电脑中毒求助！ bbs.ikaka.com

翼虎飞扬 - 2007-4-27 15:31:00

日志报告如下：
[CODE]

2007-04-27,15:13:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [Rising]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ssflwbox.scr> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<RavScanBD><; "C:\Program Files\Rising\Rav\ScanBD.exe" /INST> [Beijing Rising Technology Co., Ltd.]

==================================

翼虎飞扬 - 2007-4-27 15:35:00

启动文件夹
N/A

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
<C:\WINNT\SYSTEM32\DWRCS.EXE -service><DameWare Development LLC>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[RavService / RavService][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[gbjdfceg / gbjdfceg][Stopped/System Start]
<\??\C:\WINNT\system32\drivers\gbjdfceg.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[oqhv / oqhvj][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\oqhvj.sys><N/A>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[PNP15397 / PNP15397][Stopped/Disabled]
<system32\Drivers\pnp15191.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[SAFE01535 / SAFE01535][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp01329.sys><N/A>
[SAFE02250 / SAFE02250][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp02145.sys><N/A>
[SAFE04515 / SAFE04515][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp04462.sys><N/A>
[SAFE05995 / SAFE05995][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp05893.sys><N/A>
[SAFE06147 / SAFE06147][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06046.sys><N/A>
[SAFE06863 / SAFE06863][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06810.sys><N/A>
[SAFE07320 / SAFE07320][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07219.sys><N/A>
[SAFE07829 / SAFE07829][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07679.sys><N/A>
[SAFE08343 / SAFE08343][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp08137.sys><N/A>
[SAFE09208 / SAFE09208][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp09107.sys><N/A>
[SAFE12840 / SAFE12840][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp11667.sys><N/A>
[SAFE14015 / SAFE14015][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp13914.sys><N/A>
[SAFE20341 / SAFE20341][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp20188.sys><N/A>
[SAFE21158 / SAFE21158][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp21109.sys><N/A>
[SAFE23832 / SAFE23832][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp23679.sys><N/A>
[SAFE25057 / SAFE25057][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp24955.sys><N/A>
[SAFE25821 / SAFE25821][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp25720.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================

翼虎飞扬 - 2007-4-27 15:38:00

==================================
浏览器加载项
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>

==================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1300][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\rgnhs.dll] [N/A, ]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[PID: 1152][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[PID: 1240][C:\WINNT\SYSTEM32\DWRCST.exe] [DameWare Development, 4, 5, 0, 0]
[PID: 616][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1208][C:\Program Files\Rising\Rav\RavTray.exe] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RavUILib.dll] [, 18, 0, 0, 1]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Rising\Rav\RavTray936.dll] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
[PID: 1488][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1004][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1496][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[PID: 1524][C:\Program Files\Outlook Express\msimn.exe] [Microsoft Corporation, 6.00.2800.1807]
[C:\Program Files\MSN Messenger\msgsc.dll] [Microsoft Corporation, 7.0.0816]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1700][C:\Documents and Settings\renhw\桌面\新建文件夹\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [C:\WINNT\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

桃子CiCi - 2007-4-27 15:39:00

我晕
一个月没有看日志
发现你的这日志里面好多看不懂的

完了...我
给你顶一下,看看高手的分析吧

翼虎飞扬 - 2007-4-27 15:40:00

发送完毕，请过目审核！多谢

天月来了 - 2007-4-27 15:41:00

呵呵！！！！

桃子？？？？

天月来了 - 2007-4-27 15:43:00

驱动里这个随机的最绝：
[gbjdfceg / gbjdfceg][Stopped/System Start]
<\??\C:\WINNT\system32\drivers\gbjdfceg.sys><N/A>

桃子CiCi - 2007-4-27 15:50:00

天月给别人写个操作流程吧
我看不懂了
老了没有办法了

翼虎飞扬 - 2007-4-27 15:56:00

您比我强，我可是一点都看不懂

天月来了 - 2007-4-27 16:00:00

死桃子！瞎谦虚。

桃子CiCi - 2007-4-27 16:03:00

进程：[PID: 1300][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\rgnhs.dll] [N/A, ]
[PID: 1240][C:\WINNT\SYSTEM32\DWRCST.exe] [DameWare Development, 4, 5, 0, 0]
服务：
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
<C:\WINNT\SYSTEM32\DWRCS.EXE -service><DameWare Development LLC>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>

驱动：
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[gbjdfceg / gbjdfceg][Stopped/System Start]
<\??\C:\WINNT\system32\drivers\gbjdfceg.sys><N/A>
[oqhv / oqhvj][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\oqhvj.sys><N/A>
[SAFE01535 / SAFE01535][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp01329.sys><N/A>
[SAFE02250 / SAFE02250][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp02145.sys><N/A>
[SAFE04515 / SAFE04515][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp04462.sys><N/A>
[SAFE05995 / SAFE05995][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp05893.sys><N/A>
[SAFE06147 / SAFE06147][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06046.sys><N/A>
[SAFE06863 / SAFE06863][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06810.sys><N/A>
[SAFE07320 / SAFE07320][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07219.sys><N/A>
[SAFE07829 / SAFE07829][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07679.sys><N/A>
[SAFE08343 / SAFE08343][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp08137.sys><N/A>
[SAFE09208 / SAFE09208][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp09107.sys><N/A>
[SAFE12840 / SAFE12840][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp11667.sys><N/A>
[SAFE14015 / SAFE14015][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp13914.sys><N/A>
[SAFE20341 / SAFE20341][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp20188.sys><N/A>
[SAFE21158 / SAFE21158][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp21109.sys><N/A>
[SAFE23832 / SAFE23832][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp23679.sys><N/A>
[SAFE25057 / SAFE25057][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp24955.sys><N/A>
[SAFE25821 / SAFE25821][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp25720.sys><N/A>
修复文件关联：.CHM Error. ["hh.exe" %1]

天月来了 - 2007-4-27 16:11:00

建议楼主处理前先备份注册表，和对应的所有文件。

翼虎飞扬 - 2007-4-27 16:12:00

楼上的，您贴这个是什么意思啊，对我的问题有没有好处？

翼虎飞扬 - 2007-4-27 16:13:00

应该怎么样处理？

翼虎飞扬 - 2007-4-27 16:17:00

发贴太慢了，有能解决大侠，或可MSN联系指导：AGTGH@HOTMAIL.COM多谢

桃子CiCi - 2007-4-27 16:18:00

倒....
不会用MSN...晕了

翼虎飞扬 - 2007-4-27 16:23:00

您可千万别倒，你倒了，我们这些菜菜子还指望您搭救呢

翼虎飞扬 - 2007-4-27 17:56:00

各位大侠，你们在哪儿呢？拜求解决方法

翼虎飞扬 - 2007-4-27 20:15:00

顶啊,盼着哪位大侠看着解决一下

翼虎飞扬 - 2007-4-27 20:16:00

顶啊,盼着哪位大侠看着解决一下

翼虎飞扬 - 2007-4-28 15:12:00

顶啊,盼着哪位大侠看着解决一下

sanpiy - 2007-4-28 15:50:00

ding

翼虎飞扬 - 2007-4-29 16:06:00

真没人解决？！

翼虎飞扬 - 2007-4-29 16:06:00

世态炎凉啊！

姑苏残月 - 2007-4-29 16:31:00

重新扫日志发上来.好了后叫我

翼虎飞扬 - 2007-4-30 17:35:00

[CODE]

2007-04-30,17:19:52

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [Rising]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<RavScanBD><; "C:\Program Files\Rising\Rav\ScanBD.exe" /INST> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ssflwbox.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
<C:\WINNT\SYSTEM32\DWRCS.EXE -service><DameWare Development LLC>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[RavService / RavService][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[gbjdfceg / gbjdfceg][Stopped/System Start]
<\??\C:\WINNT\system32\drivers\gbjdfceg.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[oqhv / oqhvj][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\oqhvj.sys><N/A>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[PNP15397 / PNP15397][Stopped/Disabled]
<system32\Drivers\pnp15191.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[SAFE01535 / SAFE01535][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp01329.sys><N/A>
[SAFE02250 / SAFE02250][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp02145.sys><N/A>
[SAFE04515 / SAFE04515][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp04462.sys><N/A>
[SAFE05995 / SAFE05995][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp05893.sys><N/A>
[SAFE06147 / SAFE06147][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06046.sys><N/A>
[SAFE06863 / SAFE06863][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp06810.sys><N/A>
[SAFE07320 / SAFE07320][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07219.sys><N/A>
[SAFE07829 / SAFE07829][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp07679.sys><N/A>
[SAFE08343 / SAFE08343][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp08137.sys><N/A>
[SAFE09208 / SAFE09208][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp09107.sys><N/A>
[SAFE12840 / SAFE12840][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp11667.sys><N/A>
[SAFE14015 / SAFE14015][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp13914.sys><N/A>
[SAFE20341 / SAFE20341][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp20188.sys><N/A>
[SAFE21158 / SAFE21158][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp21109.sys><N/A>
[SAFE23832 / SAFE23832][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp23679.sys><N/A>
[SAFE25057 / SAFE25057][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp24955.sys><N/A>
[SAFE25821 / SAFE25821][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\pnp25720.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

翼虎飞扬 - 2007-4-30 17:35:00

正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1248][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\wmvcore.dll] [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
[C:\WINNT\system32\wmidx.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1300][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[PID: 1424][C:\Program Files\Rising\Rav\RavTray.exe] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RavUILib.dll] [, 18, 0, 0, 1]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Rising\Rav\RavTray936.dll] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
[PID: 1460][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1480][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 7.0.0816]
[C:\Program Files\MSN Messenger\MSGSLANG.DLL] [Microsoft Corporation, 7.0.0816]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[PID: 1584][C:\WINNT\SYSTEM32\DWRCST.exe] [DameWare Development, 4, 5, 0, 0]
[PID: 1660][C:\Program Files\Outlook Express\MSIMN.EXE] [Microsoft Corporation, 6.00.2800.1807]
[C:\Program Files\MSN Messenger\msgsc.dll] [Microsoft Corporation, 7.0.0816]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[PID: 1448][C:\Program Files\Microsoft Office\Office\EXCEL.EXE] [Microsoft Corporation, 9.0.2823]
[C:\Program Files\Microsoft Office\Office\MSO9.DLL] [Microsoft Corporation, 9.0.2812]
[C:\PROGRA~1\MICROS~2\Office\Addins\SYMINPUT.DLL] [Microsoft Corporation, 1.00]
[C:\WINNT\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINNT\system32\VB6CHS.DLL] [Microsoft Corporation, 6.00.8988]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\Rav\RsPlugIn.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNMUI6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\CNMDR6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\FM20.DLL] [Microsoft Corporation, 2.01]
[C:\WINNT\system32\fm20CHS.DLL] [Microsoft Corporation, 2.01]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.03.9108]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\WINNT\system32\MAPI32.DLL] [Microsoft Corporation, 1.0.2536.0]
[PID: 1732][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\AcroIEHelper.dll] [N/A, ]
[C:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[C:\WINNT\system32\wmnetmgr.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 2100][C:\Documents and Settings\renhw\桌面\电脑问题资料\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛