杀软被屏蔽了，不能开启，浏览器被篡改，求救。。。。。 bbs.ikaka.com

秋雨梧桐落 - 2010-10-2 9:30:00

高手帮忙啊，杀毒软件不好用了，浏览器被篡改，晕晕的，弹出网页也是挂码的。。。。。

用KK系统修复也不行，桌面快捷方式删除了还回来，还说是系统文件。。。扫描了一下日志，高手帮忙看看。。。问题出在哪了。。。。。
瑞星卡卡电脑诊断日志 v1.30 (2010-10-2 8:28:30) 北京瑞星信息技术有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
ose
[A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,

UMWdf
[AM] 2. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

UTSCSI
[AM] 3. c:\windows\system32\utscsi.exe
UTSCSI Application
.text,.rdata,.data,.rsrc,

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXWDM
[A ] 4. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,

AmdK8
[A ] 5. c:\windows\system32\drivers\amdk8.sys
Advanced Micro Devices
AMD Processor Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,

DKbFltr
[A ] 6. c:\windows\system32\drivers\dkbfltr.sys
Dritek System Inc.
Dritek PS2 Keyboard Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

ft2kEnum
[A ] 7. c:\windows\system32\drivers\ic2kenum.sys
OEM Corporation
ic2k Bus Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

GDBaseSmc
[A ] 8. c:\windows\system32\drivers\chip_smc.sys
OEM
This is used by SRC 2000 Readers
page,.text,init,.rdata,.data,INIT,.rsrc,.reloc,

Reader_Device
[A ] 9. c:\windows\system32\drivers\usbic2k.sys
OEM
This is used by SRC 2000 Readers
page,.text,init,.rdata,.data,INIT,.rsrc,.reloc,

RTL8023xp
[A ] 10. c:\windows\system32\drivers\rtnicxp.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.1 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

SAA7134
[A ] 11. c:\windows\system32\drivers\nv700x.sys
NV700X driver
.text,.data,.CRT,.STL,PAGE,INIT,.rsrc,.reloc,

Secdrv
[A ] 12. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

zlportio
[A ] 13. f:\df-2008监控软件\nv700x_v5.5\zlportio.sys

+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
exFat
[A ] 14. c:\windows\system32\drivers\exfat.sys
Microsoft Corporation
Microsoft Extended FAT File System
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

Ndis298
[A ] 15. c:\windows\system32\drivers\pn298.sys
360Safe
360Safe Anti Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
GinaDLL
[AM] 16. c:\windows\system32\mygina.dll
.text,.rdata,.data,.reloc,

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}
[A ] 17. c:\windows\system32\urlfilter.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware UrlFilter Module
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 18. c:\windows\network diagnostic\xpnetdiag.exe
Microsoft Corporation
Network Diagnostic for Windows XP
.text,.data,.rsrc,

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[A ] 19. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.cdata,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 20. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,

WinRAR shell extension
[A ] 21. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,

Portable Media Devices
[A ] 22. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,

Portable Media Devices Menu
[A ] 22. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,

Microsoft Office HTML Icon Handler
[A ] 23. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,

Web Folders
[A ] 24. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,

Microsoft.XPS.Shell.Metadata.1
[A ] 25. c:\windows\system32\xpsshhdr.dll
Microsoft Corporation
Package Document Shell Extension Handler
.text,.data,.rsrc,.reloc,

Microsoft.XPS.Shell.Thumbnail.1
[A ] 25. c:\windows\system32\xpsshhdr.dll
Microsoft Corporation
Package Document Shell Extension Handler
.text,.data,.rsrc,.reloc,

+ 用户登陆自运行项目
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PPS Accelerator
[AM] 26. c:\program files\ppstream\ppsap.exe
PPStream Inc
PPS 网络加速器
.text,.rdata,.data,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 27. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Information Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 28. c:\windows\system32\kknative.exe
Beijing Rising Information Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,

+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 29. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.cdata,.rsrc,

htmlfile\Print\Command
[A ] 29. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.cdata,.rsrc,

+ HKCR\.htm
htmlfile\Edit\Command
[A ] 29. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.cdata,.rsrc,

htmlfile\Print\Command
[A ] 29. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.cdata,.rsrc,

+ HKCR\.mp3
Audio.MP3\open\Command
[A ] 30. c:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,

Audio.MP3\PlayList\Command
[A ] 30. c:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,

+ 其他自启动项目
+ C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
QQ游戏启动加速程序.lnk
[A ] 31. c:\program files\腾讯游戏\qqgame\accel.exe
深圳市腾讯计算机系统有限公司
QQ游戏
.text,.rdata,.data,.rsrc,

+ 正在运行的进程
+ 000000a8(168) rstray.exe
00400000[00026000]
[ M] 32. c:\program files\rising\antispyware\rstray.exe
Beijing Rising Information Technology Co., Ltd.
RSTray
.text,.rdata,.data,.rsrc,

10000000[0004C000]
[ M] 33. c:\program files\rising\antispyware\rsmginfo.dll
Beijing Rising Information Technology Co., Ltd.
rsmginfo
.text,.rdata,.data,.rsrc,.reloc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

00980000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

23800000[00039000]
[ M] 36. c:\program files\rising\antispyware\rsxml.dll
Beijing Rising Information Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,

00AD0000[00024000]
[ M] 37. c:\program files\rising\antispyware\comserv.dll
Beijing Rising Information Technology Co., Ltd.
.text,.rdata,.data,.rsrc,.reloc,

00B00000[00019000]
[ M] 38. c:\program files\rising\antispyware\syslay.dll
Beijing Rising Information Technology Co., Ltd.
Syslay
.text,.rdata,.data,.rsrc,.reloc,

7C3A0000[0007B000]
[ M] 39. c:\program files\rising\antispyware\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

7C340000[00056000]
[ M] 40. c:\program files\rising\antispyware\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

23700000[00026000]
[ M] 41. c:\program files\rising\antispyware\rscommon.dll
Beijing Rising Information Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00B50000[0002D000]
[ M] 42. c:\program files\rising\antispyware\comx3.dll
Beijing Rising Information Technology Co., Ltd.
comx3 Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00E50000[00022000]
[ M] 43. c:\program files\rising\antispyware\rsxml1.dll
Beijing Rising Information Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,

23900000[00040000]
[ M] 44. c:\program files\rising\antispyware\pngdll.dll
Beijing Rising Information Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00E90000[00081000]
[ M] 45. c:\program files\rising\antispyware\runiep.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware tray
.text,.rdata,.data,.rsrc,.reloc,

00F20000[00034000]
[ M] 46. c:\program files\rising\antispyware\ncomm.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

00F80000[0001F000]
[ M] 47. c:\program files\rising\antispyware\proccom.dll
Beijing Rising Information Technology Co., Ltd.
ProcessC Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00FA0000[00024000]
[ M] 48. c:\program files\rising\antispyware\rscommx2.dll
Beijing Rising Information Technology Co., Ltd.
RsCommX2
.text,.rdata,.data,.rsrc,.reloc,

+ 00000100(256) ppsap.exe
00400000[00038000]
[AM] 26. c:\program files\ppstream\ppsap.exe
PPStream Inc
PPS 网络加速器
.text,.rdata,.data,.rsrc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

10000000[00137000]
[ M] 49. c:\program files\ppstream\vodnet.dll
PPStream Inc.
PPS 动态链接库
.text,.rdata,.data,.rsrc,.reloc,

00F40000[00068000]
[ M] 50. c:\program files\ppstream\vodres.dll
PPStream Inc.
PPS 动态链接库
.text,.rdata,.data,.rsrc,.reloc,

00FC0000[0004D000]
[ M] 51. c:\program files\ppstream\fds.dll
PPStream Inc.
PPS 动态链接库
.text,.rdata,.data,.rsrc,.reloc,

+ 00000148(328) WScript.exe
10000000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

+ 00000158(344) stormpop.exe
00400000[00053000]
[ M] 52. d:\program files\stormii\stormpop.exe
暴风影音资源组件
.text,.rdata,.data,.rsrc,

10000000[0001F000]
[ M] 53. d:\program files\stormii\corelog.dll
北京暴风网际科技有限公司
暴风影音播放组件
.text,.rdata,.data,.rsrc,.reloc,

00A50000[000F3000]
[ M] 54. d:\program files\stormii\mps.dll
北京暴风网际科技有限公司
暴风影音播放组件
.text,.rdata,.data,.rsrc,.reloc,

75FF0000[00065000]
[ M] 55. d:\program files\stormii\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

00C40000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

+ 000001b8(440) smss.exe
+ 000001f4(500) csrss.exe
+ 0000020c(524) winlogon.exe
10000000[00008000]
[AM] 16. c:\windows\system32\mygina.dll
.text,.rdata,.data,.reloc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 00000238(568) services.exe
46040000[0000F000]
[ M] 57. c:\windows\apppatch\acadproc.dll
Microsoft Corporation
Windows Compatibility DLL
.text,.data,.rsrc,.reloc,

+ 00000244(580) lsass.exe
+ 000002e0(736) svchost.exe
+ 00000310(784) svchost.exe
+ 00000338(824) svchost.exe
+ 00000374(884) svchost.exe
+ 000003c0(960) svchost.exe
+ 00000400(1024) spoolsv.exe
3F420000[0001B000]
[ M] 58. c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
Microsoft Corporation
Print Filter Pipeline Proxy
.text,.orpc,.data,.rsrc,.reloc,

+ 00000428(1064) SCardSvr.exe
+ 00000470(1136) svchost.exe
+ 0000048c(1164) stormliv.exe
00400000[00096000]
[ M] 59. d:\program files\stormii\stormliv.exe
北京暴风网际科技有限公司
暴风影音媒体控制中心
.text,.rdata,.data,.rsrc,

75FF0000[00065000]
[ M] 55. d:\program files\stormii\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

10000000[00015000]
[ M] 60. d:\program files\stormii\bfoptdll.dll
北京暴风网际科技有限公司
.text,.rdata,.data,.rsrc,.reloc,

01E30000[00048000]
[ M] 61. d:\program files\stormii\box\boxlog.dll
北京暴风网际科技有限公司
暴风影视组件
.text,.rdata,.data,.rsrc,.reloc,

秋雨梧桐落 - 2010-10-2 9:49:00

+ 000004c4(1220) svchost.exe
+ 000004d4(1236) wdfmgr.exe
01000000[0000C000]
[AM] 2. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,

+ 00000518(1304) UTSCSI.EXE
00400000[00010000]
[AM] 3. c:\windows\system32\utscsi.exe
UTSCSI Application
.text,.rdata,.data,.rsrc,

+ 00000620(1568) wmiprvse.exe
+ 00000690(1680) Explorer.EXE
73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

10000000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 00000728(1832) wmiprvse.exe
+ 00000730(1840) alg.exe
+ 000007d0(2000) stMgr.exe
00400000[000B5000]
[ M] 62. d:\program files\stormii\stmgr.exe
北京暴风网际科技有限公司
暴风影音媒体管理
.text,.rdata,.data,.rsrc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

10000000[00015000]
[ M] 60. d:\program files\stormii\bfoptdll.dll
北京暴风网际科技有限公司
.text,.rdata,.data,.rsrc,.reloc,

75FF0000[00065000]
[ M] 55. d:\program files\stormii\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

01220000[0001F000]
[ M] 53. d:\program files\stormii\corelog.dll
北京暴风网际科技有限公司
暴风影音播放组件
.text,.rdata,.data,.rsrc,.reloc,

01860000[000AC000]
[ M] 63. d:\program files\stormii\tips.dll
北京暴风网际科技有限公司
暴风影音资源组件
.text,.rdata,.data,.rsrc,.reloc,

01260000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

01D60000[00488000]
[ M] 64. d:\program files\stormii\codec\flash.ocx
Adobe Systems, Inc.
Adobe Flash Player 10.0 r22
.text,.rdata,.data,.rodata,.rsrc,.reloc,

72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 00000840(2112) ras.exe
00400000[0001F000]
[ M] 65. c:\program files\rising\antispyware\ras.exe
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,

10000000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

00960000[00065000]
[ M] 66. c:\program files\rising\antispyware\rspalmgr.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

009E0000[0001F000]
[ M] 47. c:\program files\rising\antispyware\proccom.dll
Beijing Rising Information Technology Co., Ltd.
ProcessC Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00A00000[00024000]
[ M] 48. c:\program files\rising\antispyware\rscommx2.dll
Beijing Rising Information Technology Co., Ltd.
RsCommX2
.text,.rdata,.data,.rsrc,.reloc,

00B50000[0002D000]
[ M] 42. c:\program files\rising\antispyware\comx3.dll
Beijing Rising Information Technology Co., Ltd.
comx3 Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

00B80000[00019000]
[ M] 38. c:\program files\rising\antispyware\syslay.dll
Beijing Rising Information Technology Co., Ltd.
Syslay
.text,.rdata,.data,.rsrc,.reloc,

00CF0000[00058000]
[ M] 67. c:\program files\rising\antispyware\dbmgr.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

7C140000[00103000]
[ M] 68. c:\program files\rising\antispyware\mfc71.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.data,.rsrc,.reloc,

7C340000[00056000]
[ M] 40. c:\program files\rising\antispyware\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

23800000[00022000]
[ M] 43. c:\program files\rising\antispyware\rsxml1.dll
Beijing Rising Information Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,

7C3A0000[0007B000]
[ M] 39. c:\program files\rising\antispyware\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

00F20000[00039000]
[ M] 36. c:\program files\rising\antispyware\rsxml.dll
Beijing Rising Information Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,

26600000[00078000]
[ M] 69. c:\program files\rising\antispyware\rsguilib.dll
Beijing Rising Information Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,

23900000[00040000]
[ M] 44. c:\program files\rising\antispyware\pngdll.dll
Beijing Rising Information Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

01080000[00031000]
[ M] 70. c:\program files\rising\antispyware\pweb.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

010D0000[0002D000]
[ M] 71. c:\program files\rising\antispyware\pdefend.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

011D0000[00225000]
[ M] 72. c:\program files\rising\antispyware\pscan.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

01100000[00034000]
[ M] 46. c:\program files\rising\antispyware\ncomm.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

01400000[00071000]
[ M] 73. c:\program files\rising\antispyware\pset.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

01480000[000B8000]
[ M] 74. c:\program files\rising\antispyware\ptools.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

01540000[00077000]
[ M] 75. c:\program files\rising\antispyware\psysinfo.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

015C0000[00086000]
[ M] 76. c:\program files\rising\antispyware\kengine.dll
Beijing Rising Information Technology Co., Ltd.
KEngine
.text,.rdata,.data,.rsrc,.reloc,

01170000[00045000]
[ M] 77. c:\program files\rising\antispyware\posttrt.dll
Beijing Rising Information Technology Co., Ltd.
PostTrt
.text,.rdata,.data,.rsrc,.reloc,

01660000[00010000]
[ M] 78. c:\program files\rising\antispyware\kscanex.dll
Beijing Rising Information Technology Co., Ltd.
KEngine ScanEx
.text,.rdata,.data,.rsrc,.reloc,

01680000[0002F000]
[ M] 79. c:\program files\rising\antispyware\engine.dll
Beijing Rising Information Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,

016C0000[00033000]
[ M] 80. c:\program files\rising\antispyware\rsdialog.dll
Beijing Rising Information Technology Co., Ltd.
Rsdiaglo DLL
.text,.rdata,.data,.rsrc,.reloc,

01710000[0001E000]
[ M] 81. c:\program files\rising\antispyware\secscan.dll
Beijing Rising Information Technology Co., Ltd.
secscan Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

01740000[0007F000]
[ M] 82. c:\program files\rising\antispyware\ntlib.dll
Beijing Rising Information Technology Co., Ltd.
Ntlib Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

017D0000[00017000]
[ M] 83. c:\program files\rising\antispyware\secex.dll
Beijing Rising Information Technology Co., Ltd.
SecEx Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

73200000[00031000]
[ M] 34. c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,

72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 00000854(2132) knownsvr.exe
00400000[00072000]
[ M] 84. c:\program files\rising\antispyware\knownsvr.exe
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,

10000000[00034000]
[ M] 46. c:\program files\rising\antispyware\ncomm.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,.reloc,

00980000[0002D000]
[ M] 42. c:\program files\rising\antispyware\comx3.dll
Beijing Rising Information Technology Co., Ltd.
comx3 Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

009B0000[00019000]
[ M] 38. c:\program files\rising\antispyware\syslay.dll
Beijing Rising Information Technology Co., Ltd.
Syslay
.text,.rdata,.data,.rsrc,.reloc,

00E70000[00014000]
[ M] 35. c:\program files\rising\antispyware\regcall.dll
Beijing Rising Information Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,YCIShare,.rsrc,.reloc,

天月来了 - 2010-10-2 10:06:00

用SRENG工具扫描系统日志发这论坛来,建议日志文件以附件形式接本贴发来：

下载：http://www.kztechs.com/sreng/download.html

取消“智能扫描”项内的“Windows安全更新检查”前的勾再扫描，否则可能扫描半天没结果。

日志文件以附件形式发来点击我这贴右下角的“引用”,然后就应该知道怎么发了。

扫描操作图：

秋雨梧桐落 - 2010-10-2 10:30:00

浏览了一下网页被篡改的修复方法，也下载了，使用后没效果，日志放在附件里了，谢谢指教。。。

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CIBA)

附件: SREngLOG.log

天月来了 - 2010-10-2 10:37:00

这个文件是什么呢？？
C:\WINDOWS\system32\MyGina.dll

将这三文件复制压缩发来：
C:\WINDOWS\system32\MyGina.dll
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\lfp.vbe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\run.jse

考虑删除下面的项目以及文件试试
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<micrososo><c:\windows\smss.exe > [File is missing]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><MyGina.dll> []

==================================
启动文件夹
[lfp]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\lfp.vbe --> [File is missing]><N>
[run]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\run.jse --> [File is missing]><N>

天月来了 - 2010-10-2 10:38:00

还有你系统内好象没装杀毒软件吧？？

哪来的杀软被屏蔽了，不能开启呢？？？？

秋雨梧桐落 - 2010-10-2 10:44:00

我都用360安全卫士，现在打不开了，360里不是带着杀毒软件呢啊

天月来了 - 2010-10-2 10:52:00

360安全卫士没有360杀毒的那个纯文件特征库的杀毒方式

我说的你自己考虑了

秋雨梧桐落 - 2010-10-2 10:59:00

三个可疑的文件。。。

附件: 三个文件.rar

秋雨梧桐落 - 2010-10-2 11:02:00

等这个处理好了，我会下个杀毒软件的。以前总用瑞星的杀软，电脑运行起来通常会减慢我就改用360了。

天月来了 - 2010-10-2 11:13:00

按照我说的删除那些吧

项目用SRENG工具删除

文件用我那工具贴内的费儿抑制再生删除

秋雨梧桐落 - 2010-10-2 11:42:00

还有一个伪IE不能删除，打开后指向一个9899.cn的假网页。

秋雨梧桐落 - 2010-10-2 12:04:00

电脑系统盘里有这个几个文件，以前没见过，

其中那个gina的文件一直被使用，不能删除。

秋雨梧桐落 - 2010-10-2 12:12:00

请问天月斑竹，你的费儿抑制再生工具是什么？:kaka2:

天月来了 - 2010-10-2 17:20:00

我的工具贴内自己找嘛，汗

这也要问，都附操作图在内，自己看呗

宏朗 - 2010-10-2 22:18:00

试试现在的2010版吧，偶感觉还是不错的。

duo9843 - 2010-10-4 20:40:00

引用:

原帖由 秋雨梧桐落 于 2010-10-2 12:04:00 发表
电脑系统盘里有这个几个文件，以前没见过，

其中那个gina的文件一直被使用，不能删除。

:kaka6: 把这几个文件打包发上来看看。。。

瑞星卡卡安全论坛