瑞星卡卡安全论坛

瑞星能发现trojan.psw.lineage.wv病毒并且杀掉,但是系统重启后病毒又会出现,提示发现病毒的文件名是dllz.dll,哪位高手知道是怎么回事?

楼主请到http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis
下载后运行HijackThis.rar,再运行HijackThis.exe
单机＂扫描日志并保存日志＂
把保存的日志复制粘贴上来．

Logfile of HijackThis v1.99.1
Scan saved at 10:31:07, on 2006-08-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Permeo\Security Driver\nbproxy.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ossvc.exe
C:\WINDOWS\system32\SCHAS.EXE
C:\WINDOWS\system32\ieaus.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\HideFolder\HideFolder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\down\HijackThis加载项.exe

R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 59.36.96.156 www.wg581.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cpap.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: XBTP05119 - {B6E5299F-7521-4433-A563-5B3236E95E72} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Bysoo Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [HideFolder] C:\WINDOWS\system32\HideFolder\HideFolder.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [_rx] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HideFolder] C:\WINDOWS\system32\HideFolder\HideFolder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Program Files\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用看天下订阅此RSS频道地址 - C:\Program Files\urPos\Reader\addlink.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Program Files\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Bysoo Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O9 - Extra 'Tools' menuitem: Bysoo Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\security driver\s5spi.dll
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://ftp.116.com.cn/p2ptest/SynaLiveSetup.exe
O16 - DPF: {2DCEAEFB-ABD9-490F-894B-E7A99103CD06} (Echat2 Class) - http://chat.a8.com/cab/A8KSong.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142920511886
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {8CF01FD9-23BC-42DC-B371-8DD53EFF53C7} (Accompany Class) - http://www.a8.com/hfq/recorder/A8Record.CAB
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c15.cab
O16 - DPF: {A8497454-CB7D-4877-A633-3932BF776A6A} (Webinstall Control) - http://211.214.161.198/downloads/one/one007/OneSetup.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://202.99.232.33/cabs/swflash.cab
O16 - DPF: {D39A7678-3647-45FA-8E7B-727E9984BAC7} - http://dl.bysoo.com/bysooTBV10/bysoo.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c15.cab?a0dbba5079a7604e4c93f4ab8f2582a5854f3a49c786c57500b463da4ed0c12aeffcd5d5e34f57ce9695b84fb9dfe7e7348cac9fd26416455c00170142:f5bc481adedbecd5174fbce3a1105f83
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {F553811C-C2CE-4A33-90B4-A6D333FDF794} (DreamSetup Control) - http://58.18.51.251/ddvod/user/help/player/DreamPlayer/DreamSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bmagri.gov.cn
O17 - HKLM\Software\..\Telephony: DomainName = bmagri.gov.cn
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bmagri.gov.cn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bmagri.gov.cn
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Driver NetBT Proxy (nbproxy) - Permeo Technologies, Inc. - C:\Program Files\Permeo\Security Driver\nbproxy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Open Search Keyword Services (ossvc) - Brainnames - C:\WINDOWS\system32\ossvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Brainnames - C:\WINDOWS\system32\ieaus.exe

请高手分析一下,谢谢!

请高手分析一下,谢谢!

【回复“星际幻想”的帖子】


O1 - Hosts: 59.36.96.156 www.wg581.com
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:\WINDOWS\system32\cpap.dll
O2 - BHO: XBTP05119 - {B6E5299F-7521-4433-A563-5B3236E95E72} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O3 - Toolbar: Bysoo Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
O4 - HKLM\..\Run: [_rx] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [HideFolder] C:\WINDOWS\system32\HideFolder\HideFolder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://ftp.116.com.cn/p2ptest/SynaLiveSetup.exe
O16 - DPF: {2DCEAEFB-ABD9-490F-894B-E7A99103CD06} (Echat2 Class) - http://chat.a8.com/cab/A8KSong.CAB
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {8CF01FD9-23BC-42DC-B371-8DD53EFF53C7} (Accompany Class) - http://www.a8.com/hfq/recorder/A8Record.CAB
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c15.cab
O16 - DPF: {A8497454-CB7D-4877-A633-3932BF776A6A} (Webinstall Control) - http://211.214.161.198/downloads/one/one007/OneSetup.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://202.99.232.33/cabs/swflash.cab
O16 - DPF: {D39A7678-3647-45FA-8E7B-727E9984BAC7} - http://dl.bysoo.com/bysooTBV10/bysoo.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c15.cab?a0dbba5079a7604e4c93f4ab8f2582a5854f3a49c786c57500b463da4ed0c12aeffcd5d5e34f57ce9695b84fb9dfe7e7348cac9fd26416455c00170142:f5bc481adedbecd5174fbce3a1105f83
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {F553811C-C2CE-4A33-90B4-A6D333FDF794} (DreamSetup Control) - http://58.18.51.251/ddvod/user/help/player/DreamPlayer/DreamSetup.cab
O23 - Service: Open Search Keyword Services (ossvc) - Brainnames - C:\WINDOWS\system32\ossvc.exe
O23 - Service: Ineterner Explorer Add Update Services (updatecheck) - Brainnames - C:\WINDOWS\system32\ieaus.exe
用HijackThis修复以上各项。
重启系统。显示隐藏文件。
删除：
C:\WINDOWS\system32\ossvc.exe
C:\WINDOWS\system32\SCHAS.EXE
C:\WINDOWS\system32\ieaus.exe
C:\WINDOWS\system32\cpap.dll
C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
C:\WINDOWS\DOWNLO~1\tbu1F\bysoo.dll
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\HideFolder\HideFolder.exe

用LSPFix修复O10项。

关闭系统还原，再在安全模式下杀

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\Rav.exe
D:\TT\TTraveler.exe
C:\Documents and Settings\comity\桌面\Hijackthis1991zww\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 61.129.75.124 mir.100888290cs.com
O1 - Hosts: 61.129.75.124 woool.100888290cs.com
O1 - Hosts: 61.129.75.124 www.mir5173.com
O1 - Hosts: 61.129.75.124 ert0003.e76.163ns.com
O1 - Hosts: 222.73.4.246 www.chenshijituan.com
O1 - Hosts: 59.36.96.132 qq.etsoft.com.cn
O1 - Hosts: 61.129.75.124 www.wg581.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\KuGoo2\KuGoo3DownXControl.ocx
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - E:\KuGoo2\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\游戏\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的按钮: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: 易趣购物 - {DE607141-AC19-421e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607141-AC19-421e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://pointtear.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\WinKld\WinKld.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe


请高手帮忙看下