高手来帮帮我啊~~ bbs.ikaka.com

xf86151 - 2006-8-12 21:54:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<internat.exe><internat.exe> [Microsoft Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<mscfs><> []
<RfwMain><"F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavAV><C:\WINDOWS\RavMon.exe> []
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Skwl4ef9sasdS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Skwl4ef9sasdS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KernelFaultCheck><C:\WINDOWS\System32\msime.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> []
<Userinit><userinit.exe,> [Microsoft Corporation]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{F3F54390-D513-4D99-A5DA-476EA9DC6022}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []
<{F084FD46-EB63-4CC0-B814-99C16EE76BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\system\a70d3070.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Adobe Photo Downloader><; "D:\题库\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
<assistse><; > []
<CdnCtr><; > []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DTService><; rundll32.exe C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load> []
<ExFilter><; Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"> []
<FORTRESS><; > []
<hbpassport><; > []
<iparmor><; > []
<k3log><; > []
<KvMonXP><; > []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; ?矹?詾矵?軁矵?????> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<mscfs><; RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.DLL,cfs> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; > []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RavMon><; > []
<RavTimer><; > []
<RealTray><; > []
<res><; > []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Run><; ?矹?詾矵?軁矵?????> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SDO2005><; > []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SearchNet_Up><; > []
<SkyDune><; C:\Program Files\NetSecurity\NetSecurity.exe -Poweron> []
<SKYNET Personal FireWall><; > []
<spoolsv><; > []
<Super Rabbit SRRestore><; > []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<uc><; > []
<Update><; > []
<Windog><; E:\WinDog\WinDog.EXE> []
<wins><; > []

xf86151 - 2006-8-12 21:55:00

启动文件夹
[IE-Bar]
<C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\IE-Bar.lnk><N>

==================================
服务
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[IPSEC Client / iSPONER]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<><N/A>
[KVSrvXP / KVSrvXP]
<><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<><N/A>
[Machine Debug Manager / MDM]
<><N/A>
[Norman API-hooking helper / NipSvc]
<><N/A>
[P4P Service / P4P Service]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Proxy Service / RfwProxySrv]
<f:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<F:\Program Files\Rising\Rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter]
<"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"F:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceX / ServiceX]
<><N/A>
[Network System / Universal Disk Manager]
<><N/A>

==================================
浏览器加载项
[PPGou BHO]
{00000000-0000-0000-0000-C4CA9A05F1E2} <D:\PROGRA~1\PPGou2\PPG2IE~1.DLL, N/A>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINDOWS\system32\IEBHODLL.dll, N/A>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll, Microsoft Corporation>
[上网助手]
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, >
[电鹰工具栏]
{1BC0B497-3010-43BF-AD78-5858A70907A2} <C:\WINDOWS\system32\dytoolband.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Wbho Class]
{40E3A34A-3282-41F8-AD2C-051BAB96AD4A} <C:\WINDOWS\System32\Usign.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\System32\microapmddt.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\a70o3071.dll, N/A>
[手机短信]
{00000000-0000-0001-0001-596BAEDD1289}? <http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756, N/A>
[UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <D:\UC\UC.exe, Longmaster>
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8}? <, N/A>
[常用网址]
{36B39F01-7B48-44AD-A165-5849CD8EF562}? <C:\WINDOWS\System32\SHDOCVW.DLL, Microsoft Corporation>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97}? <http://cn.mail.yahoo.com/promo/rd1, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26}? <http://hot.3721.com/rd/shop_btn.htm, N/A>
[上网助手]
{5D73EE86-05F1-49ed-B850-E423120EC338}? <http://assistant.3721.com/index.htm?fb=Cns, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b}? <, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <E:\新建公文包\QQIEHelper.dll, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? <http://assistant.3721.com/security1.htm?fb=Cns, N/A>
[易趣购物]
{EE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=50, N/A>
[新浪点点通]
{F60C7D81-8471-4D40-AAFE-56D318F34C2D}? <C:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5}? <http://assistant.3721.com/clean1.htm?fb=Cns, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[上网助手]
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, >
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\feidianTV\MMCShell.dll, Sohu.com Inc.>
[TV Stream Source]
{8F9E8A28-C296-4C6F-9A57-8FE4374135A1} <C:\WINDOWS\System32\chaos.ax, Gaov Info Tech Co, LTD.>
[TV Stream Source]
{BE9535B7-76FB-4572-AD20-B32BADB3643B} <C:\WINDOWS\System32\FAggr.ax, www.sina.com.cn>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[VnetAnpr Class]
{E1207373-6721-4AAD-888B-C8C5A0209E17} <C:\WINDOWS\Downloaded Program Files\anpr.dll, N/A>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\System32\pcastctl.dll, >
[&使用屁屁狗[PPGou]下载全部链接]
<, N/A>
[&使用屁屁狗[PPGou]加速下载]
<, N/A>
[&使用迅雷下载]
<F:\NBA Live 2005\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\NBA Live 2005\Program\GetAllUrl.htm, N/A>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\QQ2006\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\PROGRA~1\KUGOO2\KuGoo3DownX.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[添加到QQ表情]
<E:\Program Files\QQ2006\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[电鹰搜索]
<res://C:\WINDOWS\system32\dytoolband.dll/MENUSEARCH.HTM, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

xf86151 - 2006-8-12 21:58:00

nc.><1, 0, 0, 25>
[PID: 1924][E:\Program Files\QQ2006\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Program Files\QQ2006\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[E:\Program Files\QQ2006\PYKer.dll] <飘云 http://www.pyqq.cn><飘云>
[E:\Program Files\QQ2006\ipsearcher.dll] <><1.0.0.3>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[E:\Program Files\QQ2006\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[E:\Program Files\QQ2006\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Program Files\QQ2006\QQAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\TIMProxy.dll] <tencent><0, 3, 2, 4>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[E:\Program Files\QQ2006\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQMainFrame.dll] <N/A><N/A>
[E:\Program Files\QQ2006\CQQApplication.dll] <N/A><N/A>
[E:\Program Files\QQ2006\NewSkin.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\CameraDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\MailSummary.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQSpace.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQPlugin.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQConfigPlugin.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQAvatar.dll] <N/A><N/A>
[E:\Program Files\QQ2006\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Program Files\QQ2006\QRingMng.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\LongConnection.dll] <tencent><5, 0, 201, 14>
[E:\Program Files\QQ2006\QQFileTransfer.dll] <Tencent><0, 3, 3, 5>
[E:\Program Files\QQ2006\QQSysMsgMng.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQPet.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\BQQApplication.dll] <N/A><N/A>
[E:\Program Files\QQ2006\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Program Files\QQ2006\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 140>
[E:\Program Files\QQ2006\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>

xf86151 - 2006-8-12 21:58:00

[E:\Program Files\QQ2006\QQSceneMng.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[E:\Program Files\QQ2006\QQAllInOne.dll] <N/A><N/A>
[E:\Program Files\QQ2006\SCCore.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQCustomFace.dll] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[E:\Program Files\QQ2006\QQMagicFace.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[PID: 2008][E:\Program Files\QQ2006\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[E:\Program Files\QQ2006\TIMProxy.dll] <tencent><0, 3, 2, 4>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[PID: 372][C:\Program Files\Tencent\TT\TTraveler.exe] <深圳市腾讯计算机系统有限公司><2, 0, 15, 200>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\PROGRA~1\3721\autolive.dll] <><1, 1, 6, 1325>
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.3985>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 1036][C:\WINDOWS\System32\rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\1.dll] <千橡互联><3, 0, 1, 0>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\3.dll] <千橡互联><3, 0, 1, 0>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\4.dll] <千橡互联><3, 0, 1, 0>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[PID: 676][C:\WINDOWS\System32\conime.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 316][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 3840][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 2164][C:\WINDOWS\WINLOGON.EXE] <Skwl4ef9sasdS><0.00.0091>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 3644][C:\WINDOWS\System32\msiexec.exe] <Microsoft Corporation><2.0.2600.0>
[PID: 2248][F:\NBA Live 2005\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.2.0.207>
[F:\NBA Live 2005\Program\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 8>
[F:\NBA Live 2005\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 3, 70>
[F:\NBA Live 2005\Program\log4cplus.dll] <><1, 0, 2, 1>
[F:\NBA Live 2005\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[F:\NBA Live 2005\Program\asyn_dns.dll] <N/A><N/A>
[F:\NBA Live 2005\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[F:\NBA Live 2005\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[F:\NBA Live 2005\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[F:\NBA Live 2005\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[F:\NBA Live 2005\Components\InMedia\iEmbedShell.dll] <　><1, 0, 0, 10>
[F:\NBA Live 2005\Components\InMedia\iEmbed03.dll] <　><2, 2, 1, 33>
[F:\NBA Live 2005\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 6>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A>
[F:\NBA Live 2005\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 60>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 2236][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 1>
[C:\WINDOWS\system32\IEBHODLL.dll] <N/A><N/A>
[C:\WINDOWS\System32\wmpdrm.dll] <N/A><2.0.0.1>
[C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll] <Microsoft Corporation><1, 3, 1, 0>
[C:\PROGRA~1\3721\Assist\assist.dll] <><2, 0, 3, 3>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 3, 1035>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll] <Yahoo.><1, 0, 2, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 8, 1048>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A>
[c:\program files\google\googletoolbar1.dll] <Google Inc.><3, 0, 131, 0>
[C:\WINDOWS\a70o3071.dll] <N/A><N/A>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1612][E:\winzip32.exe] <WinZip Computing, Inc.><14.0 (32-bit)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[E:\WZVINFO.DLL] <WinZip Computing, Inc.><1.1 (32-bit)>
[E:\WZCAB3.DLL] <WinZip Computing, Inc.><3.1 (32-bit)>
[E:\wz32.dll] <WinZip Computing, Inc.><14.0 (32-bit)>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 1724][C:\Documents and Settings\xyf.FZH-UGI6VRI2ZWL\Local Settings\Temp\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

秋日里的蓝天 - 2006-8-12 21:58:00

日志不全，重新扫描贴上来

xf86151 - 2006-8-13 7:39:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; > []
<SDO2005><; > []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><; ?矹?詾矵?軁矵?????> []
<run><; ?矹?詾矵?軁矵?????> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<internat.exe><internat.exe> [Microsoft Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<mscfs><; RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.DLL,cfs> []
<RfwMain><"F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavAV><C:\WINDOWS\RavMon.exe> []
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Skwl4ef9sasdS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Skwl4ef9sasdS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KernelFaultCheck><C:\WINDOWS\System32\msime.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> []
<Userinit><userinit.exe,> [Microsoft Corporation]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{F3F54390-D513-4D99-A5DA-476EA9DC6022}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []
<{F084FD46-EB63-4CC0-B814-99C16EE76BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\system\a70d3070.dll> []

==================================
启动文件夹
[IE-Bar]
<C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\IE-Bar.lnk><N>

mopery - 2006-8-13 7:40:00

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

这种日志也扫一份..

xf86151 - 2006-8-13 7:40:00

服务
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[IMAPI CD-Burning COM Service / ImapiService]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[IPSEC Client / iSPONER]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<><N/A>
[KVSrvXP / KVSrvXP]
<><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<><N/A>
[Machine Debug Manager / MDM]
<><N/A>
[Norman API-hooking helper / NipSvc]
<><N/A>
[P4P Service / P4P Service]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Proxy Service / RfwProxySrv]
<f:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<F:\Program Files\Rising\Rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter]
<"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"F:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceX / ServiceX]
<><N/A>
[Network System / Universal Disk Manager]
<><N/A>

xf86151 - 2006-8-13 7:41:00

浏览器加载项
[PPGou BHO]
{00000000-0000-0000-0000-C4CA9A05F1E2} <D:\PROGRA~1\PPGou2\PPG2IE~1.DLL, N/A>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[]
{01A7A372-71E8-4022-9D76-B66BECF71A2E} <C:\WINDOWS\system32\IEBHODLL.dll, N/A>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll, Microsoft Corporation>
[上网助手]
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, >
[电鹰工具栏]
{1BC0B497-3010-43BF-AD78-5858A70907A2} <C:\WINDOWS\system32\dytoolband.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Wbho Class]
{40E3A34A-3282-41F8-AD2C-051BAB96AD4A} <C:\WINDOWS\System32\Usign.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[MacroMediapd]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\System32\microapmddt.dll, N/A>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\a70o3071.dll, N/A>
[手机短信]
{00000000-0000-0001-0001-596BAEDD1289}? <http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756, N/A>
[UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <D:\UC\UC.exe, Longmaster>
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8}? <, N/A>
[常用网址]
{36B39F01-7B48-44AD-A165-5849CD8EF562}? <C:\WINDOWS\System32\SHDOCVW.DLL, Microsoft Corporation>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97}? <http://cn.mail.yahoo.com/promo/rd1, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26}? <http://hot.3721.com/rd/shop_btn.htm, N/A>
[上网助手]
{5D73EE86-05F1-49ed-B850-E423120EC338}? <http://assistant.3721.com/index.htm?fb=Cns, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b}? <, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? <E:\新建公文包\QQIEHelper.dll, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? <http://assistant.3721.com/security1.htm?fb=Cns, N/A>
[易趣购物]
{EE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=50, N/A>
[新浪点点通]
{F60C7D81-8471-4D40-AAFE-56D318F34C2D}? <C:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5}? <http://assistant.3721.com/clean1.htm?fb=Cns, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[上网助手]
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} <C:\PROGRA~1\3721\Assist\assist.dll, >
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\feidianTV\MMCShell.dll, Sohu.com Inc.>
[TV Stream Source]
{8F9E8A28-C296-4C6F-9A57-8FE4374135A1} <C:\WINDOWS\System32\chaos.ax, Gaov Info Tech Co, LTD.>
[TV Stream Source]
{BE9535B7-76FB-4572-AD20-B32BADB3643B} <C:\WINDOWS\System32\FAggr.ax, www.sina.com.cn>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[VnetAnpr Class]
{E1207373-6721-4AAD-888B-C8C5A0209E17} <C:\WINDOWS\Downloaded Program Files\anpr.dll, N/A>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\System32\pcastctl.dll, >
[&使用屁屁狗[PPGou]下载全部链接]
<, N/A>
[&使用屁屁狗[PPGou]加速下载]
<, N/A>
[&使用迅雷下载]
<F:\NBA Live 2005\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\NBA Live 2005\Program\GetAllUrl.htm, N/A>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\QQ2006\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\PROGRA~1\KUGOO2\KuGoo3DownX.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[添加到QQ表情]
<E:\Program Files\QQ2006\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[电鹰搜索]
<res://C:\WINDOWS\system32\dytoolband.dll/MENUSEARCH.HTM, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

xf86151 - 2006-8-13 7:42:00

正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 548][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 560][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 724][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 776][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\oewum45f.dll] <WinRAR archiver><3, 4, 2, 0>
[PID: 844][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 932][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1128][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\EBPMON2.DLL] <SEIKO EPSON CORPORATION><2, 34, 0, 0>
[PID: 1268][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\PROGRA~1\3721\alrex.dll] <><1, 0, 1, 1001>
[E:\WZSHLSTB.DLL] <WinZip Computing, Inc.><4.1 (32-bit)>
[C:\PROGRA~1\3721\autolive.dll] <><1, 1, 6, 1325>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 1>
[C:\PROGRA~1\3721\Assist\assist.dll] <><2, 0, 3, 3>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] <Yahoo! China><1, 1, 3, 1035>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] <Yahoo!><2, 1, 8, 1048>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX] <N/A><N/A>
[C:\WINDOWS\a70o3071.dll] <N/A><N/A>
[E:\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\oewum45f.dll] <WinRAR archiver><3, 4, 2, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] <N/A><1, 0, 1, 1014>
[PID: 1564][C:\WINDOWS\WINLOGON.EXE] <Skwl4ef9sasdS><0.00.0091>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\oewum45f.dll] <WinRAR archiver><3, 4, 2, 0>
[PID: 1624][C:\WINDOWS\System32\rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\1.dll] <千橡互联><3, 0, 1, 0>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\3.dll] <千橡互联><3, 0, 1, 0>
[C:\DOCUME~1\XYF~1.FZH\TEMPLA~1\0155b57\4.dll] <千橡互联><3, 0, 1, 0>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>

xf86151 - 2006-8-13 7:43:00

[PID: 1640][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 1832][C:\WINDOWS\System32\msime.exe] <Microsoft Corporation><5.1.2600.2180>
[C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\oewum45f.dll] <WinRAR archiver><3, 4, 2, 0>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 1848][C:\WINDOWS\System32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 1944][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\PROGRA~1\3721\autolive.dll] <><1, 1, 6, 1325>
[C:\PROGRA~1\3721\notifier.dll] <><1, 0, 0, 5>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[PID: 268][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] <SEIKO EPSON CORPORATION><2, 3, 0, 0>
[C:\WINDOWS\system32\EBAPI2.DLL] <SEIKO EPSON CORPORATION><1, 4, 0, 0>
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] <SEIKO EPSON CORPORATION><2, 26, 0, 0>
[PID: 1232][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] <Sohu.com Inc.><2, 0, 0, 20>
[C:\Program Files\Sogou PXP\vodsvr.dll] <Sohu.com Inc.><1, 1, 0, 4>
[C:\Program Files\Sogou PXP\PluginClient.dll] <Sohu.com Inc.><1, 0, 0, 25>
[PID: 484][E:\Program Files\QQ2006\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Program Files\QQ2006\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[E:\Program Files\QQ2006\PYKer.dll] <飘云 http://www.pyqq.cn><飘云>
[E:\Program Files\QQ2006\ipsearcher.dll] <><1.0.0.3>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[E:\Program Files\QQ2006\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[E:\Program Files\QQ2006\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Program Files\QQ2006\QQAPI.dll] <><1, 0, 0, 1>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[E:\Program Files\QQ2006\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Program Files\QQ2006\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQMainFrame.dll] <N/A><N/A>
[E:\Program Files\QQ2006\CQQApplication.dll] <N/A><N/A>
[E:\Program Files\QQ2006\NewSkin.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\CameraDll.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\MailSummary.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQSysMsgMng.dll] <N/A><N/A>
[E:\Program Files\QQ2006\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQPlugin.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQConfigPlugin.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A>
[E:\Program Files\QQ2006\LongConnection.dll] <tencent><5, 0, 201, 14>
[E:\Program Files\QQ2006\QRingMng.dll] <N/A><N/A>
[E:\Program Files\QQ2006\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Program Files\QQ2006\QQPet.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\QQAvatar.dll] <N/A><N/A>
[E:\Program Files\QQ2006\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Program Files\QQ2006\BQQApplication.dll] <N/A><N/A>
[E:\Program Files\QQ2006\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Program Files\QQ2006\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Program Files\QQ2006\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 140>
[E:\Program Files\QQ2006\QQSceneMng.dll] <N/A><N/A>
[E:\Program Files\QQ2006\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[PID: 264][E:\Program Files\QQ2006\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[E:\Program Files\QQ2006\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 664][C:\Program Files\Tencent\TT\TTraveler.exe] <深圳市腾讯计算机系统有限公司><2, 0, 15, 200>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\PROGRA~1\3721\autolive.dll] <><1, 1, 6, 1325>
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 564][F:\NBA Live 2005\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.2.0.207>
[F:\NBA Live 2005\Program\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 8>
[F:\NBA Live 2005\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 3, 70>
[F:\NBA Live 2005\Program\log4cplus.dll] <><1, 0, 2, 1>
[F:\NBA Live 2005\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[F:\NBA Live 2005\Program\asyn_dns.dll] <N/A><N/A>
[F:\NBA Live 2005\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[F:\NBA Live 2005\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[F:\NBA Live 2005\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[F:\NBA Live 2005\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[F:\NBA Live 2005\Components\InMedia\iEmbedShell.dll] <　><1, 0, 0, 10>
[F:\NBA Live 2005\Components\InMedia\iEmbed03.dll] <　><2, 2, 1, 33>
[F:\NBA Live 2005\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 6>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A>
[E:\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\NBA Live 2005\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 60>
[C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 608][E:\winzip32.exe] <WinZip Computing, Inc.><14.0 (32-bit)>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[E:\WZVINFO.DLL] <WinZip Computing, Inc.><1.1 (32-bit)>
[E:\WZCAB3.DLL] <WinZip Computing, Inc.><3.1 (32-bit)>
[E:\wz32.dll] <WinZip Computing, Inc.><14.0 (32-bit)>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>
[PID: 748][C:\Documents and Settings\xyf.FZH-UGI6VRI2ZWL\Local Settings\Temp\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\KB8964115.log] <N/A><N/A>
[C:\PROGRA~1\3721\helper.dll] <><1, 1, 0, 1325>
[C:\Program Files\Internet Explorer\PLUGINS\system2.sys] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] <N/A><N/A>
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] <N/A><N/A>

xf86151 - 2006-8-13 7:43:00

文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

xf86151 - 2006-8-13 8:34:00

我下载了啊，怎么打不开啊？

xf86151 - 2006-8-13 8:44:00

哪位高人来救救我啊`~~哭死~~

xf86151 - 2006-8-13 8:46:00

我再顶

mopery - 2006-8-13 8:47:00

你打开SRE 系统修复修复文件关联...

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

xf86151 - 2006-8-13 9:05:00

Logfile of HijackThis v1.99.1
Scan saved at 08:42:13, on 2006-08-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\msime.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\internat.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Program Files\QQ2006\QQ.exe
E:\Program Files\QQ2006\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\NBA Live 2005\Program\Thunder5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WinRAR.exe
C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\Rar$EX00.316\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=; ?矹?詾矵?軁矵?????
F3 - REG:win.ini: run=; ?矹?詾矵?軁矵?????
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - D:\PROGRA~1\PPGou2\PPG2IE~1.DLL (file missing)
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINDOWS\system32\IEBHODLL.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: 电鹰工具栏 - {1BC0B497-3010-43BF-AD78-5858A70907A2} - C:\WINDOWS\system32\dytoolband.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3}? - (no file)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\NBA Live 2005\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll (file missing)
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\a70o3071.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\KakaTool.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [mscfs] ; RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.DLL,cfs
O4 - HKLM\..\Run: [RfwMain] "F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMon.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [intranet] C:\WINDOWS\System32\intranet.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] ; "D:\题库\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [assistse] ;
O4 - HKLM\..\Run: [CdnCtr] ;
O4 - HKLM\..\Run: [DTService] ; rundll32.exe C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [ExFilter] ; Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [FORTRESS] ;
O4 - HKLM\..\Run: [hbpassport] ;
O4 - HKLM\..\Run: [iparmor] ;
O4 - HKLM\..\Run: [k3log] ;
O4 - HKLM\..\Run: [KvMonXP] ;
O4 - HKLM\..\Run: [RavMon] ;
O4 - HKLM\..\Run: [RavTimer] ;
O4 - HKLM\..\Run: [RealTray] ;
O4 - HKLM\..\Run: [res] ;
O4 - HKLM\..\Run: [SearchNet_Up] ;
O4 - HKLM\..\Run: [SkyDune] ; C:\Program Files\NetSecurity\NetSecurity.exe -Poweron
O4 - HKLM\..\Run: [SKYNET Personal FireWall] ;
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ;
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [uc] ;
O4 - HKLM\..\Run: [Update] ;
O4 - HKLM\..\Run: [Windog] ; E:\WinDog\WinDog.EXE
O4 - HKLM\..\Run: [wins] ;
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ;
O4 - HKCU\..\Run: [SDO2005] ;
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

xf86151 - 2006-8-13 9:06:00

O8 - Extra context menu item: &使用迅雷下载 - F:\NBA Live 2005\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\NBA Live 2005\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\PROGRA~1\KUGOO2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 电鹰搜索 - res://C:\WINDOWS\system32\dytoolband.dll/MENUSEARCH.HTM
O8 - Extra context menu item: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289}? - http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756 (file missing)
O9 - Extra button: UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\UC\UC.exe
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562}? - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}? - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\新建公文包\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\新建公文包\QQIEHelper.dll (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D}? - C:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} - http://pi.51.net/download/diybar2.cab
O16 - DPF: {8F9E8A28-C296-4C6F-9A57-8FE4374135A1} (TV Stream Source) - http://218.57.9.18/down/0510/1014Chaos.cab
O16 - DPF: {BE9535B7-76FB-4572-AD20-B32BADB3643B} (TV Stream Source) - http://image2.sina.com.cn/cctv/Chaos203b.cab
O16 - DPF: {E1207373-6721-4AAD-888B-C8C5A0209E17} (VnetAnpr Class) - http://service.chinavnet.com/zx/VNetInterface/VNetForSP/VnetPlugin.CAB
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://itv.5qzone.net/pCastCtl_1.0.0.82_20060329.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84FB47BA-94DC-4303-99FA-B4EDCCADBB49}: NameServer = 202.102.192.68 202.102.199.68
O18 - Protocol: mp3 - (no CLSID) - (no file)
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\system\a70d3070.dll
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Unknown owner - (no file)
O23 - Service: KVSrvXP - Unknown owner - (no file)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - (no file)
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - (no file)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Unknown owner - F:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rav\Ravmond.exe

mopery - 2006-8-13 9:08:00

修复
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=; ?矹?詾矵?軁矵?????
F3 - REG:win.ini: run=; ?矹?詾矵?軁矵?????
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - D:\PROGRA~1\PPGou2\PPG2IE~1.DLL (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
O2 - BHO: 电鹰工具栏 - {1BC0B497-3010-43BF-AD78-5858A70907A2} - C:\WINDOWS\system32\dytoolband.dll (file missing)
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899}? - (no file)
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\System32\Usign.dll (file missing)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3}? - (no file)
O2 - BHO: MacroMediapd - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\System32\microapmddt.dll (file missing)
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\a70o3071.dll
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMon.exe
O4 - HKLM\..\Run: [assistse] ;
O4 - HKLM\..\Run: [CdnCtr] ;
O4 - HKLM\..\Run: [DTService] ; rundll32.exe C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\RarSFX0\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [FORTRESS] ;
O4 - HKLM\..\Run: [hbpassport] ;
O4 - HKLM\..\Run: [iparmor] ;
O4 - HKLM\..\Run: [k3log] ;
O4 - HKLM\..\Run: [KvMonXP] ;
O4 - HKLM\..\Run: [RavMon] ;
O4 - HKLM\..\Run: [RavTimer] ;
O4 - HKLM\..\Run: [RealTray] ;
O4 - HKLM\..\Run: [res] ;
O4 - HKLM\..\Run: [SearchNet_Up] ;
O4 - HKLM\..\Run: [SKYNET Personal FireWall] ;
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ;
O4 - HKLM\..\Run: [uc] ;
O4 - HKLM\..\Run: [Update] ;
O4 - HKLM\..\Run: [wins] ;
O4 - HKCU\..\Run: [MSMSGS] ;
O4 - HKCU\..\Run: [SDO2005] ;
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
删除
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper200686_8157.dll
C:\WINDOWS\a70o3071.dll
C:\WINDOWS\RavMon.exe

清空
C:\DOCUME~1\XYF~1.FZH\LOCALS~1\Temp\

卸载
C:\Program Files\Common Files\IE-Bar
删除
C:\Program Files\Common Files\IE-Bar

瑞星卡卡安全论坛