MaiKfan - 2006-4-28 18:23:00
不小心安装了MSNPlus的所谓赞助广告后就发现收藏夹多了一堆跳转到“Search the web”的网址。
在论坛的恶意网站列表里好象没找到这个网站的解决链接,头都看晕了,只好发新贴请高人帮忙看看了……
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
F:\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
F:\Rising\Rav\RavTask.exe
F:\Rising\Rav\Ravmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
F:\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
F:\HijackThis\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll (file missing)
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\SUPERR~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\SUPERR~1\MagicSet\HAOKAN~1.DLL
O4 - HKLM\..\Run: [Super Rabbit SRRestore] F:\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [MessengerPlus3] "F:\\MsgPlus.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "F:\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FAST01] C:\DOCUME~1\123\APPLIC~1\LOCKSF~1\LogoCash.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra 'Tools' menuitem: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab
O16 - DPF: {AB89C9BF-9250-473B-BE49-D34F615CB678} (Chaos Filter) - http://download.mysee.com/Chaos.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35
天使之剑 - 2006-4-28 19:32:00
【回复“MaiKfan”的帖子】
请楼主使用下面的两个多引擎扫描器扫描下列文件:
c:\windows\system32\espi11.dll
多引擎扫描之Virustotal
http://www.virustotal.com/多引擎扫描之Jotti
http://virusscan.jotti.org/
请务必将报告贴全。
使用方法请参考:
【推荐】多引擎扫描器的使用方法
http://forum.ikaka.com/topic.asp?board=67&artid=7957175如果还有问题,请跟帖说明。
MaiKfan - 2006-4-28 20:56:00
Antivirus Version Update Result
AntiVir 6.34.0.24 04.20.2006 no virus found
Avast 4.6.695.0 04.28.2006 no virus found
AVG 386 04.27.2006 no virus found
Avira 6.34.1.58 04.28.2006 no virus found
BitDefender 7.2 04.28.2006 no virus found
CAT-QuickHeal 8.00 04.26.2006 no virus found
ClamAV devel-20060202 04.27.2006 no virus found
DrWeb 4.33 04.28.2006 no virus found
eTrust-InoculateIT 23.71.141 04.28.2006 no virus found
eTrust-Vet 12.4.2183 04.28.2006 no virus found
Ewido 3.5 04.28.2006 no virus found
Fortinet 2.71.0.0 04.27.2006 no virus found
F-Prot 3.16c 04.26.2006 no virus found
Ikarus 0.2.59.0 04.28.2006 P2P-Worm.Win32.Polipos.a
Kaspersky 4.0.2.24 04.28.2006 no virus found
McAfee 4750 04.27.2006 no virus found
Microsoft 1.1372 04.28.2006 no virus found
NOD32v2 1.1510 04.27.2006 no virus found
Norman 5.90.17 04.27.2006 no virus found
Panda 9.0.0.4 04.28.2006 no virus found
Sophos 4.05.0 04.28.2006 no virus found
Symantec 8.0 04.28.2006 no virus found
TheHacker 5.9.7.135 04.25.2006 no virus found
UNA 1.83 04.27.2006 no virus found
VBA32 3.11.0 04.27.2006 no virus found
Aditional Information
File size: 122880 bytes
MD5: a40c0fe0f88b36893388aab3dbaf629c
SHA1: 180eabaa1c03ff6f7e16d6c677b5c5f4c09dbc9a
MaiKfan - 2006-4-28 21:06:00
File: ESPI11.dll
Status: OK
MD5 a40c0fe0f88b36893388aab3dbaf629c
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
MaiKfan - 2006-4-28 21:10:00
能否直接在注册表项内删除?
天使之剑 - 2006-4-28 21:24:00
【回复“MaiKfan”的帖子】
问题不在它……
建议下载并使用CoolWeb粉碎机:
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931第3楼有教程和下载地址。
我无邪 - 2006-4-28 21:27:00
如果真想删除就得用lspfix.exe,这个东东在http://forum.ikaka.com/topic.asp?board=67&artid=5188931有得下载。
MaiKfan - 2006-4-28 22:07:00
CWShredder结果都是not present……
MaiKfan - 2006-4-28 22:42:00
lspfix.exe不知道该删掉哪些hijackthis检查出来的内容
MaiKfan - 2006-4-29 13:53:00
已经用CW粉碎和lspfix处理掉一部分程序内容,收藏夹已恢复,浏览中广告网站跳出现象暂时未出现,注册表内msgplus有关项已清除,是否还需检查?
MaiKfan - 2006-4-29 15:24:00
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Rising\Rav\RavStub.exe
F:\Rising\Rav\RavTask.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\工具包\HijackThis.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [RavStub] "F:\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\Ravmond.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
不言放弃 - 2006-4-29 15:28:00
【回复“MaiKfan”的帖子】
O10 - Unknown file in Winsock LSP: c:\windows\system32\espi11.dll
这一项有问题
需要使用LSPFIX来修复
操作方法:
参考http://forum.ikaka.com/topic.asp?board=28&artid=7795226中的LSPFIX图片
注意这次应该选中espi11.dll
另外此贴有LSPFIX的下载
MaiKfan - 2006-4-29 16:03:00
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
F:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Rising\Rav\RavStub.exe
F:\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\Rundll32.exe
F:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Maxthon\Maxthon.exe
F:\工具包\HijackThis.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RavTask] "F:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DPC] Rundll32 "C:\WINDOWS\system32\dpsck.dll",Start
O4 - HKLM\..\RunOnce: [RavStub] "F:\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://tv.etshow.net/list/powerplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A66FB-5F3E-4DAD-87E4-F5C6022A20ED}: NameServer = 202.96.113.34,202.96.113.35
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Unknown owner - (no file)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Rising\Rav\Ravmond.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
© 2000 - 2026 Rising Corp. Ltd.