不断蹦出IE窗口，自动打开网页 bbs.ikaka.com

sunny10 - 2006-8-2 17:53:00

瑞星扫描记录

病毒名称处理结果发现日期扫描方式路径文件病毒来源
Trojan.DL.Inject.pc删除成功2006-08-01 16:53手动扫描C:\Documents and Settings\Default User\Local Settings\Tempszmin.exe本机
Trojan.DL.Inject.pc删除成功2006-08-01 16:53手动扫描C:\Documents and Settings\All Users\Application Data\Microsoft\Cryptoihnj.exe本机
Trojan.DL.Diyer.a删除成功2006-08-01 16:53手动扫描C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\IEHelpercaishow.exe>>tool.exe本机
Trojan.Agent.cgb删除成功2006-08-01 16:57手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\TempSkymmstp050.exe本机
Trojan.Agent.cgb删除成功2006-08-01 16:58手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\KUWUGCHVSkymmstp050[1].exe本机
Trojan.DL.Delf.cbr删除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\S9QN45INsefInstall050[1].txt>>Setup_L0029.exe>>Unpack本机
Trojan.DL.Agent.jpe删除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\S9QN45INsefInstall050[1].txt>>AutoDownTool.exe本机
Trojan.DL.Diyer.a删除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\S9QN45INsefInstall050[1].txt>>caishow.exe>>tool.exe本机
Dropper.Misc.an删除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\S9QN45INsefInstall050[1].txt>>WIS293.exe本机
Hack.Exploit.JS.Phel.gen清除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\4TA3S9YFwinnt[1].htm本机
Hack.Exploit.JS.Phel.gen清除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\4TA3S9YFwinnt[1].htm本机
Exploit.HTML.Mht删除成功2006-08-01 17:00手动扫描C:\Documents and Settings\Administrator.TJX-002\Local Settings\Temporary Internet Files\Content.IE5\4TA3S9YFicyfox[1].htm本机
Trojan.DL.Inject.pc删除成功2006-08-01 17:04手动扫描C:\Program Files\Common Files\Systemiabdklc.dat本机
Trojan.DL.QQHelper.gen删除成功2006-08-01 17:05手动扫描C:\Program Files\Common Files\UPDATEupdate.exe本机
Trojan.Clicker.Qhost.i删除成功2006-08-01 17:22手动扫描C:\WINNT\system32WinSC.dll本机
Trojan.DL.Agent.kij删除成功2006-08-01 17:22手动扫描C:\WINNT\system32\1116\tqppmtwtqppmtw.fyf本机
Trojan.DL.Agent.kij删除成功2006-08-01 17:22手动扫描C:\WINNT\system32\spoolsvspoolsv.exe本机
Trojan.Clicker.Agent.aco重新启动计算机后删除文件2006-08-01 17:24手动扫描C:\WINNTODBINT.dll本机
Trojan.DL.Inject.pc删除成功2006-08-03 08:54手动扫描C:\Documents and Settings\All Users\Application Data\Microsoft\Cryptoihnj.exe本机
Trojan.DL.Inject.pc删除成功2006-08-03 08:57手动扫描C:\Program Files\Common Files\Systemiabdklc.dat本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:32手动扫描G:\11111wangxin.rar>>阿里巴巴繁体版\阿里巴巴繁体版\100w\1.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:32手动扫描G:\11111wangxin.rar>>阿里巴巴繁体版\阿里巴巴繁体版\100w\dbm6.asp本机
Backdoor.ASP.Mini.a清除成功2006-08-03 09:32手动扫描G:\11111wangxin.rar>>阿里巴巴繁体版\阿里巴巴繁体版\help\images\shownew.gif本机
Backdoor.ASP.Mini.a清除成功2006-08-03 09:32手动扫描G:\11111wangxin.rar>>阿里巴巴繁体版\阿里巴巴繁体版\help1\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:32手动扫描G:\11111wangxin.rar>>阿里巴巴繁体版\阿里巴巴繁体版\info\help1.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:33手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\login\mulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:33手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\info1\newup.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:33手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\info\help1.asp本机
Backdoor.ASP.Mini.a清除成功2006-08-03 09:34手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\help1\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:34手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\help\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:34手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\100w\dbm6.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:35手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\login\mulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:35手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\info1\newup.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:35手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\info\help1.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:35手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\help1\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:35手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\help\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴简体SQL版\albb\albb.rar>>albb\100w\dbm6.asp本机
Backdoor.ASP.Ace.ua删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\admin\wood.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\login\mulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\info1\newup.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\info\help1.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\help1\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\help\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\100w\1.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:36手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\100w\dbm6.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL1.rar>>info\help1.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL1.rar>>info1\newup.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL1.rar>>login\mulu.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL1.rar>>help\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL1.rar>>help1\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL2.rar>>100w\1.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL2.rar>>100w\dbm6.asp本机
Backdoor.ASP.Ace.ua删除成功2006-08-03 09:37手动扫描G:\11111wangxin.rar>>阿里巴巴英文版SQL\阿里巴巴英文版SQL\阿里巴巴英文版SQL2.rar>>admin\wood.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:42手动扫描G:\11111\阿里巴巴繁体版\阿里巴巴繁体版\help\imagesshownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:42手动扫描G:\11111\阿里巴巴繁体版\阿里巴巴繁体版\help1\imagesshownew.gif本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:43手动扫描G:\11111\阿里巴巴简体SQL版\albb\loginmulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:43手动扫描G:\11111\阿里巴巴简体SQL版\albb\info1newup.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:43手动扫描G:\11111\阿里巴巴简体SQL版\albb\help1\imagesshownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:43手动扫描G:\11111\阿里巴巴简体SQL版\albb\help\imagesshownew.gif本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\login\mulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\info1\newup.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\info\help1.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\help1\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\help\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:44手动扫描G:\11111\阿里巴巴简体SQL版\albbalbb.rar>>albb\100w\dbm6.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL\loginmulu.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL\info1newup.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL\help1\imagesshownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL\help\imagesshownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL1.rar>>info\help1.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL1.rar>>info1\newup.asp本机
Backdoor.ASP.Ace.tk删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL1.rar>>login\mulu.asp本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL1.rar>>help\images\shownew.gif本机
Backdoor.ASP.Mini.a删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL1.rar>>help1\images\shownew.gif本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL2.rar>>100w\1.asp本机
Backdoor.ASP.Rootkit.c删除成功2006-08-03 09:45手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL2.rar>>100w\dbm6.asp本机
Backdoor.ASP.Ace.ua删除成功2006-08-03 09:46手动扫描G:\11111\阿里巴巴英文版SQL\阿里巴巴英文版SQL阿里巴巴英文版SQL2.rar>>admin\wood.asp本机

一个普通人 - 2006-8-2 21:36:00

应该是注册表被更改了

sunny10 - 2006-8-3 8:21:00

那怎么改回来

mopery - 2006-8-3 8:24:00

G:\11111wangxin.rar>>阿里巴巴简体SQL版
G:\11111\阿里巴巴英文版SQL

这俩个删掉..吖跟不是什么好东西..

http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志

sunny10 - 2006-8-3 8:40:00

2006-08-03,08:21:44

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
<CashFiesta><D:\11\Cashfiesta.exe> []
<LetsCool><C:\Program Files\LetsCool\LetsCool.exe> []
<WDSHOOK><C:\WINNT\XXXStarter.exe> []
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> []
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation]
<\\Tjx-004\EPSON Stylus CX3500 Series><C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P36 "\\Tjx-004\EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"> []
<SSC Service Utility><C:\Program Files\SSC Service Utility\ssc_serv.exe /s> []
<Easy-PrintToolBox><C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [CANON INC.]
<gemstrmw><C:\WINNT\system32\gemstrmw.exe /r> [Gemplus]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<IESAddr><> []
<AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1> []
<EPSON Stylus CX3500 Series><C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O5 "LPT1:" /M "Stylus CX3500"> [SEIKO EPSON CORPORATION]
<Server><"d:\Program Files\DCI BlackBox Server\BlackBox Server V1.3\Server.exe"> []
<MSService_v1.0><C:\WINNT\system\realsched.exe> []
<WDSHOOK><C:\WINNT\XXXStarter.exe> []
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<spoolsv><C:\WINNT\system32\spoolsv\spoolsv.exe -printer> []
<bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo]
<Update><C:\WINNT\Temp\iequery.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,C:\WINNT\system32\cmmon.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

sunny10 - 2006-8-3 8:40:00

==================================
启动文件夹
服务
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Query Class]
{01C2F1E8-5C69-4B5C-B052-26941B6C23A6} <C:\WINNT\system32\iequery.dll, Microsoft Corporation>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[Shockwave Flash Object]
{14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <C:\WINNT\system32\smflash.ocx, Macromedia, Inc.>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll, Microsoft Corporation>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINNT\system32\wuwebex.dll, Microsoft Corporation>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINNT\system32\WinSC32.dll, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINNT\ODBINT.dll, N/A>
[IEHlprObj Class]
{D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\conf.dll, Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINNT\system32\CoolBho.dll, LETSCOOL Network Technology>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[脱兔下载]
{D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} <C:\update\TuoTu.exe, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[5chaa]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E4} <http://www.5chaa.com, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, N/A>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, SEIKO EPSON CORPORATION>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\PROGRA~1\PHOTO_~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[使用脱兔下载]
<C:\update\TT_one.htm, N/A>
[使用脱兔下载全部链接]
<C:\update\TT_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[用炫彩图铃发送该图片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[百度-搜索MP3]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>

sunny10 - 2006-8-3 8:42:00

==================================
正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 208][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 232][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6997>
[PID: 260][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.7035>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 272][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.7011>
[PID: 372][C:\WINNT\System32\termsrv.exe] <Microsoft Corporation><5.00.2195.6696>
[PID: 492][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 520][d:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 536][d:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[d:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[d:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[d:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[d:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[d:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[d:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
[d:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[d:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[d:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[d:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[d:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[d:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 576][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.7059>
[C:\WINNT\system32\CNMLM78.DLL] <CANON INC.><1.90.2.61>
[C:\WINNT\system32\E_FLM9BP.DLL] <SEIKO EPSON CORPORATION><5, 1, 0, 0>
[C:\WINNT\system32\spool\PRTPROCS\W32X86\CNMPD78.DLL] <CANON INC.><1.90.2.61>
[PID: 608][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[c:\winnt\system32\tasklist.dll] <N/A><N/A>
[PID: 620][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 632][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><2.2.0.577>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><2.2.0.577>
[PID: 648][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 708][d:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 784][C:\WINNT\System32\llssrv.exe] <Microsoft Corporation><5.00.2195.7021>
[PID: 864][d:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.0194.00>
[PID: 900][C:\WINNT\system32\WINDOW~1\Server\nspmon.exe] <Microsoft Corporation><4.1.00.3934>
[PID: 948][C:\WINNT\system32\WINDOW~1\Server\nscm.exe] <Microsoft Corporation><4.1.00.3934>
[PID: 1008][C:\WINNT\system32\nvsvc32.exe] <NVIDIA Corporation><6.13.10.4103>
[PID: 1060][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 1064][C:\WINNT\system32\RsFsa.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1108][C:\WINNT\system32\RsSub.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1172][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1184][C:\WINNT\System32\SCardSvr.exe] <Microsoft Corporation><5.00.2195.6609>
[PID: 1204][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6972>
[PID: 1252][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656>
[PID: 1344][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1380][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 1396][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1408][C:\WINNT\system32\faxsvc.exe] <Microsoft Corporation><5.00.2195.6612>
[PID: 1212][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[PID: 1444][C:\WINNT\system32\msdtc.exe] <Microsoft Corporation><1999.9.3421.3>
[PID: 1564][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] <Microsoft Corporation><9.107.5512.0>
[PID: 1724][C:\WINNT\system32\WINDOW~1\Server\nspm.exe] <Microsoft Corporation><4.1.00.3917>

sunny10 - 2006-8-3 8:45:00

[PID: 1724][C:\WINNT\system32\WINDOW~1\Server\nspm.exe] <Microsoft Corporation><4.1.00.3917>
[C:\WINNT\system32\tssoft32.acm] <DSP GROUP, INC.><1.01>
[C:\WINNT\system32\tsd32.dll] <N/A><N/A>
[C:\WINNT\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINNT\system32\iac25_32.ax] <Intel Corporation><2.05.53>
[PID: 1800][C:\WINNT\system32\WINDOW~1\Server\nsum.exe] <Microsoft Corporation><4.1.00.3930>
[PID: 2104][C:\WINNT\system32\Dfssvc.exe] <Microsoft Corporation><5.00.2195.6664>
[PID: 2396][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\XXXHook.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINNT\system32\smflash.ocx] <Macromedia, Inc.><9.0.25.0>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\WinSC32.dll] <N/A><N/A>
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] <SEIKO EPSON CORPORATION><1, 0, 0, 0>
[PID: 2288][C:\WINNT\system32\mdm.exe] <Microsoft Corporation><6.00.8424>
[PID: 2152][C:\WINNT\system32\RUNDLL32.EXE] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\system32\NvMcTray.dll] <NVIDIA Corporation><6.13.10.4103>
[PID: 2100][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><2.2.0.577>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><2.2.0.577>
[C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL] <Symantec Corporation><2.0.39.0>
[C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL] <Symantec Corporation><2.0.39.0>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><2.2.0.577>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 2132][C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE] <SEIKO EPSON CORPORATION><3.00>
[PID: 2144][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3510>
[PID: 2432][C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE] <SEIKO EPSON CORPORATION><3.00>
[PID: 2420][C:\WINNT\system\realsched.exe] <N/A><N/A>
[PID: 764][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 2464][D:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 2500][C:\PROGRA~1\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\bgooex.dll] <><1, 0, 0, 1007>
[PID: 2520][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>

sunny10 - 2006-8-3 8:49:00

[PID: 2680][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><0, 3, 3, 8>
[D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\Program Files\Tencent\QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 5, 50>
[PID: 2540][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2352][C:\TDdownload\jinyongv2.0.exe] <N/A><N/A>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[C:\WINNT\system32\sctongjio.dll] <www.seecha.com><1, 0, 1, 3>
[C:\WINNT\system32\RealMediaSplitter.ax] <Gabest><1, 0, 1, 1>

sunny10 - 2006-8-3 8:54:00

[PID: 1700][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINNT\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\WINNT\system32\smflash.ocx] <Macromedia, Inc.><9.0.25.0>
[C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\WinSC32.dll] <N/A><N/A>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] <SEIKO EPSON CORPORATION><1, 0, 0, 0>
[C:\WINNT\system32\CoolBho.dll] <LETSCOOL Network Technology><1, 3, 0, 1>
[C:\WINNT\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINNT\system32\SUNWB_86.IME] <MS & HW><4.00.950>
[PID: 2672][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINNT\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINNT\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\WINNT\system32\smflash.ocx] <Macromedia, Inc.><9.0.25.0>
[C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll] <TODO: <公司名>><1.0.0.1>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\WinSC32.dll] <N/A><N/A>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll] <SEIKO EPSON CORPORATION><1, 0, 0, 0>
[C:\WINNT\system32\CoolBho.dll] <LETSCOOL Network Technology><1, 3, 0, 1>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll] <BAIGOO><1.0.0.1007>
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2832][C:\Documents and Settings\Administrator.TJX-002\桌面\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>

sunny10 - 2006-8-3 8:54:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

sunny10 - 2006-8-3 8:55:00

【回复“mopery”的帖子】终于搞完了，帮忙看看吧，谢谢！！

mopery - 2006-8-3 9:41:00

打开SRE 启动项目注册表删除
<CashFiesta><D:\11\Cashfiesta.exe> []
<WDSHOOK><C:\WINNT\XXXStarter.exe> []
<MSService_v1.0><C:\WINNT\system\realsched.exe> []
<Update><C:\WINNT\Temp\iequery.exe> []
删除
D:\11\Cashfiesta.exe
C:\WINNT\XXXStarter.exe
C:\WINNT\system\realsched.exe
C:\WINNT\Temp\iequery.exe

<Userinit><C:\WINNT\system32\userinit.exe,C:\WINNT\system32\cmmon.exe> []
编辑Userinit 把值改成 C:\WINNT\system32\userinit.exe, 重启..删除
C:\WINNT\system32\cmmon.exe

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)

处理完..
http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

sunny10 - 2006-8-3 9:48:00

呵呵，先谢谢，

sunny10 - 2006-8-3 10:32:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 10:14:13, 日期 2006-8-3
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
d:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\RsSub.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\faxsvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\msdtc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mdm.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
D:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe
C:\Documents and Settings\Administrator.TJX-002\桌面\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\cmmon.exe
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINNT\system32\smflash.ocx
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: (no name) - {102293E4-758B-4483-946B-714EBCEC91B8} - (no file)
O3 - IE工具栏增项: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [\\Tjx-004\EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P36 "\\Tjx-004\EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - 启动项HKLM\\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - 启动项HKLM\\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - 启动项HKLM\\Run: [gemstrmw] C:\WINNT\system32\gemstrmw.exe /r
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - 启动项HKLM\\Run: [EPSON Stylus CX3500 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O5 "LPT1:" /M "Stylus CX3500"
O4 - 启动项HKLM\\Run: [Server] "d:\Program Files\DCI BlackBox Server\BlackBox Server V1.3\Server.exe"
O4 - 启动项HKLM\\Run: [WDSHOOK] C:\WINNT\XXXStarter.exe
O4 - 启动项HKLM\\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe
O4 - HKCU\..\Run: [WDSHOOK] C:\WINNT\XXXStarter.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 使用脱兔下载 - C:\update\TT_one.htm
O8 - IE右键菜单中的新增项目: 使用脱兔下载全部链接 - C:\update\TT_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\update\TuoTu.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\update\TuoTu.exe (file missing)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: 5chaa - {D6E814A0-E0C5-11d4-8D29-0050BA6940E4} - http://www.5chaa.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 5chaa - {D6E814A0-E0C5-11d4-8D29-0050BA6940E4} - http://www.5chaa.com (file missing)
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73EFE8E4-4CE3-442A-A98F-A2346198888A}: NameServer = 202.96.209.133,202.96.209.6
O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

瑞星卡卡安全论坛