瑞星卡卡安全论坛

中病毒后清楚掉留下了一些后遗症，先是时间被修改到2005年，正常模式下无法修改过来，只能从安全模式下修改，重启后又是2005年，用System Repair Engineer 2.4找到个比较特别的服务（没能记下来），禁止掉，然后又删除掉依赖的文件后正常了。

但接下来浏览器就被劫持了，Hosts文件无法修改，而且也删除不掉。


附件: 137427200765153220.jpg

HOSTS文件里面显示的内容如下：


202.109.114.142  survey88.allyes.com
202.109.114.142  adtaobao.allyes.com
202.109.114.142  code.qihoo.com
202.109.114.142  union.mop.com
202.109.114.142  js.kkunion.com
202.109.114.142  v.kkunion.com
202.109.114.142  v.21cn.com
202.109.114.142  iplusms.allyes.com
202.109.114.142  mms.t2t2.com
202.109.114.142  ivr.dobig.net
202.109.114.142  www.u8u.com
202.109.114.142  u.u8u.com
202.109.114.142  img.zhangxiu.com
202.109.114.142  tl.linktone.com
202.109.114.142  channel.e78.com
202.109.114.142  u.7town.com
202.109.114.142  union.95ol.com.cn
202.109.114.142  mms1.95ol.com.cn
202.109.114.142  mfs.95ol.com.cn
202.109.114.142  tl.a8.com
202.109.114.142  ad01.a8.com
202.109.114.142  u2.caiku.com
202.109.114.142  mms.caiku.com
202.109.114.142  code1.caiku.com
202.109.114.142  pub.lele.com
202.109.114.142  u.lele.com
202.109.114.142  7town.com
202.109.114.142  tvsend.7town.com
202.109.114.142  ivrsend.7town.com
202.109.114.142  tlt.7town.com
202.109.114.142  gsend.7town.com
202.109.114.142  smssend.7town.com
202.109.114.142  mmssend.moyu.com
202.109.114.142  91ivr.com
202.109.114.142  myad.91ivr.com
202.109.114.142  u.91ivr.com
202.109.114.142  union.91ivr.com
202.109.114.142  cm.p4p.cn.yahoo.com
202.109.114.142  un.265.com
202.109.114.142  union.qq.com
202.109.114.142  view.aliunion.cn.yahoo.com
202.109.114.142  union.narrowad.com
202.109.114.142  ln.heima8.com
202.109.114.142  www.fboat.cn
202.109.114.142  cpro.baidu.com
202.109.114.142  unstat.baidu.com
202.109.114.142  y.cnxad.com
202.109.114.142  www.ewowo.com
202.109.114.142  template.union.163.com
202.109.114.142  new.is686.com
202.109.114.142  creative.unionsys.bolaa.com
202.109.114.142  www.qyule.com
202.109.114.142  99e.cc
202.109.114.142  www.91ivr.com
202.109.114.142  mg.ukaka.com
202.109.114.142  kooxoo2.ad4all.net
202.109.114.142  www.8fff.com
202.109.114.142  union.pomoho.com
202.109.114.142  202.107.233.211
202.109.114.142  www.end123.com
202.109.114.142  w1.7clink.com
202.109.114.142  w2.7clink.com
202.109.114.142  union01.com
202.109.114.142  click.8le8le.com
202.109.114.142  stbanner.allyes.com
202.109.114.142  mms1.moyu.com
202.109.114.142  u.moyu.com
202.109.114.142  mmsu.moyu.com
202.109.114.142  show.moyu.com
202.109.114.142  ivrsend.moyu.com
202.109.114.142  ivru.moyu.com
202.109.114.142  ivr1.moyu.com
203.191.146.205  corep.dmcast.com
203.191.146.205  m081.dmcast.com
203.191.146.205  dcww.dmcast.com
203.191.146.205  renren.dmcast.com
203.191.146.205  files.henbang.net
203.191.146.205  bannerbox.cn
203.191.146.205  www.bannerbox.cn
203.191.146.205  action.coopen.cn
203.191.146.205  u4.sky99.cn
203.191.146.205  u1.sky99.cn
203.191.146.205  u2.sky99.cn
203.191.146.205  u3.sky99.cn
203.191.146.205  sky99.cn
203.191.146.205  u.sky99.cn
203.191.146.205  u.ete.cn
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  www.365tan.com
203.191.146.205  www.winopen.cn
203.191.146.205  www.tanip.com
203.191.146.205  alexaanywhere.com
203.191.146.205  jssb.alexaanywhere.com
203.191.146.205  ns250.alexaanywhere.com
203.191.146.205  sb.alexaanywhere.com
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  pop.9v.cn
203.191.146.205  xuni.myad.cn
203.191.146.205  iebar.t2t2.com
203.191.146.205  error.newcell.cn
203.191.146.205  auto.search.msn.com
203.191.146.205  cns.3721.com
203.191.146.205  seek.3721.com
203.191.146.205  name.cnnic.cn
203.191.146.205  toolsbar.kuaiso.com
203.191.146.205  www.kuaiso.com
203.191.146.205  kuaiso.com
203.191.146.205  www.copyso.com
203.191.146.205  union.copyso.com
203.191.146.205  auto.search.msn.com
203.191.146.205  ok.mop-hz.com
203.191.146.205  www.ncast.cn
203.191.146.205  www.ads3721.com
203.191.146.205  360.ads3721.com
203.191.146.205  www.maohehe.com
203.191.146.205  www.5566.net
203.191.146.205  5566.net
203.191.146.205  www.gjj.cc
203.191.146.205  gjj.cc
203.191.146.205  www.9495.com
203.191.146.205  9495.com
203.191.146.205  my123.com
203.191.146.205  www.my123.com
203.191.146.205  7b.com.cn
203.191.146.205  www.7b.com.cn
203.191.146.205  www.3567.com
203.191.146.205  3567.com
203.191.146.205  www.37021.com
203.191.146.205  37021.com
203.191.146.205  k369.com
203.191.146.205  www.k369.com
203.191.146.205  www.haourl.com
203.191.146.205  haourl.com
203.191.146.205  www.37021.net
203.191.146.205  37021.net
203.191.146.205  www.4199.com
203.191.146.205  4199.com
203.191.146.205  www.9505.com
203.191.146.205  9505.com
203.191.146.205  7939.com
203.191.146.205  www.7939.com
203.191.146.205  www.3448.com
203.191.146.205  3448.com
203.191.146.205  8925.com
203.191.146.205  www.8925.com
203.191.146.205  www.ttmp3.com
203.191.146.205  ttmp3.com
203.191.146.205  www.3tg.cn
203.191.146.205  3tg.cn
203.191.146.205  www.ttjj.com
203.191.146.205  ttjj.com
203.191.146.205  www.59178.com
203.191.146.205  59178.com
203.191.146.205  www.987654.com
203.191.146.205  987654.com
203.191.146.205  www.zhao123.com
203.191.146.205  zhao123.com
203.191.146.205  123wa.com
203.191.146.205  www.123wa.com
203.191.146.205  www.159.com
203.191.146.205  soft.159.com
203.191.146.205  www.v111.com
203.191.146.205  v111.com
203.191.146.205  www.855.com
203.191.146.205  855.com
203.191.146.205  www.wu123.com
203.191.146.205  wu123.com
203.191.146.205  www.haodx.com
203.191.146.205  haodx.com
203.191.146.205  19ku.com
203.191.146.205  www.19ku.com
203.191.146.205  www.t2t2.com
203.191.146.205  t2t2.com
203.191.146.205  www.ku8.com
203.191.146.205  ku8.com
203.191.146.205  www.v23.com
203.191.146.205  v23.com
203.191.146.205  www.51115.com
203.191.146.205  www.52.com
203.191.146.205  52.com
203.191.146.205  www.qu123.com
203.191.146.205  qu123.com
203.191.146.205  www.haokan123.com
203.191.146.205  haokan123.com
203.191.146.205  www.kan123.com
203.191.146.205  kan123.com
203.191.146.205  hang123.com
203.191.146.205  www.hang123.com
203.191.146.205  3tom.com
203.191.146.205  www.3tom.com
203.191.146.205  www.anyso.com
203.191.146.205  anyso.com
203.191.146.205  59178.com
203.191.146.205  www.59178.com
203.191.146.205  t3j4.com
203.191.146.205  www.t3j4.com
203.191.146.205  www.zh130.com
203.191.146.205  zh130.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  www.7667.com
203.191.146.205  7667.com
203.191.146.205  ie.union123.com
203.191.146.205  www.daohangtu.com
203.191.146.205  daohangtu.com
203.191.146.205  www.ld123.com
203.191.146.205  ld123.com
203.191.146.205  www.369.com
203.191.146.205  369.com
203.191.146.205  91ni.com
203.191.146.205  www.91ni.com
203.191.146.205  www.17995.com
203.191.146.205  17995.com
203.191.146.205  www.sha123.com
203.191.146.205  sha123.com
203.191.146.205  www.lethot.com
203.191.146.205  lethot.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  4533.cn
203.191.146.205  6h.com.cn
203.191.146.205  www.6h.com.cn
203.191.146.205  www.jjol.cn
203.191.146.205  jjol.cn
203.191.146.205  wangzhiku.com
203.191.146.205  www.wangzhiku.com
203.191.146.205  www.1zhan.com
203.191.146.205  1zhan.com
203.191.146.205  www.262.com
203.191.146.205  262.com
203.191.146.205  www.365.com
203.191.146.205  365.com
203.191.146.205  www.4533.cn
203.191.146.205  4533.cn
203.191.146.205  31tg.com
203.191.146.205  www.31tg.com
203.191.146.205  tomatolei.com
203.191.146.205  www.tomatolei.com
203.191.146.205  999cha.com
203.191.146.205  www.999cha.com
127.0.0.1  mmsk.cn
127.0.0.1  ikaka.com
127.0.0.1  safe.qq.com
127.0.0.1  360safe.com
127.0.0.1  bbs.360safe.com
127.0.0.1  www.mmsk.cn
127.0.0.1  www.ikaka.com
127.0.0.1  tool.ikaka.com
127.0.0.1  www.360safe.com
127.0.0.1  zs.kingsoft.com
127.0.0.1  forum.ikaka.com
127.0.0.1  up.rising.com.cn
127.0.0.1  scan.kingsoft.com
127.0.0.1  kvup.jiangmin.com
127.0.0.1  reg.rising.com.cn
127.0.0.1  update.rising.com.cn
127.0.0.1  update7.jiangmin.com
127.0.0.1  download.rising.com.cn
127.0.0.1  dnl-us1.kaspersky-labs.com
127.0.0.1  dnl-us2.kaspersky-labs.com
127.0.0.1  dnl-us3.kaspersky-labs.com
127.0.0.1  dnl-us4.kaspersky-labs.com
127.0.0.1  dnl-us5.kaspersky-labs.com
127.0.0.1  dnl-us6.kaspersky-labs.com
127.0.0.1  dnl-us7.kaspersky-labs.com
127.0.0.1  dnl-us8.kaspersky-labs.com
127.0.0.1  dnl-us9.kaspersky-labs.com
127.0.0.1  dnl-us10.kaspersky-labs.com
127.0.0.1  dnl-eu1.kaspersky-labs.com
127.0.0.1  dnl-eu2.kaspersky-labs.com
127.0.0.1  dnl-eu3.kaspersky-labs.com
127.0.0.1  dnl-eu4.kaspersky-labs.com
127.0.0.1  dnl-eu5.kaspersky-labs.com
127.0.0.1  dnl-eu6.kaspersky-labs.com
127.0.0.1  dnl-eu7.kaspersky-labs.com
127.0.0.1  dnl-eu8.kaspersky-labs.com
127.0.0.1  dnl-eu9.kaspersky-labs.com
127.0.0.1  dnl-eu10.kaspersky-labs.com
203.191.146.205  www.ab365.com
203.191.146.205  ab365.com
203.191.146.205  www.5235.net
203.191.146.205  5235.net

用System Repair Engineer 2.4扫描后日志如下：

[CODE]

2007-06-05,14:58:36

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <EyeGuard><E:\EyeGuard_3001\EyeGuard.exe>  [QP SOFTWARE]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINNT\System32\setup\wmpocm.exe /ShowWMP>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[CD4FA788 / CD4FA788][Stopped/Disabled]
  <C:\WINNT\system32\D3771C08.EXE -g><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Print Manager / lDOMANE][Stopped/Auto Start]
  <C:\WINNT\SYSTEM32\RUNDLLFOROUR.EXE C:\WINNT\SYSTEM32\WBEM\UBWPT.DLL,Export 1087><Microsoft Corporation>
[Windows pcks RunThem / pcks][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\kxfn\uhpx.dll><N/A>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Disabled]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cccabeaf / cccabeaf][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cccabeaf.sys><N/A>
[cgczwv85 / cgczwv85][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[dhdifjjf / dhdifjjf][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhdifjjf.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[eqfsyc97 / eqfsyc97][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[ISO DVD/CD-ROM Device Driver / ISODrive][Running/System Start]
  <\??\C:\Program Files\UltraISO\drivers\ISODrive.sys><EZB Systems, Inc.>
[juuzc / juuzcx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\juuzcx.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\TM\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINNT\system32\ntsim.sys><Fast Ethernet Adapter Manufacturer>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qceuzc / qceuzc][Running/Boot Start]
  <\SystemRoot\system32\drivers\qceuzc.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\PROGRA~1\SkyNet\Firewall\SkyProcs.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[vmfilter303 / vmfilter303][Stopped/Manual Start]
  <system32\drivers\vmfilter303.sys><Vimicro Corporation>
[VNICPKT5 Protocol Driver / VNICPKT5][Stopped/Manual Start]
  <\??\C:\WINNT\system32\VNICPKT5.SYS><>
[10moons USB PC Camera / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[1531593 / 1531593][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================

浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINNT\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 204][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1288][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 16]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\msctf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Rising\Rav\BDEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\BDEX.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\BDLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
[PID: 1376][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
[PID: 1524][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 7.0.0816]
    [C:\Program Files\MSN Messenger\MSGSLANG.DLL]  [Microsoft Corporation, 7.0.0816]
    [C:\Program Files\MSN Messenger\custsat.dll]  [Microsoft Corporation, 8.50.0015.0500]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\System32\devenum.dll]  [, ]
[PID: 1560][E:\EyeGuard_3001\EyeGuard.exe]  [QP SOFTWARE, 3, 0, 1, 0]
    [E:\EyeGuard_3001\EyeGuardHook.dll]  [QP SOFTWARE, 3, 0, 1, 0]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
[PID: 1576][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\mui\fallback\0804\msutb.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]

[PID: 1584][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.08.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.08.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.1.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.0.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [DT Soft Ltd., 1.18.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [DT Soft Ltd., 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1816][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 2]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\SHARED\IMELM.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\UltraISO\isoshell.dll]  [EZB Systems, Inc., 1, 0, 0, 2]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL]  [Microsoft Corporation, 1.1.0.582]
    [C:\Program Files\UltraISO\lang\lang_cn.dll]  [N/A, ]
[PID: 1208][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [c:\progra~1\kxfn\xksa.dll]  [N/A, ]
    [c:\progra~1\kxfn\cpxf.dll]  [N/A, ]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
    [C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Tencent\TT\TTNetFavor.dll]  [N/A, ]
[PID: 1796][J:\工具\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

[c:\progra~1\kxfn\xksa.dll] [N/A, ]
[c:\progra~1\kxfn\cpxf.dll] [N/A, ]

这两个文件用冰刃删除不掉

附件: 137427200765153742.jpg

到现在我也没有能够解决，恳请大家慷慨帮忙。电脑是windows2000 专业版的系统。

引用:

【政府的贴子】到现在我也没有能够解决，恳请大家慷慨帮忙。电脑是windows2000 专业版的系统。 ………………

晕倒！怎么你也中奖了！

引用:

【超级游戏迷的贴子】 晕倒！怎么你也中奖了！ ………………

刚给你发了悄悄话 嘿嘿,你就过来啦,谢谢,帮帮忙看看

服务
[CD4FA788 / CD4FA788][Stopped/Disabled]
<C:\WINNT\system32\D3771C08.EXE -g><N/A>
[Print Manager / lDOMANE][Stopped/Auto Start]
<C:\WINNT\SYSTEM32\RUNDLLFOROUR.EXE C:\WINNT\SYSTEM32\WBEM\UBWPT.DLL,Export 1087><Microsoft Corporation>
[Windows pcks RunThem / pcks][Running/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\kxfn\uhpx.dll><N/A>

驱动程序
[cccabeaf / cccabeaf][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cccabeaf.sys><N/A>
[cgczwv85 / cgczwv85][Stopped/Boot Start]
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[dhdifjjf / dhdifjjf][Stopped/Boot Start]
<\SystemRoot\system32\drivers\dhdifjjf.sys><N/A>
<\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
Systems, Inc.>
[juuzc / juuzcx][Running/Boot Start]
<\SystemRoot\system32\drivers\qceuzc.sys><N/A>
<[qceuzc / qceuzc][Running/Boot Start]
<\SystemRoot\system32\drivers\qceuzc.sys><N/A>
[1531593 / 1531593][Running/]
<2 - 系统找不到指定的文件。
><N/A>

正在运行的进程
[c:\progra~1\kxfn\xksa.dll] [N/A, ]
[c:\progra~1\kxfn\cpxf.dll] [N/A, ]

可能还有遗漏，可以等等高手。
上班了，886

【回复“超级游戏迷”的帖子】你能从这么眼花缭乱的日志里这么快就挑出了问题，佩服。
嘿嘿，我看日志还是还是不行啊，刚刚连门口都没有摸到，按你的方法去打扫一下我的电脑先。
以后多多向你们学习。

c:\progra~1\kxfn\这个文件夹都可以删除

呵呵！！！！！！！！1

怎么茶茶的都这样了？？？？？？？？？？？？


哈哈！！！！！！！！

看嘛,怎么近你都不常到这里坐坐,还是人家病毒把你给请来了吧~~~