni.dll
c:\windows\system32\bbn_icafe_071210.dll

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[87A3387F]    <>
[1BBF9DB0]    <>
[79354977]    <>
[835F49B9]    <>
[835F49B9]    <>
[84EBF9A5]    <>
[D686CC78]    <>
[87458327]    <>
[22BC75D3]    <>
[5228D640]    <>
[6290ACDE]    <>
[56E6C567]    <>
[C85B0DCE]    <>
[B5E53A23]    <>
[26983C72]    <C:\WINDOWS\system32\impojcni.dll>

    系统修复-- 浏览器加载项之如下项删除:
[BBNBHO Class]    <C:\WINDOWS\system32\BBN_iCafe_071210.dll>
[BBNBHO Class]    <C:\WINDOWS\system32\BBN_iCafe_071210.dll>
最后编辑aaccbbdd 最后编辑于 2009-01-18 14:51:27
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2009-01-18 14:51 | 短消息 资料
字号: 7楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

所有操作必须断网操作

连网状态下C:\WINDOWS\system32\rpcss.dll和C:\WINDOWS\system32\ctfmon.exe会访问网络,继续下载一大堆木马的。
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 
Enao2005
头像
版主
  • 帖子:2112
  • 注册: 2004-12-02
  • 来自:
发表于: 2009-01-18 14:51 | 短消息 资料
字号: 8楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

断网
从其他电脑拷贝如下文件
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rpcss.dll

在你电脑里面搜索C:\WINDOWS\system32\rpcss.dll,重命名为1.DLL,把从其他电脑拷贝的C:\rpcss.dll放到C:\WINDOWS\system32

结束进程ctfmon.exe,把其他电脑拷贝的ctfmon.exe放到C:\WINDOWS\system32

删除注册表项目
  <26983C72><C:\WINDOWS\system32\impojcni.dll>  [File is missing]
    <B5E53A23><>  [N/A]
    <C85B0DCE><>  [N/A]
    <56E6C567><>  [N/A]
    <6290ACDE><>  [N/A]
    <5228D640><>  [N/A]
    <22BC75D3><>  [N/A]
    <87458327><>  [N/A]
    <D686CC78><>  [N/A]
    <84EBF9A5><>  [N/A]
    <835F49B9><>  [N/A]
    <79354977><>  [N/A]
    <1BBF9DB0><>  [N/A]
    <87A3387F><>  [N/A]

重启电脑后删除1.DLL
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2009-01-18 14:52 | 短消息 资料
字号: 9楼

回复 7F 天月来了 的帖子

下载器改成ctfmon.exe了?(*^__^*) 嘻嘻……
gototop
 
backway
头像
卡卡反病毒小组
  • 帖子:2473
  • 注册: 2008-11-20
  • 来自:
发表于: 2009-01-18 15:03 | 短消息 资料
字号: 10楼

回复:现在我的电脑。中毒超深。高手们帮帮忙。

浏览器加载项[BBNBHO Class]    <C:\WINDOWS\system32\BBN_iCafe_071210.dll>
[BBNBHO Class]    <C:\WINDOWS\system32\BBN_iCafe_071210.dll>

LZ自己考虑要不要删除
有用的话就留着
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT