怎么没人说话了时间就是金钱啊! bbs.ikaka.com

2120058 - 2006-5-20 18:23:00

2006-05-20,18:21:25

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pyjj><C:\Program Files\jj4\jjsvr4.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Isass.exe / Isass.exe]
<><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, N/A>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=bainiudg, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <, N/A>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\windows\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\windows\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\windows\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\windows\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\windows\system32\wmp.dll, Microsoft Corporation>

2120058 - 2006-5-20 18:23:00

[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\windows\system32\mshtml.dll, Microsoft Corporation>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, N/A>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\windows\system32\danim.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<D:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SSMWinlogonEx.dll] <System Safety Limited><2.0.7.570>
[PID: 584][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 596][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 808][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 884][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1176][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1404][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Internet Explorer\PLUGINS\new123.sys] <N/A><N/A>
[C:\WINDOWS\system32\4.dll] <N/A><N/A>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1496][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\4.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\PLUGINS\new123.sys] <N/A><N/A>
[PID: 1504][C:\Program Files\jj4\jjsvr4.exe] <加加开发组><4.0.0.20>
[C:\Program Files\Internet Explorer\PLUGINS\new123.sys] <N/A><N/A>
[C:\WINDOWS\system32\4.dll] <N/A><N/A>
[PID: 1604][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8198>
[PID: 1636][C:\windows\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 2008][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 336][D:\Program Files\Tencent\TT\TTraveler.exe] <腾讯公司><3.0.0.250>
[C:\Program Files\Internet Explorer\PLUGINS\new123.sys] <N/A><N/A>
[D:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[C:\WINDOWS\system32\4.dll] <N/A><N/A>
[D:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\windows\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 908][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1068][C:\Documents and Settings\tmwl\My Documents\工具\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\Program Files\Internet Explorer\PLUGINS\new123.sys] <N/A><N/A>
[C:\WINDOWS\system32\4.dll] <N/A><N/A>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

2120058 - 2006-5-20 18:28:00

我的网速慢,请你快点发帖子

轩辕小聪 - 2006-5-20 18:29:00

[C:\Program Files\Internet Explorer\PLUGINS\new123.sys]
[C:\WINDOWS\system32\4.dll]
这两个还没搞定吗？
用SSM禁止这两个加载，然后重启后删除这两个文件。
在注册表中搜索与这两个有关的项目，找到后删除。如果不确定该注册表项是否有问题，就把其路径发上来。
或者http://forum.ikaka.com/topic.asp?board=28&artid=6979213下载Autoruns导出日志，注意要先选Options-Hide Microsoft Entries，然后刷新之后再选Files-save。

2120058 - 2006-5-20 18:34:00

没,重启它还删不掉,我现在打算进安全模式.
http://forum.ikaka.com/topic.asp?board=28&artid=6979213下载Autoruns导出日志，
什么意思:
注意要先选Options-Hide Microsoft Entries，然后刷新之后再选Files-save。

2120058 - 2006-5-20 19:20:00

我哭了!
我哭了!
+ 4.dll c:\windows\system32\4.dll

+ MSIOFF9.MOD File not found: C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSIOFF9.MOD

+ new123.sys c:\program files\internet explorer\plugins\new123.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension d:\program files\zip\rarext.dll

+ 粉碎文件 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Class File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll

+ CnsHook Class File not found: C:\windows\downlo~1\CnsHook.dll

+ DragSearch BHO File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL

+ ThunderIEHelper Class XunLei BHO Thunder Networking Technologies,LTD c:\windows\system32\xunleibho_v14.dll

+ Yahoo!Photo File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll

+ 雅虎助手 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft d:\program files\flashget\fgiebar.dll

+ yasbar.dll File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet Amaze Soft d:\program files\flashget\flashget.exe

+ 百度首页 File not found: http://baidu.com/index.php?tn=bainiudg

+ 腾讯QQ QQ TENCENT d:\program files\tencent\qq\qq.exe

HKLM\System\CurrentControlSet\Services

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ admjoy Vortex AU8820 WDM Joystick Driver Aureal, Inc. c:\windows\system32\drivers\admjoy.sys

+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ AN983 ADMtek AN983/AN985/ADM951X NDIS5 Driver ADMtek Incorporated. c:\windows\system32\drivers\an983.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys

+ GOOD05 File not found: C:\WINDOWS\system32\vqpn6hhl.sys

+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys

+ HookReg c:\program files\rising\rav\hookreg.sys

+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys

+ ialm File not found: system32\DRIVERS\ialmnt5.sys

+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys

+ NPF npf CACE Technologies c:\windows\system32\drivers\npf.sys

+ npkcrypt File not found: C:\Program Files\Tencent\QQ\npkcrypt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ prcmondrv Process Monitor driver Igor Nys c:\windows\system32\drivers\prcmondrv1041.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ safemon System Safety Monitor 2.0 extension for Windows security layer System Safety Limited c:\windows\system32\drivers\safemon.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys

+ squell File not found: C:\windows\system32\vook.sys

+ XPROTECTOR c:\windows\system32\drivers\xprotector.sys

+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys

+ {6080A529-897E-4629-A488-ABA0C29B635E} File not found: system32\drivers\ialmsbw.sys

+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} File not found: system32\drivers\ialmkchw.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ igfxcui File not found: igfxsrvc.dll

+ System Safety Monitor System Safety Winlogon Notification System Safety Limited c:\windows\system32\ssmwinlogonex.dll

2120058 - 2006-5-20 19:33:00

谁来帮帮我????????

2120058 - 2006-5-20 20:07:00

速度啊哥哥姐姐们

轩辕小聪 - 2006-5-20 20:31:00

+ 4.dll c:\windows\system32\4.dll
+ new123.sys c:\program files\internet explorer\plugins\new123.sys
用Autoruns删除这两项
重启电脑后删除：
C:\Program Files\Internet Explorer\PLUGINS\new123.sys
C:\WINDOWS\system32\4.dll
删除前将这两个文件用WINRAR压缩打包，加密码123，发到我的邮箱yicong2005@163.com

2120058 - 2006-5-21 11:40:00

我的电脑的WINRAR过期了

2120058 - 2006-5-21 11:42:00

并且不能加密,而且网速嗷嗷慢!我崩溃了!
还有,那俩文件删了重启还有!

2120058 - 2006-5-21 12:18:00

Autoruns的报告
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RavTask File not found: ;

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ pyjj 加加输入法 4.0 作者:孙百川加加开发组 c:\program files\jj4\jjsvr4.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ MSIOFF9.MOD File not found: C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSIOFF9.MOD

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension d:\program files\zip\rarext.dll

+ 粉碎文件 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Class File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll

+ CnsHook Class File not found: C:\windows\downlo~1\CnsHook.dll

+ DragSearch BHO File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL

+ ThunderIEHelper Class XunLei BHO Thunder Networking Technologies,LTD c:\windows\system32\xunleibho_v14.dll

+ Yahoo!Photo File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll

+ 雅虎助手 File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft d:\program files\flashget\fgiebar.dll

+ yasbar.dll File not found: C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet Amaze Soft d:\program files\flashget\flashget.exe

+ 百度首页 File not found: http://baidu.com/index.php?tn=bainiudg

+ 腾讯QQ QQ TENCENT d:\program files\tencent\qq\qq.exe

HKLM\System\CurrentControlSet\Services

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ admjoy Vortex AU8820 WDM Joystick Driver Aureal, Inc. c:\windows\system32\drivers\admjoy.sys

+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ AN983 ADMtek AN983/AN985/ADM951X NDIS5 Driver ADMtek Incorporated. c:\windows\system32\drivers\an983.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys

+ GOOD05 File not found: C:\WINDOWS\system32\vqpn6hhl.sys

+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys

+ HookReg c:\program files\rising\rav\hookreg.sys

+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys

+ ialm File not found: system32\DRIVERS\ialmnt5.sys

+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys

+ NPF npf CACE Technologies c:\windows\system32\drivers\npf.sys

+ npkcrypt File not found: C:\Program Files\Tencent\QQ\npkcrypt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ prcmondrv Process Monitor driver Igor Nys c:\windows\system32\drivers\prcmondrv1041.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ safemon System Safety Monitor 2.0 extension for Windows security layer System Safety Limited c:\windows\system32\drivers\safemon.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys

+ squell File not found: C:\windows\system32\vook.sys

+ XPROTECTOR c:\windows\system32\drivers\xprotector.sys

+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys

+ {6080A529-897E-4629-A488-ABA0C29B635E} File not found: system32\drivers\ialmsbw.sys

+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} File not found: system32\drivers\ialmkchw.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ igfxcui File not found: igfxsrvc.dll

+ System Safety Monitor System Safety Winlogon Notification System Safety Limited c:\windows\system32\ssmwinlogonex.dll

2120058 - 2006-5-21 13:00:00

怎么又没人了啊!4.dll 和那个new123.dll 都被我删了!速度回帖子啊

轩辕小聪 - 2006-5-21 13:12:00

WINRAR过期就在网上找嘛，又不是没有……
那两个东西的注册表项已经没了，应该至少是运行不起来了。

2120058 - 2006-5-21 13:18:00

...............找了
麻烦你切个图片
我老弄不懂加密

我把包发给你了

我无邪 - 2006-5-21 13:19:00

重启，再扫份报告粘上来看看。
注意修复各文件的关联，以免前功尽弃。

2120058 - 2006-5-21 13:54:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pyjj><C:\Program Files\jj4\jjsvr4.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Isass.exe / Isass.exe]
<><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, N/A>
[百度首页]
{02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <http://baidu.com/index.php?tn=bainiudg, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[BdSearchHook Class]
{02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <, N/A>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\windows\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\windows\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\windows\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, N/A>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\windows\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\windows\system32\mshtml.dll, Microsoft Corporation>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, N/A>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\windows\system32\danim.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\windows\downlo~1\CnsHook.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<D:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 596][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1008][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1188][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1340][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8198>
[PID: 1376][C:\windows\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1808][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 1880][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2036][C:\WINDOWS\system32\CTFMON.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2044][C:\Program Files\jj4\jjsvr4.exe] <加加开发组><4.0.0.20>
[PID: 208][D:\Program Files\Tencent\TT\TTraveler.exe] <腾讯公司><3.0.0.250>
[D:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[D:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[D:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\windows\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 504][C:\Documents and Settings\tmwl\My Documents\工具\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[PID: 888][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

2120058 - 2006-5-21 14:00:00

Logfile of HijackThis v1.99.1
Scan saved at 13:49:49, on 2006-5-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\jj4\jjsvr4.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Documents and Settings\tmwl\My Documents\工具\SREng.exe
C:\Documents and Settings\tmwl\My Documents\工具\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\windows\downlo~1\CnsHook.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pyjj] C:\Program Files\jj4\jjsvr4.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=bainiudg (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O11 - Options group: [!ANetSpeeder] NetSpeeder
O11 - Options group: [!IESearch] 百度搜索伴侣
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143347706486
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF7CB9FB-1255-41E8-A7C9-BEAA3C88449B}: NameServer = 202.98.0.68,202.98.5.68
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

我无邪 - 2006-5-21 14:04:00

运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务Isass.exe ，选择“删除所选服务”“否”
看不出问题了
注意查查文件的关联，以免病毒又死灰复燃。
楼主有毅力，值得学习。

2120058 - 2006-5-21 14:09:00

http://vi.db.kingsoft.com/index.shtml?CODE=02&virusid=38379&action=viewgraph
麻烦才刚开始
大家看上面的网页我中的木马

HKEY_CLASSES_ROOT\CLSID\{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}\InProcServer32
@
"C:\Program Files\Internet Explorer\PLUGINS\new123.sys"

数值是多少??我改一下就差不多了

我无邪 - 2006-5-21 14:15:00

你是说"C:\Program Files\Internet Explorer\PLUGINS\new123.sys"又出来了？
你是怎么种这个木马的？
是打开网址后种的吗？有链接的话，请通过悄悄话发给我。

轩辕小聪 - 2006-5-21 14:23:00

楼主只是查到了这个木马的资料。
这个网页倒是说得挺详细的，我之前搜索过的网页对注册表修改都说得挺模糊的。

2120058 - 2006-5-21 14:43:00

这还不是靠Autoruns的帮忙!

2120058 - 2006-5-21 15:06:00

AutoRuns的报告
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ pyjj 加加输入法 4.0 作者:孙百川加加开发组 c:\program files\jj4\jjsvr4.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.14 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CnsHook Class File not found: C:\windows\downlo~1\CnsHook.dll

+ ThunderIEHelper Class XunLei BHO Thunder Networking Technologies,LTD c:\windows\system32\xunleibho_v14.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft d:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet Amaze Soft d:\program files\flashget\flashget.exe

+ 百度首页 File not found: http://baidu.com/index.php?tn=bainiudg

+ 腾讯QQ QQ TENCENT d:\program files\tencent\qq\qq.exe

HKLM\System\CurrentControlSet\Services

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ admjoy Vortex AU8820 WDM Joystick Driver Aureal, Inc. c:\windows\system32\drivers\admjoy.sys

+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ AN983 ADMtek AN983/AN985/ADM951X NDIS5 Driver ADMtek Incorporated. c:\windows\system32\drivers\an983.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys

+ GOOD05 File not found: C:\WINDOWS\system32\vqpn6hhl.sys

+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys

+ HookReg c:\program files\rising\rav\hookreg.sys

+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys

+ ialm File not found: system32\DRIVERS\ialmnt5.sys

+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys

+ NPF npf CACE Technologies c:\windows\system32\drivers\npf.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.98 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ prcmondrv Process Monitor driver Igor Nys c:\windows\system32\drivers\prcmondrv1041.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ safemon System Safety Monitor 2.0 extension for Windows security layer System Safety Limited c:\windows\system32\drivers\safemon.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys

+ squell File not found: C:\windows\system32\vook.sys

+ XPROTECTOR c:\windows\system32\drivers\xprotector.sys

+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys

+ {6080A529-897E-4629-A488-ABA0C29B635E} File not found: system32\drivers\ialmsbw.sys

+ {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} File not found: system32\drivers\ialmkchw.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ igfxcui File not found: igfxsrvc.dll

+ System Safety Monitor System Safety Winlogon Notification System Safety Limited c:\windows\system32\ssmwinlogonex.dll

瑞星卡卡安全论坛