帮我看看啊~谢谢了 bbs.ikaka.com

youyou游 - 2006-4-21 13:23:00

用灰鸽子专用检测清楚工具杀,不过提取失败,重新起动还是有病毒,怎么办?请帮我看看,怎么处理好!谢谢~
病毒名称处理结果发现日期扫描方式路径文件
Rootkit.Vanti.gen 删除成功 2006-04-21 11:25 文件监控 C:\WINDOWS\System32 75uwo7dh.dll
Backdoor.Gpigeon.pi 清除成功 2006-04-21 08:28 手动扫描 IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE

Logfile of HijackThis v1.99.1
Scan saved at 13:14:26, on 2006-4-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\syssmss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX61.171\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O3 - Toolbar: QQ声色通(&Q) - {FC1DF328-F720-4FD3-98A4-2595A7356D7F} - C:\WINDOWS\System32\QQSST.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iebar22.0.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TaxKeyManager] C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯qq.lnk = E:\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--图片搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度--地图搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM
O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度--知道搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM
O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM
O8 - Extra context menu item: 百度--站内搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度--词典搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://80.16.19.11:8001/ctais2/wssb/ScriptX.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

不言放弃 - 2006-4-21 13:26:00

【回复“youyou游”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

youyou游 - 2006-4-21 13:28:00

这些是什么意思?请高手帮我看看啊,先谢了
瑞星个人防火墙日志记录保存
--此文件建立于 2006-04-21 13:25:26

数据包时间规则IP地址/端口号协议事件类型其它

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1 2006-4-21 13:2:37.31 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
2 2006-4-21 13:2:37.500 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
3 2006-4-21 13:2:40.31 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
4 2006-4-21 13:2:40.328 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
5 2006-4-21 13:2:40.562 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
6 2006-4-21 13:2:46.31 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
7 2006-4-21 13:2:46.265 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
8 2006-4-21 13:2:46.328 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
9 2006-4-21 13:2:58.15 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
10 2006-4-21 13:2:58.281 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
11 2006-4-21 13:2:58.328 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
12 2006-4-21 13:3:1.31 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
13 2006-4-21 13:3:1.265 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
14 2006-4-21 13:3:7.15 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
15 2006-4-21 13:3:7.312 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
16 2006-4-21 13:3:19.15 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
17 2006-4-21 13:3:22.15 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
18 2006-4-21 13:3:22.328 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
19 2006-4-21 13:3:43.218 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
20 2006-4-21 13:4:10.218 BLA 192.168.1.1:5431->192.168.1.2:1042 TCP SYN+ACK 该数据包被成功拦截
21 2006-4-21 13:4:10.500 Sockets des Troie 192.168.1.1:3123->192.168.1.2:5000 TCP SYN 该数据包被成功拦截
22 2006-4-21 13:4:31.437 Rasmin 192.168.1.1:5431->192.168.1.2:1045 TCP SYN+ACK 该数据包被成功拦截
23 2006-4-21 13:5:46.359 缺省的ICMP出站 192.168.1.2:0->192.168.1.1:0 ICMP dest unreachable 该数据包被成功拦截
24 2006-4-21 13:5:46.359 缺省的ICMP出站 192.168.1.2:0->192.168.1.1:0 ICMP dest unreachable 该数据包被成功拦截
25 2006-4-21 13:5:54.109 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
26 2006-4-21 13:5:57.109 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
27 2006-4-21 13:5:58.640 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
28 2006-4-21 13:6:3.31 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
29 2006-4-21 13:6:4.640 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
30 2006-4-21 13:6:15.31 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
31 2006-4-21 13:6:16.640 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
32 2006-4-21 13:6:18.31 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
33 2006-4-21 13:6:18.265 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
34 2006-4-21 13:6:24.62 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
35 2006-4-21 13:6:24.296 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
36 2006-4-21 13:6:36.250 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
37 2006-4-21 13:6:40.843 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
38 2006-4-21 13:7:0.437 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截
39 2006-4-21 13:7:29.46 AimSpy 192.168.1.1:5431->192.168.1.2:1080 TCP SYN+ACK 该数据包被成功拦截
40 2006-4-21 13:7:48.437 AimSpy 192.168.1.1:5431->192.168.1.2:1081 TCP SYN+ACK 该数据包被成功拦截

youyou游 - 2006-4-21 13:55:00

内容太长了,先发一半,你在帮我看看啊,谢了
2006-04-21,13:44:26

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<rfw><C:\Program Files\rising\Rfw\Rfw.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TaxKeyManager><C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Mouse Suite 98 Daemon><ICO.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<renewup><C:\Program Files\CNNIC\Cdn\cdnrenew.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WinsSystem><C:\Program Files\Internet Explorer\syssmss.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[腾讯qq]
<C:\Documents and Settings\qp\「开始」菜单\程序\启动\腾讯qq.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Distributed Mink Tracking Clie / netsvcs]
<C:\WINDOWS\svchost.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[新浪ViVi收藏夹]
{15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[QQ声色通(&Q)]
{FC1DF328-F720-4FD3-98A4-2595A7356D7F} <C:\WINDOWS\System32\QQSST.dll, >
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[天下搜索]
{56A7DC70-E102-4408-A34A-AE06FEF01586} <C:\WINDOWS\Downloaded Program Files\iebar22.0.dll, >
[MeadCo ScriptX]
{1663ed61-23eb-11d2-b92f-008048fdd814} <C:\WINDOWS\System32\MCScripX.dll, Mead & Co Limited>
[Qzone Media Tools]
{AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <E:\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[上传到QQ网络硬盘]
<E:\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<E:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
<E:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[收藏此页到新浪ViVi]
<http://vivi.sina.com.cn/collect/click.php?agent=viviband, N/A>
[添加到QQ自定义面板]
<E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\qq\SendMMS.htm, N/A>
[百度--MP3搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A>
[百度--图片搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A>
[百度--地图搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM, N/A>
[百度--新闻搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A>
[百度--歌词搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A>
[百度--知道搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM, N/A>
[百度--硬盘搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM, N/A>
[百度--站内搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM, N/A>
[百度--网页搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A>
[百度--词典搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A>
[百度--贴吧搜索]
<RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================

BlackStone - 2006-4-21 13:57:00

O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe

修复
重启
删除C:\Program Files\Internet Explorer\syssmss.exe试试

youyou游 - 2006-4-21 14:00:00

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[PID: 552][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 564][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 760][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[PID: 812][C:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 828][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1012][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1044][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[PID: 1064][C:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1240][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\WINDOWS\Downloaded Program Files\SSjxm.dll] <Tencent><3, 0, 6, 60>
[C:\WINDOWS\System32\nvcpl.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5672>
[C:\WINDOWS\System32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5672>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 70>
[PID: 1392][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\EBPMON2.DLL] <SEIKO EPSON CORPORATION><2, 20, 0, 0>
[C:\WINDOWS\system32\HPBMMON.DLL] <Hewlett-Packard><10.00.15>
[C:\WINDOWS\system32\hpdomon.dll] <Hewlett-Packard><03.42.00>
[C:\WINDOWS\system32\HPBHealr.dll] <N/A><N/A>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] <Zenographics, Inc.><5, 54, 330, 0>
[C:\WINDOWS\system32\Imf32.dll] <Zenographics, Inc.><5, 60, 1204, 0>
[C:\WINDOWS\system32\ZTAG32.dll] <Zenographics, Inc.><5, 60, 1210, 0>
[C:\WINDOWS\system32\ZSPOOL.dll] <Zenographics, Inc.><5, 51, 709, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[PID: 1468][C:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1644][C:\Program Files\CNNIC\Cdn\cdnup.exe] <><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdnglo.dll] <><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] <N/A><N/A>
[PID: 1652][C:\Program Files\rising\Rfw\Rfw.exe] <Beijing Rising Technology Corporation Limited><2, 1, 0, 0>
[C:\Program Files\rising\Rfw\BmpFace.dll] <Beijing Rising Technology Corporation Limited><2, 1, 0, 0>
[C:\Program Files\rising\Rfw\rfw.dll] <Beijing Rising Technology Corporation Limited><2, 1, 0, 4>
[C:\Program Files\rising\Rfw\chn\rfw.lag] <Beijing Rising Technology Corporation Limited><2, 0, 0, 15>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 1668][C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe] <><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 1676][C:\WINDOWS\System32\ICO.EXE] <Primax Electronics Ltd.><1, 0, 0, 7>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 1716][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>

youyou游 - 2006-4-21 14:01:00

[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 1732][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[PID: 2032][C:\Program Files\Internet Explorer\syssmss.exe] <asdfasdf><asdfasdf>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[PID: 120][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5672>
[PID: 196][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 236][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 364][C:\Program Files\rising\Rav\RsAgent.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 460][C:\WINDOWS\msagent\AgentSvr.exe] <Microsoft Corporation><2.00.0.3422>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 1828][C:\Program Files\Tencent\TT\TTraveler.exe] <深圳市腾讯计算机系统有限公司><2, 0, 15, 200>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[C:\WINDOWS\System32\TAX_CSP.dll] <N/A><N/A>
[C:\WINDOWS\System32\TAX_InterFace.dll] <><1, 0, 0, 4>
[C:\WINDOWS\System32\TAX_Device.dll] <><1, 0, 0, 4>
[PID: 628][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\WINDOWS\Downloaded Program Files\SSjxm.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 70>
[E:\qq\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll] <CNNIC><1, 0, 0, 3>
[E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A>
[C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll] <CNNIC><1, 1, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 2960][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[PID: 3328][C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX10.297\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\Downloaded Program Files\Adhtro.dll] <Tencent><3, 0, 6, 60>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><1, 0, 1, 4>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\IDNCONV.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaconv.dll] <cnnic><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <><2, 0, 0, 0>
[C:\WINDOWS\System32\cdnns.dll] <N/A><N/A>

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

轩辕小聪 - 2006-4-21 14:18:00

O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
这项应该是灰鸽子，参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905

youyou游 - 2006-4-21 14:30:00

【回复“BlackStone”的帖子】还是不行,重起还是有这两个病毒

youyou游 - 2006-4-21 15:59:00

Logfile of HijackThis v1.99.1
Scan saved at 15:54:26, on 2006-4-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
E:\qq\QQ.exe
E:\qq\TIMPlatform.exe
C:\WINDOWS\REGEDIT.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O3 - Toolbar: QQ声色通(&Q) - {FC1DF328-F720-4FD3-98A4-2595A7356D7F} - C:\WINDOWS\System32\QQSST.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iebar22.0.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TaxKeyManager] C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯qq.lnk = E:\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--图片搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度--地图搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM
O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度--知道搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM
O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM
O8 - Extra context menu item: 百度--站内搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度--词典搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] 搜搜地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://80.16.19.11:8001/ctais2/wssb/ScriptX.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

请问023-service后面的服务项在注册表编辑器里都删吗?

瑞星卡卡安全论坛