新手问题。。。帮个忙～报告补上了大大们帮看下谢谢：） bbs.ikaka.com

倒霉V孩子 - 2007-5-8 11:33:00

Run_TempA.exe
不知道种什么毒了下载文件或运行EXE文件就自动生成Run_TempA.exe这个，然后系统就瘫痪咯～

杀毒软件查不出来重做系统也不行
问下各位高手我中的什么病毒怎么处理是不是不光C盘倍感染了谢谢～
另外还中了什么SHUALAI.EXE 和最近总有人提的Trojan.PSW.RocOnline和其他好几种病毒
开机后瑞星就一直在杀可是在开机还是有郁闷死了各位大大们帮个忙吧～～～
报告发在后面了谢谢各位大大给看下小弟实在是不懂

fzslffgood66 - 2007-5-8 11:37:00

这是"艾妮"的新变种好像还没有专杀
下载使用SREng(下载地址http://www.kztechs.com/sreng/download.html
)中的"智能扫描"功能,把保存的log贴上来
1 解压缩sreng2.zip
2 运行SREng2.exe
3 智能扫描=》扫描=》保存报告
4 把日志SREngLOG.log中的报告完整复制粘贴上来，不要修改
友情提示：
a.扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。
b.但请不要用附件形式贴,注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。
c.如果SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com
(SREng.scr\SREng.bat\SREng.pif)或者zhd.exe

火影忍者 - 2007-5-8 11:39:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
日志一次发不完，请分次发上来

倒霉V孩子 - 2007-5-8 11:42:00

[CODE]

2007-05-08,11:27:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<7mc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SoundMan><SOUNDMAN.EXE> [Avance Logic, Inc.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<shualai><C:\WINDOWS\shualai.exe /i> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<wcmdmgr><C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch> [WildTangent, Inc.]
<main32><C:\WINDOWS\main32.exe /i> []
<iPPro><C:\WINDOWS\iPPro.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
<{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]

==================================
启动文件夹

倒霉V孩子 - 2007-5-8 11:43:00

服务
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWL.EXE><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <G:\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <G:\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用BitComet下载]
<res://G:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://G:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://G:\BitComet\BitComet.exe/AddVideo.htm, N/A>

倒霉V孩子 - 2007-5-8 11:45:00

正在运行的进程
[PID: 292][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 352][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 392][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 436][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 448][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 744][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\WINDOWS\system32\pdkpri.dll] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9131]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\system32\nwizAsktao.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[PID: 1652][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0.07]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]

倒霉V孩子 - 2007-5-8 11:45:00

[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1808][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 1860][C:\WINDOWS\shualai.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]
[PID: 1952][C:\WINDOWS\wt\updater\wcmdmgr.exe] [WildTangent, Inc., 1.6.0.37]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 1964][C:\WINDOWS\main32.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[PID: 2032][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 2676][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.0.0.6077]
[C:\WINDOWS\system32\pdkpri.dll] [N/A, ]
[PID: 3576][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3696][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3824][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3272][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3360][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3336][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 3404][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3508][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3524][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3644][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3952][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]

倒霉V孩子 - 2007-5-8 11:49:00

[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 3972][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 4036][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1992][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 260][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 772][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 1944][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3704][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 1888][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2548][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 2164][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]

倒霉V孩子 - 2007-5-8 11:50:00

[PID: 3876][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 3848][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3792][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 4064][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 940][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, ]
[PID: 428][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, ]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 164][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2296][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 2328][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3028][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1164][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2544][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[PID: 2660][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 256][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

倒霉V孩子 - 2007-5-8 11:50:00

[PID: 256][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2776][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2608][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[G:\BitComet\tools\BitCometBHO_1.1.3.28.dll] [BitComet, 20070328]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2880][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2508][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.422\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\soundmid3.dll] [N/A, ]

倒霉V孩子 - 2007-5-8 11:50:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\soundmid3.dll(, N/A)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\soundmid3.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

倒霉V孩子 - 2007-5-8 12:01:00

帮帮给看下好吗？
整个硬盘格式化能有用吗？

火影忍者 - 2007-5-8 12:08:00

打开SREng-在"启动项目->注册表->删以下启动项目
<7mc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<shualai><C:\WINDOWS\shualai.exe /i> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<wcmdmgr><C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch> [WildTangent, Inc.]
<main32><C:\WINDOWS\main32.exe /i> []
<iPPro><C:\WINDOWS\iPPro.exe> []
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
<{42A612A4-4334-4424-4234-42261A31A236}><C:\WINDOWS\system32\pdkpri.dll> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>

打开SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWL.EXE><N/A>

打开SREng--系统修复--浏览器加载项--删除以下项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <G:\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[番茄花园]

用xdelbox(http://www.i170.com/Attach/51FD704F-C0BD-41E7-B0E9-60673A888FD6 下载)删除以下文件:
使用说明：删除时复制所有要删除文件的路径，选中抑制再生，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。
C:\WINDOWS\system32\soundmid3.dll
C:\Program Files\Internet Explorer\IEXPLORE.win
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWL.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
C:\WINDOWS\system32\pdkpri.dll
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat
C:\WINDOWS\system32\shualai.dll
C:\WINDOWS\system32\iPPro.dll
C:\WINDOWS\system32\main32.dll
C:\WINDOWS\system32\nvshell.dll
C:\WINDOWS\system32\soundmid3.dll
C:\WINDOWS\system32\nwizhx2.dll
C:\WINDOWS\TEMP\upxdnd.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\tlbb100.dll
C:\WINDOWS\system32\nwizAsktao.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll
C:\WINDOWS\shualai.exe
C:\WINDOWS\main32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\shualai.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\wt\updater\wcmdmgrl.exe
C:\WINDOWS\main32.exe
C:\WINDOWS\iPPro.exe

SRE--系统修复--hosts文件--重置

下载arswp(Windows清理助手)和恶意软件清理助手清理一下
http://www.arswp.com/download/arswp/arswp.rar
http://dl.pconline.com.cn/html_2/1/59/id=10897&pn=0&linkPage=1.html

到我的网盘（szzl.ys168.com)下载番茄花园专杀

清空下临时文件夹

倒霉V孩子 - 2007-5-8 12:11:00

收到偶慢慢研究下比较笨了～
谢谢火影大大
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fzslffgood66 - 2007-5-8 12:23:00

服务
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE>

桃子CiCi - 2007-5-8 12:28:00

[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE>

这个才是病毒主体

瑞星卡卡安全论坛