谢谢类！ bbs.ikaka.com

梦里花开知多少 - 2006-5-6 9:56:00

Download.Trojan
位置：C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVTEMP\D068C01\

Trojan.phel
位置：C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KTYVOH2R\

Trojan.horse
位置：C:\WINDOWS\system\

Trojan.0urxin
位置：C:\WINDOWS\system32\msibm\

Bloodhound.Exploit.56

位置：C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I4WCV5FY\

就这几天病毒,大家看看 ,都是什么 !谢谢 ,急需高手救助 !

瑞星升级到最新的18.25.40查过没病毒！但是诺顿提示有！

IE打开后一直弹出wangyou.com这个网站及其它广告，用3721修复也不行！

我无邪 - 2006-5-6 10:40:00

先清空个人用户的TEMP文件夹
还有IE的临时文件夹
请下载使用 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
www.27814939.ys168.com

梦里花开只多少 - 2006-5-6 14:24:00

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pbmini><C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><C:\WINDOWS\system\vfp104.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QuickTime Task><"D:\照片\相机\qttask.exe" -atboottime>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<renewup><C:\Program Files\CNNIC\Cdn\cdnrenew.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mscfs><RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<zcom><C:\Program Files\zcom\zPlatform.exe MIN>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\网络程序\新建文件夹\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Power><rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f3\pnxpwf.dll,Start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

梦里花开只多少 - 2006-5-6 14:25:00

启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>
[IE-BAR]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-BAR.lnk><N>

==================================
服务
[DefWatch / DefWatch]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Rising Process Communication Center / RsCCenter]
<"D:\网络程序\新建文件夹\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\网络程序\新建文件夹\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Print Manager / SoSCAR]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[JsjZcpwi Class]
{1BC8707F-6E4F-C1AC-5FC3-0B5C89454E6E} <C:\WINDOWS\DOWNLO~1\rwbe.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\System32\stdup.dll, MStdup Co Ltd.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[MICROQIL2]
{832C0563-0820-4fef-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\网络程序\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, MACROMEDlA>
[]
{B9E914B5-6B61-401f-A49F-9E84E547D3DD} <C:\WINDOWS\system32\leftup.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CWebacc Class]
{FE29C92E-3840-42DA-9D6E-BDEF9215EA18} <C:\WINDOWS\system32\webacc.dll, TODO: <公司名>>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[实用搜索]
{15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, N/A>
[WKaraok Control]
{627FD3C0-03CD-43C2-A138-A842DAF42D3B} <C:\WINDOWS\DOWNLO~1\WKaraok.ocx, EE>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HBHelper.HBActivex]
{038318E8-0C2D-4DF5-A7AF-B4FB373F501E} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[实用搜索]
{15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, N/A>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[JsjZcpwi Class]
{1BC8707F-6E4F-C1AC-5FC3-0B5C89454E6E} <C:\WINDOWS\DOWNLO~1\rwbe.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll, >

梦里花开只多少 - 2006-5-6 14:25:00

[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WKaraok Control]
{627FD3C0-03CD-43C2-A138-A842DAF42D3B} <C:\WINDOWS\DOWNLO~1\WKaraok.ocx, EE>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\System32\stdup.dll, MStdup Co Ltd.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[MICROQIL2]
{832C0563-0820-4FEF-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\网络程序\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, MACROMEDlA>
[]
{B9E914B5-6B61-401F-A49F-9E84E547D3DD} <C:\WINDOWS\system32\leftup.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CWebacc Class]
{FE29C92E-3840-42DA-9D6E-BDEF9215EA18} <C:\WINDOWS\system32\webacc.dll, TODO: <公司名>>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!>
[&RSDN Search]
<res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm, N/A>
[&使用迅雷下载]
<D:\网络程序\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\网络程序\迅雷\Program\GetAllUrl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\网络程序\腾讯QQ\AddToNetDisk.htm, N/A>
[反向链接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
<D:\网络程序\腾讯QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\网络程序\腾讯QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
<D:\网络程序\腾讯QQ\SendMMS.htm, N/A>
[类似网页]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246, N/A>

梦里花开只多少 - 2006-5-6 14:27:00

正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NavLogon.dll] <N/A><N/A>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 740][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 868][D:\网络程序\新建文件夹\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 884][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 960][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1060][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][D:\网络程序\新建文件夹\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[D:\网络程序\新建文件夹\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\网络程序\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\网络程序\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\网络程序\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\网络程序\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\网络程序\新建文件夹\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\网络程序\新建文件夹\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[D:\网络程序\新建文件夹\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[D:\网络程序\新建文件夹\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\网络程序\新建文件夹\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\网络程序\新建文件夹\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\网络程序\新建文件夹\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[D:\网络程序\新建文件夹\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\网络程序\新建文件夹\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\网络程序\新建文件夹\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\网络程序\新建文件夹\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\网络程序\新建文件夹\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\网络程序\新建文件夹\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\网络程序\新建文件夹\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\网络程序\新建文件夹\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\网络程序\新建文件夹\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\网络程序\新建文件夹\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\网络程序\新建文件夹\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\网络程序\新建文件夹\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1384][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 1556][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] <Symantec Corporation><8.1.0.821>
[PID: 1652][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] <Symantec Corporation><8.1.0.821>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.105 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.105 E>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] <Symantec Corp.><4.2.0.7>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060503.018\NAVEX32a.DLL] <Symantec Corporation><20061.1.0.14>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060503.018\NAVENG32.DLL] <Symantec Corporation><20061.1.0.14>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.1.0.26>
[C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DecSDK.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ID.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2UUE.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2AMG.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ARJ.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2CAB.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2EXE.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2GZIP.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2HQX.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2LHA.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2LZ.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2MIME.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2SS.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2RTF.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2TAR.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2TNEF.dll] <Symantec Corporation><3.02.09.07>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Dec2ZIP.dll] <Symantec Corporation><3.02.09.07>

baohe - 2006-5-6 14:27:00

【回复“梦里花开只多少”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
什么呀，这是？

梦里花开只多少 - 2006-5-6 14:27:00

[PID: 2280][D:\网络程序\新建文件夹\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[D:\网络程序\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\网络程序\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 2360][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3552][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\DTSERV~1.DLL] <><1, 3, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\WINDOWS\System32\stdup.dll] <MStdup Co Ltd.><3, 2, 1, 6>
[C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 3>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 1, 4, 1044>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[D:\网络程序\迅雷\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><8.1.0.821>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034>
[C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <Yahoo!><2, 1, 7, 1047>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\WINDOWS\system32\webacc.dll] <TODO: <公司名>><1.0.0.1>
[PID: 3712][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><8.1.0.821>
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] <Symantec/Peter Norton Group><1, 0, 0, 1>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 3748][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.30>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[PID: 3756][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] < ><2, 0, 0, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 1, 4, 1044>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <><1, 0, 0, 5>
[PID: 3764][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe] <Yahoo!><1, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll] <Yahoo><1, 0, 1, 1006>
[C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll] <Yahoo><1, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll] <Yahoo><1, 0, 0, 2>
[PID: 3784][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[PID: 3792][C:\PROGRA~1\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1005>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\baigoo\bgooex.dll] <><1, 0, 0, 1005>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 3804][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[PID: 3864][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\HBClient\hbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[PID: 3872][C:\WINDOWS\webacc.exe] <N/A><N/A>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[D:\网络程序\新建文件夹\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0>
[PID: 3976][D:\网络程序\新建文件夹\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\网络程序\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\网络程序\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\网络程序\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\网络程序\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[PID: 4012][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>

梦里花开只多少 - 2006-5-6 14:28:00

[PID: 420][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\Program Files\racer-henan-cnc\pthreadVC.dll] <N/A><N/A>
[C:\Program Files\racer-henan-cnc\packet.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1944][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Progra~1\IE-BAR\Cast\dmipn.dll] <千橡互联><2, 1, 5, 0>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\Progra~1\IE-BAR\Cast\dmshell.dll] <千橡互联><2, 1, 5, 0>
[C:\Progra~1\IE-BAR\Cast\215~1.0\dmplayer.dll] <千橡互联><2, 1, 5, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 3140][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[PID: 3948][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 1, 1000>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 1, 4, 1044>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll] <Yahoo!><2, 1, 7, 1047>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 2, 1034>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] <Yahoo><1, 0, 1, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] <Yahoo><1, 0, 2, 1003>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] <><1, 1, 2, 1004>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] <Yahoo><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll] <Yahoo! China><1, 0, 1, 1015>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.1.2003110300>
[C:\Program Files\CoolWebsite\QuickLink.dll] <Fengcent><1, 0, 0, 2>
[C:\WINDOWS\DOWNLO~1\rwbe.dll] <N/A><N/A>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <Yahoo.><1, 0, 2, 1002>
[C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll] <CNNIC><1, 0, 0, 9>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[C:\PROGRA~1\MMSASS~1\Mmsass~1.dll] <><1, 2, 0, 3>
[C:\WINDOWS\System32\stdup.dll] <MStdup Co Ltd.><3, 2, 1, 6>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\RAdminl.dll] <RAdminl><1, 0, 0, 0>
[D:\网络程序\迅雷\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[C:\PROGRA~1\HBClient\hbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[C:\WINDOWS\system32\microapmddt.dll] <MACROMEDlA><1, 2, 0, 0>
[C:\WINDOWS\system32\leftup.dll] <N/A><N/A>
[C:\WINDOWS\system32\Inte32.dll] <N/A><N/A>
[C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll] <CNNIC><1, 1, 0, 0>
[C:\WINDOWS\system32\webacc.dll] <TODO: <公司名>><1.0.0.1>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1005>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1006>
[D:\网络程序\新建文件夹\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Yahoo!\Assistant\Assist\yeheocx.dll] <><9, 0, 1, 1010>
[c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll] < ><1, 0, 2, 1001>
[C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll] <Yahoo><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll] <Yahoo><1, 0, 1, 1001>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll] <Yahoo><1, 0, 6, 1319>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll] <3721.com><2, 1, 1, 87>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yXPStyle.dll] <Yahoo><1, 0, 2, 1309>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[D:\网络程序\迅雷\ComDlls\ThunderAgent_001.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 8>

梦里花开只多少 - 2006-5-6 14:29:00

引用:

【我无邪的贴子】先清空个人用户的TEMP文件夹
还有IE的临时文件夹
请下载使用 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
www.27814939.ys168.com
...........................

那些是上午那位大哥叫我下的System Repair Engineer日志报告啊！

梦里花开只多少 - 2006-5-6 14:30:00

[PID: 460][D:\网络程序\腾讯QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\网络程序\腾讯QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[D:\网络程序\腾讯QQ\RICHED20.dll] <N/A><9, 0, 0, 1>
[D:\网络程序\腾讯QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\网络程序\腾讯QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\网络程序\腾讯QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\网络程序\腾讯QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\QQMainFrame.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[D:\网络程序\腾讯QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\QRingMng.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\网络程序\腾讯QQ\LongConnection.dll] <tencent><0, 3, 3, 8>
[D:\网络程序\腾讯QQ\QQAvatar.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\网络程序\腾讯QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\BQQApplication.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\QQPlugin.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[D:\网络程序\腾讯QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\网络程序\腾讯QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\网络程序\腾讯QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\网络程序\腾讯QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[D:\网络程序\腾讯QQ\QQSceneMng.dll] <N/A><N/A>
[D:\网络程序\腾讯QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 2, 21>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1476][D:\网络程序\腾讯QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[D:\网络程序\腾讯QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3240][D:\网络程序\新建文件夹 (2)\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1005>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 0, 1013>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

梦里花开只多少 - 2006-5-6 14:30:00

这么多我全发完了！谢谢你了！

baohe - 2006-5-6 14:30:00

【回复“梦里花开只多少”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
我是说——这两个启动加载项不正常。

轩辕小聪 - 2006-5-6 14:33:00

引用:

【baohe的贴子】【回复“梦里花开只多少”的帖子】
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
我是说——这两个启动加载项不正常。
...........................

以前见过几次，经常和下面这个软件一起出现，怀疑是它捆绑的流氓软件。
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pbmini><C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe>

梦里花开只多少 - 2006-5-6 14:33:00

那咋办，我是个菜鸟我也看不懂，我机器启动进入页面后C盘有2个什么模块找不到了！

轩辕小聪 - 2006-5-6 15:08:00

用System Repair Engineer在“启动项”-“注册表”中删除以下项目：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pbmini><C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><C:\WINDOWS\system\vfp104.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mscfs><RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<91cast><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<webacc><C:\WINDOWS\webacc.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<zcom><C:\Program Files\zcom\zPlatform.exe MIN>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Power><rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f3\pnxpwf.dll,Start>

在“启动项”-“服务”中禁用以下项目：
[Print Manager / SoSCAR]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

在“系统修复”-“浏览器加载项”中删除以下项目（可能会有重复的）：
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[JsjZcpwi Class]
{1BC8707F-6E4F-C1AC-5FC3-0B5C89454E6E} <C:\WINDOWS\DOWNLO~1\rwbe.dll, N/A>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\System32\stdup.dll, MStdup Co Ltd.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[MICROQIL2]
{832C0563-0820-4fef-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, MACROMEDlA>
[]
{B9E914B5-6B61-401f-A49F-9E84E547D3DD} <C:\WINDOWS\system32\leftup.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[CWebacc Class]
{FE29C92E-3840-42DA-9D6E-BDEF9215EA18} <C:\WINDOWS\system32\webacc.dll, TODO: <公司名>>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[实用搜索]
{15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, N/A>
[WKaraok Control]
{627FD3C0-03CD-43C2-A138-A842DAF42D3B} <C:\WINDOWS\DOWNLO~1\WKaraok.ocx, EE>
[HBHelper.HBActivex]
{038318E8-0C2D-4DF5-A7AF-B4FB373F501E} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[实用搜索]
{15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, N/A>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[JsjZcpwi Class]
{1BC8707F-6E4F-C1AC-5FC3-0B5C89454E6E} <C:\WINDOWS\DOWNLO~1\rwbe.dll, N/A>
[WKaraok Control]
{627FD3C0-03CD-43C2-A138-A842DAF42D3B} <C:\WINDOWS\DOWNLO~1\WKaraok.ocx, EE>
[MMSAssist BHO]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\System32\stdup.dll, MStdup Co Ltd.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[MICROQIL2]
{832C0563-0820-4FEF-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[]
{B9E914B5-6B61-401F-A49F-9E84E547D3DD} <C:\WINDOWS\system32\leftup.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[CWebacc Class]
{FE29C92E-3840-42DA-9D6E-BDEF9215EA18} <C:\WINDOWS\system32\webacc.dll, TODO: <公司名>>
[&RSDN Search]
<res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>

卸载（如果有卸载程序的话）：
C:\Program Files\pcast\
C:\PROGRA~1\baigoo\
C:\WINDOWS\system32\msibm\
C:\Program Files\zcom\
C:\PROGRA~1\HBClient\
C:\Program Files\CoolWebsite\
C:\PROGRA~1\MMSASS~1\
C:\Program Files\ScanToolbar\

开始－－运行
输入regedit
确定　
进入注册表
展开“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall”，在Uninstall文件夹下删除“NavAngel”和“WinDirected 2.0（或WD2）”这两个文件夹
展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
删除SoSCAR项目

重启后删除（如果有的话）：
C:\Program Files\pcast\
C:\PROGRA~1\baigoo\
C:\WINDOWS\system32\msibm\
C:\Program Files\zcom\
C:\PROGRA~1\HBClient\
C:\Program Files\CoolWebsite\
C:\PROGRA~1\MMSASS~1\
C:\Program Files\ScanToolbar\
C:\WINDOWS\system32\msicn\
C:\WINDOWS\system32\mscache\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\1116\
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\webacc.exe
C:\WINDOWS\system\vfp104.exe
C:\WINDOWS\system32\DTSERV~1.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f3\pnxpwf.dll
C:\WINDOWS\DOWNLO~1\rwbe.dll
C:\WINDOWS\System32\stdup.dll
C:\WINDOWS\system32\RAdminl.dll
C:\WINDOWS\system32\WinSC32.dll
C:\WINDOWS\system32\microapmddt.dll
C:\WINDOWS\system32\leftup.dll
C:\WINDOWS\system32\Inte32.dll
C:\WINDOWS\system32\webacc.dll
C:\WINDOWS\DOWNLO~1\WKaraok.ocx
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

轩辕小聪 - 2006-5-6 15:11:00

【提示】
若正常模式下无法解决
建议进入安全模式下操作

【小常识】
若文件找不到或无法删除文件
建议进入安全模式下删除
打开我的电脑
在工具栏中点击－－工具－－文件夹选项－－查看
勾选“显示所有文件及文件夹”
同时把“隐藏受保护的操作系统文件（推荐）”前的勾去掉
然后再进行查找一下

或利用KILLBOX来删除
KILLBOX下载：
http://forum.ikaka.com/topic.asp?board=28&artid=6979213

或利用费尔木马强力清除助手来删除
费尔木马强力清除助手使用参考：
http://www.xfilt.com/tech/trojan-horse.htm

轩辕小聪 - 2006-5-6 15:14:00

以上的全都是流氓软件和广告插件（其中有一些有木马和间谍软件的行为）。把所有的项目列出来几乎用了我二十多分钟的时间。楼主真的应该检讨一下，冰冻三尺非一日之寒，怎么会积累了这么多杂七杂八的东西？

梦里花开只多少 - 2006-5-6 17:07:00

不好意思啊！我也不知道！我大菜鸟！家里电脑玩的人太多！

轩辕小聪 - 2006-5-6 17:12:00

晕倒，发现要删的文件漏了一个，已经补上，再去看一下（最后一个）。

我无邪 - 2006-5-6 19:06:00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mscfs><RUNDLL32 \cfsys.dll,cfs>
这一项只是删除是死不了的。
你可以直接到C:\WINDOWS\system32\msibm里，那里有它的卸载项，一卸就搞定了。

梦里花开只多少 - 2006-5-7 14:08:00

非常感谢，谢谢！2位的帮忙！

瑞星卡卡安全论坛