不知道枫笑九州,奇迹在不在? bbs.ikaka.com

想哭都来不及 - 2007-4-19 9:26:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<edj><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<js1veb2w><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<xckw6mqt7x><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<3qm0s><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<b5y2klsw1><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<sbi0><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<srd1btcl><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<SKYNET Personal FireWall><E:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [广州众达天网技术有限公司]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<High Definition Audio Property Page Shortcut><; HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<nwiz><; nwiz.exe /install> []
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
<SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe> [Analog Devices, Inc.]
<stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [N/A]
<Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<yassistse><; c:\progra~1\yahoo!\assistant\yassistse.exe> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

想哭都来不及 - 2007-4-19 9:27:00

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[AEAudio Service / AEAudioService][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Enhanced Display Driver Helper Service / asuskbnt][Running/System Start]
<system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[ATSpy / ATSpy][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[bogyrgx / bogyrgx][Stopped/Boot Start]
<\SystemRoot\system32\drivers\bogyrgx.sys><>
[EIO / EIO][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mjngqb / mjngqb][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\mjngqb.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[SKNFW / SKNFW][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
<\??\E:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[vwquvwlv / vwquvwlv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vwquvwlv.sys><Yahoo! China Corporation>

想哭都来不及 - 2007-4-19 9:27:00

==================================
浏览器加载项
[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[]
{FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
{33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[金山毒霸在线杀毒]
{577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, 金山软件股份有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[金山毒霸在线产品升级]
{E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[]
{FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1496][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 524][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9131]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9131]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1244][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1544][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2376][E:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[E:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2412][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[PID: 3816][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2324][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1016][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[PID: 1156][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2012][E:\Program Files\Sreng\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]

想哭都来不及 - 2007-4-19 9:28:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

姑苏残月 - 2007-4-19 9:33:00

幸好看MM漂亮我没走.
你很厉害,两大流行病毒都出现了,呼呼
删除下面这些吧.
<edj><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<js1veb2w><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<xckw6mqt7x><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<3qm0s><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<b5y2klsw1><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<sbi0><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<srd1btcl><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
<stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [N/A]
<yassistse><; c:\progra~1\yahoo!\assistant\yassistse.exe> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> [N/A]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
<\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
<\SystemRoot\system32\drivers\bogyrgx.sys><>
<\SystemRoot\\SystemRoot\System32\drivers\mjngqb.sys><N/A>
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
<\??\E:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]

想哭都来不及 - 2007-4-19 9:37:00

不懂,不会删啊~~GG ~步骤说清楚点好不好?

枫笑九洲 - 2007-4-19 9:43:00

下载ICESWORD：http://www.onlinedown.net/soft/4523.htm
下载Winsockfix：http://www.onlinedown.net/soft/35272.htm

如下项目：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<edj><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<js1veb2w><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<xckw6mqt7x><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<3qm0s><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<b5y2klsw1><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<sbi0><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<srd1btcl><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> [N/A]

在sreng的启动项目里可以删

==========================================================================================
在SERng中点启动项目 --> 服务 --> 驱动程序或者服务进入后（勾选隐藏已认证的微软项目），用

鼠标左键在对应要修复的项上单击然后点“设置” 按钮即可（注意到最后弹出的窗口中要点 “NO 否”

才是确认删除驱动。）
删除如下项目：
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
[bogyrgx / bogyrgx][Stopped/Boot Start]
<\SystemRoot\system32\drivers\bogyrgx.sys><>
[mjngqb / mjngqb][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\mjngqb.sys><N/A>

==========================================================================================
用冰刃强制删除以下文件:
C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe
C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe
C:\WINDOWS\shualai.exe 这个病毒在置顶贴里有解决方法
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\system32\gdipri.dll
C:\WINDOWS\system32\nospri.dll
C:\Program Files\Common Files\System\wab32res.exe
C:\WINDOWS\system32\drivers\bogyrgx.sys
C:\WINDOWS\System32\drivers\mjngqb.sys
C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo1.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy0.dll
C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll
==========================================================================================
在注册表里搜索wab32res,bogyrgx,mjngqb找到的所有项删,删不掉的用冰刃
==========================================================================================

清空临时文件夹里面的所有东西，包括
C:\Documents and Settings\<用户名>\Local Settings\Temp
C:\WINDOWS\TEMP
Internet临时文件夹（控制面板--〉“Internet选项”---〉“删除文件”---〉勾选“包括临时文件夹”

--〉确定）
==========================================================================================
如果发现无法上网请用刚才下载的WINSOCKFIX修复

PS:用sreng修复host文件

瑞星卡卡安全论坛