麻烦各路大虾帮一下小弟【原创】 bbs.ikaka.com

李峥 - 2007-5-8 9:55:00

事情的经过是这样的，我的电脑最近用卡卡助手查到两个流氓软件,在安全模式下查不到，在正常模式下,每次都提示重新启动删除，但每次都删除不掉,可恨的是我的机器重新安装了操作系统后问题还是依旧.F盘里的安装文件也打不开了.恳请各位大虾百忙中抽空帮个忙,小弟在此谢了!

李峥 - 2007-5-8 11:28:00

怎么光有人看没人帮忙呢?我在等啊

女校男生 - 2007-5-8 11:57:00

请下载SREng2 ，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，
下载地址
http://www.kztechs.com/sreng/sreng2.zip

李峥 - 2007-5-8 12:54:00

女校男生,我经常看见你在论坛上.老面孔了,谢谢你帮我，我的好多安装程序坏了，连解压缩也不行,你等下,我去下载一个.很快传上来了!

李峥 - 2007-5-8 13:01:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<w25uxkzlw21j9z><C:\DOCUME~1\qz0515\LOCALS~1\Temp\iexpl0re.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<iPPro><C:\WINDOWS\iPPro.exe> []
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<upxdnd><C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
<GrpConv><grpconv.exe -o> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<colorful><; > [N/A]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> [NVIDIA Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]

李峥 - 2007-5-8 13:02:00

启动文件夹
N/A

==================================
服务
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<D:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ\SendMMS.htm, N/A>

李峥 - 2007-5-8 13:02:00

正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 584][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 912][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1252][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[C:\WINDOWS\System32\iPPro.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.5664]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5664]
[C:\WINDOWS\System32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5664]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\WINDOWS\System32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\System32\nwizAsktao.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 1348][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1432][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1800][C:\WINDOWS\main32.exe] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[PID: 1916][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2000][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 220][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.5664]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1868][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1844][C:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3476][D:\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\QQ\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[D:\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[D:\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\WINDOWS\System32\iPPro.dll] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[D:\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\QQ\WizardCtrl.dll] [, 1, 0, 0, 1]
[D:\QQ\QQMainFrame.dll] [N/A, ]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\QQ\CQQApplication.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[D:\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[D:\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[D:\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[D:\QQ\QQAllInOne.dll] [N/A, ]
[D:\QQ\GroupLive.dll] [N/A, ]
[D:\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[D:\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[D:\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[D:\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\QQ\QQSysMsgMng.dll] [N/A, ]
[D:\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\QQ\QQPlugin.dll] [N/A, ]
[D:\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\QQ\QRingMng.dll] [N/A, ]
[D:\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\QQ\QQAvatar.dll] [N/A, ]
[D:\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\QQ\QQPet.dll] [, 1, 0, 0, 1]
[D:\QQ\BQQApplication.dll] [N/A, ]
[D:\QQ\QQCustomFace.dll] [N/A, ]
[C:\WINDOWS\System32\msadp32.acm] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[D:\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[D:\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[D:\QQ\QQSceneMng.dll] [N/A, ]
[D:\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
[PID: 1500][C:\WINDOWS\system32\ntsd.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1648][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2052][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2116][D:\QQ\TIMPlatfrom.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 4032][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\WINDOWS\System32\iPPro.dll] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1848][C:\Documents and Settings\qz0515\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\WINDOWS\System32\iPPro.dll] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

李峥 - 2007-5-8 13:03:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net

李峥 - 2007-5-8 13:04:00

小弟谢你了，女校男生.等

xp123 - 2007-5-8 13:29:00

你先等一下

xp123 - 2007-5-8 13:29:00

不要跑哦

xp123 - 2007-5-8 13:29:00

不要跑哦

姑苏残月 - 2007-5-8 13:33:00

删除启动项：
文件关联
w25uxkzlw21j9z><C:\DOCUME~1\qz0515\LOCALS~1\Temp\iexpl0re.exe> []
<iPPro><C:\WINDOWS\iPPro.exe> []
<upxdnd><C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.exe> []
删除服务：
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
（以上操作请使用SRENG软件来实现）
删除文件：
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
[C:\WINDOWS\System32\iPPro.dll] [N/A, ]
[C:\DOCUME~1\qz0515\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\WINDOWS\System32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\System32\nwizAsktao.dll] [N/A, ]
[PID: 1800][C:\WINDOWS\main32.exe] [N/A, ]
[C:\WINDOWS\System32\main32.dll] [N/A, ]
（以上文件删除。若无法删除，请使用WINRAR或者是冰刃删除文件）
删除HOSTS 文件
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net
做完以上操作，请清理系统临时文件并重新启动计算机（其实该先清理临时文件的，使用优化大师之类清理系统垃圾就行）。
然后重新扫描SRNEG日志发上来看

xp123 - 2007-5-8 13:44:00

按楼上的做,晚上俺们再来看你!!嘿嘿

女校男生 - 2007-5-8 15:06:00

关于 [局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE 补充
应该会有另外2个文件
C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSVEXT.EXE
C:\WINDOWS\svchost.exe 如果有一起删除掉 (在安全模式下删除)

李峥 - 2007-5-8 15:45:00

谢谢各位的帮忙,xp123你是灌水的吧?哈哈,我不走!

李峥 - 2007-5-8 16:09:00

我刚才到论坛上看了一下，发现我中了瑞金变种,用了专杀工具杀了，还有流氓软件也被清除了.暂时没发现什么异常,谢谢大家的帮忙.隆重感谢!

xp123 - 2007-5-8 16:14:00

是吗?按残月说的,再扫个日志上来,你的日志上有点怪,希望你再扫面上来的日志不再怪了......

李峥 - 2007-5-9 9:51:00

xp123,不好意思啊,我还以为你是灌水的呢,刚看了秋日里的蓝天的帖子,才知道你也是论坛里的常情树,秋日里的蓝天好久看不见他拉，他到哪里去了呢?

李峥 - 2007-5-9 9:52:00

我的日志怪什么啊?还要扫描吗?女校男生叫我打包给他两个文件，不知道是干什么用的!

xp123 - 2007-5-9 12:48:00

是的,重新扫描个日志上来,发叫你发就发给他咯,人家喜欢病毒啊

瑞星卡卡安全论坛