12   1  /  2  页   跳转

求助:中了怪毒!!

收藏
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 18:35 | 只看楼主 短消息 资料
字号: 1楼

求助:中了怪毒!!

在我电脑屏幕上始终浮现着一行字:"公元1975-3-23是兔子的生日,别忘了每年3月23日送点小礼物给他哦!"升级了版本杀毒也查不出来,请问该怎么办啊?谢谢!!!
日志如下:
2007-03-19,18:18:02

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <ClientQyule><; C:\Program Files\Qyule\Qyule.exe -autostart>  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [Intel Corporation]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RegNetPass><C:\WINDOWS\system32\regcsp.exe>  []
    <gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r>  [Gemplus]
    <SysReBuild><C:\WINDOWS\SysReBuild.exe>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <Antiy Auto Update><C:\Program Files\Antiy Labs\Alive\AliveCenter.exe>  [Antiy Labs]
    <SoftickPPP><; "C:\Program Files\Softick\PPP\Bin\PPPGate.exe">  [N/A]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\zhou\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[  /  ][Stopped/Auto Start]
  <C:\WINDOWS\intall.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[svchost / svchost][Stopped/Auto Start]
  <C:\Program Files\Internet Explorer\PLUGINS\RichFX\Player\svchost.exe><N/A>

==================================
驱动程序
[454924 / 454924][Running/Boot Start]
  <\SystemRoot\System32\drivers\454924.sys><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <System32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AntiyFirewall / AntiyFirewall][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\AntiyFW.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Stopped/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\Tencent\qq\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <System32\DRIVERS\smcirda.sys><SMC>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51][Stopped/Manual Start]
  <System32\DRIVERS\w70n51.sys><Intel? Corporation>
==================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {7F9FBFAD-C171-4B2B-AC7E-1EA1119C938D} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\IE_Help.dll, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[]
  {7F9FBFAD-C171-4B2B-AC7E-1EA1119C938D} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\IE_Help.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\qq\SendMMS.htm, N/A>

附件附件:

下载次数:235
文件类型:application/octet-stream
文件大小:
上传时间:2007-3-19 18:35:27
描述:



最后编辑2007-03-20 09:34:38
分享到:
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 18:39 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
[PID: 1116][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[PID: 1712][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 18:39 | 只看楼主 短消息 资料
字号: 3楼

[C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.3762]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3762]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3762]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3762]
[PID: 1896][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.23 2.1.23 01/22/2003 17:47:39]
[PID: 1932][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1948][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1980][C:\WINDOWS\SysReBuild.exe]  [N/A, ]
[PID: 196][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 240][C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe]  [Antiy Labs, 2, 1, 0, 0]
[PID: 3924][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[PID: 1692][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\KIme.ime]  [金山软件公司, 1, 0, 0, 1]
    [C:\Program Files\Common Files\kingsoft\Extract\KSEngine.dll]  [金山软件有限公司, 2, 0, 1, 0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 5.00.2000.3]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 3708][C:\Program Files\Real\RealOne Player\RealPlay.exe]  [RealNetworks, Inc., 6.0.12.1348]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.0.6726]
    [C:\Program Files\Real\RealOne Player\rpplugins\rpap3260.dll]  [RealNetworks, Inc., 6.0.9.2954]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.4317]
    [C:\Program Files\Common Files\Real\rpplugins\cn\embed_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
    [C:\Program Files\Common Files\Real\rpplugins\cn\rpclsvc_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
    [C:\Program Files\Real\RealOne Player\rpplugins\rpcl3260.dll]  [RealNetworks, Inc., 6.0.9.3027]
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  [RealNetworks, Inc., 0.1.0.3749]
    [C:\Program Files\Common Files\Real\Plugins\zipf3260.dll]  [RealNetworks, Inc., 6.0.8.2469]
    [C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols1.dll]  [RealNetworks, Inc., 6.0.1.2153]
    [C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll]  [RealNetworks, Inc., 1.0.0.4244]
    [C:\Program Files\Real\RealOne Player\rpplugins\rpmn3260.dll]  [RealNetworks, Inc., 6.0.9.2851]
    [C:\Program Files\Real\RealOne Player\rpplugins\rpms3260.dll]  [RealNetworks, Inc., 6.0.1.2188]
    [C:\Program Files\Real\RealOne Player\rpplugins\MPACore.dll]  [RealNetworks, Inc., 1.0.3.2207]
    [C:\Program Files\Real\RealOne Player\rpplugins\myde3260.dll]  [RealNetworks, Inc., 6.0.10.2416]
    [C:\Program Files\Common Files\Real\Common\pngu3267.dll]  [RealNetworks, Inc., 6.7.0.2962]
    [C:\PROGRA~1\COMMON~1\XINGSH~1\MPEGEN~1\xmencmp3.dll]  [RealNetworks, Inc., 1, 0, 0, 17]
    [C:\Program Files\Common Files\Real\Plugins\smplfsys.dll]  [RealNetworks, Inc., 10.0.0.2020]
    [C:\Program Files\Real\RealOne Player\plugins\rjrmjpln.dll]  [RealNetworks, Inc., 1.0.3.2164]
    [C:\Program Files\Common Files\Real\Common\pnen3260.dll]  [RealNetworks, Inc., 10.0.0.1283]
    [C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll]  [RealNetworks, Inc., 10.1.0.1180]
    [C:\Program Files\Common Files\Real\Plugins\vidsite.dll]  [RealNetworks, Inc., 10.0.0.1253]
    [C:\Program Files\Common Files\Real\Plugins\clntxres.dll]  [RealNetworks, Inc., 10.0.0.4181]
    [C:\Program Files\Common Files\Real\Plugins\ramfformat.dll]  [RealNetworks, Inc., 10.0.0.2477]
    [C:\Program Files\Common Files\Real\Plugins\rmfformat.dll]  [RealNetworks, Inc., 10.0.0.1475]
    [C:\Program Files\Common Files\Real\Plugins\rarender.dll]  [RealNetworks, Inc., 10.0.0.1260]
    [C:\Program Files\Common Files\Real\Codecs\cook.dll]  [RealNetworks, Inc., 10.0.0.2389]
    [C:\Program Files\Common Files\Real\Plugins\rvrender.dll]  [RealNetworks, Inc., 10.0.0.1644]
    [C:\Program Files\Common Files\Real\Codecs\hxltcolor.dll]  [RealNetworks, Inc., 10.0.0.1110]
    [C:\Program Files\Common Files\Real\Codecs\RV40.DLL]  [RealNetworks, Inc., 10.0.0.1740]
    [C:\Program Files\Common Files\Real\Codecs\drvc.dll]  [RealNetworks, Inc., 10.0.0.1740]
    [C:\Program Files\Common Files\Real\Common\rjbviz.dll]  [RealNetworks, Inc., 1.0.2.3809]
    [C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv]  [N/A, ]
    [C:\Program Files\Common Files\Real\Visualizations\Fire.rpv]  [RealNetworks, Inc., 1.0.0.1]
    [C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv]  [RealNetworks, Inc., 1.0.0.2]
    [C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv]  [N/A, ]
    [C:\Program Files\Common Files\Real\Plugins\authmgr.dll]  [RealNetworks, Inc., 10.0.0.1687]
    [C:\Program Files\Common Files\Real\RCAPlugins\rpcontrols2.dll]  [RealNetworks, 6.0.1.2153]
    [C:\Program Files\Common Files\Real\RCAPlugins\gemx3201.dll]  [RealNetworks, Inc., 0.1.0.5786]
    [C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv]  [RealNetworks, Inc., 1.0.0.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\Program Files\Real\RealOne Player\rpplugins\rpwe3260.dll]  [RealNetworks, Inc., 6.0.1.2194]
[PID: 3372][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 1884][C:\DOCUME~1\zhou\LOCALS~1\Temp\Rar$EX00.823\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\NpOpenStore.dll]  [N/A, ]
    [C:\WINDOWS\system32\NPCard.dll]  [N/A, ]
    [C:\WINDOWS\system32\RsaFun.dll]  [N/A, ]
    [C:\WINDOWS\system32\GPKPCSC.dll]  [N/A, ]
    [C:\DOCUME~1\zhou\LOCALS~1\Temp\Rar$EX00.823\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 18:40 | 只看楼主 短消息 资料
字号: 4楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
yulf
头像
初生襁褓狮
  • 帖子:85
  • 注册: 2007-02-11
  • 来自:
发表于: 2007-03-19 18:49 | 短消息 资料
字号: 5楼

<gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r> [Gemplus]
<SysReBuild><C:\WINDOWS\SysReBuild.exe>
<\SystemRoot\System32\drivers\454924.sys><N/A>
不知道这几个是什么?
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 19:10 | 只看楼主 短消息 资料
字号: 6楼

在线等~~~
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 19:29 | 只看楼主 短消息 资料
字号: 7楼

怎么没有人回答啊?到底该怎么办啊?
gototop
 
水树雨下
头像
横据古稀狮
  • 帖子:8397
  • 注册: 2006-07-26
  • 来自:
发表于: 2007-03-19 19:41 | 短消息 资料
字号: 8楼

C:\WINDOWS\SysReBuild.exe
这个是什么?

运行sreng2启动项目,服务,win32服务应用程序,勾选隐藏微软服务后删除
[ / ][Stopped/Auto Start]
<C:\WINDOWS\intall.exe><N/A>
[svchost / svchost][Stopped/Auto Start]
<C:\Program Files\Internet Explorer\PLUGINS\RichFX\Player\svchost.exe><N/A>
服务,驱动程序删除
[454924 / 454924][Running/Boot Start]
<\SystemRoot\System32\drivers\454924.sys><N/A>
重启后打开我的电脑,工具,文件夹选项,查看,显示所有文件和文件夹,把“隐藏受保护的系统文件”的勾去掉删除
C:\WINDOWS\intall.exe
C:\Program Files\Internet Explorer\PLUGINS\RichFX\Player\svchost.exe
C:\WINDOWS\System32\drivers\454924.sys
gototop
 
邀月无缺
头像
拙长孩提狮
  • 帖子:83
  • 注册: 2006-12-02
  • 来自:
发表于: 2007-03-19 20:10 | 短消息 资料
字号: 9楼

[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
这项好像有问题
gototop
 
zjn7
头像
初生襁褓狮
  • 帖子:15
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-19 20:34 | 只看楼主 短消息 资料
字号: 10楼

都试过了,还是不行啊!
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT