瑞星卡卡安全论坛

病毒名称  Trojan.QQPass.fq

路径  LOCALS~1\temp\fuckrav.com

请问怎么杀掉？

从HJ 日志看不出什么来呀

QQpass 下载地址:http://www.shareware.cn/SoftDown.asp?ID=192

引用:

【Myth战神的贴子】QQpass 下载地址: ………………

qqpass 是什么？

木马

怎样杀掉这个木马

请指教

上去  继续等

Logfile of HijackThis v1.99.1
Scan saved at 21:13:10, on 2006-8-25
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\rising\Rav\CCenter.exe
d:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
d:\Program Files\rising\Rav\RavStub.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\rising\Rav\RavTask.exe
D:\Program Files\rising\Rav\Ravmon.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQLive\QQLive.exe
D:\Program Files\广电嘉和\济南广电嘉和认证客户端\广电认证.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Shockwave Flash Object - {DE8C8BF0-4A16-12DD-CBBD-789569C11983} - C:\WINNT\system32\FLASHO~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {DB6CBA02-6AC6-48B5-8A2B-6F164328023D} (PtoPManager Class) - http://www.uitv.com/IPortal/p2p/p2pmmp.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {EC53936E-6D4A-4307-9092-A2FC48EAFC56} (Web800 Control) - http://service.qq.com/web800.exe
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B630456-2440-4683-9033-A44B5E9B80A4}: NameServer = 211.97.184.100,210.77.192.88
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\Ravmond.exe

上去  继续等

病毒路径...

日志正常...

今晚  提示我  4次了

杀了4次

不知道  还会不会有第5次

谁熟悉这个病毒

给个彻底杀掉方式

Logfile of HijackThis v1.99.1
Scan saved at 22:37:17, on 2006-8-25
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\rising\Rav\CCenter.exe
d:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\svchost.exe
d:\Program Files\ewido anti-spyware 4.0\guard.exe
d:\Program Files\rising\Rav\RavStub.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\rising\Rav\RavTask.exe
D:\Program Files\rising\Rav\Ravmon.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQLive\QQLive.exe
D:\Program Files\广电嘉和\济南广电嘉和认证客户端\广电认证.exe
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Shockwave Flash Object - {DE8C8BF0-4A16-12DD-CBBD-789569C11983} - C:\WINNT\system32\FLASHO~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {DB6CBA02-6AC6-48B5-8A2B-6F164328023D} (PtoPManager Class) - http://www.uitv.com/IPortal/p2p/p2pmmp.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {EC53936E-6D4A-4307-9092-A2FC48EAFC56} (Web800 Control) - http://service.qq.com/web800.exe
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B630456-2440-4683-9033-A44B5E9B80A4}: NameServer = 211.97.184.100,210.77.192.88
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - d:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\rising\Rav\Ravmond.exe

请说说杀软报的病毒路径...

路径

c:\docume~1\admini~1\locals~1\temp\fuckrav.com

安全模式下清空IE临时文件
删除c:\docume~1\admini~1\locals~1\temp所有能删除的文件试试

如果还报毒,请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

2006-08-26,15:58:56

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  []
    <RavTask><"d:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
  <D:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <d:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]

{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINNT\system32\aliedit\pta.dll, >
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[PtoPManager Class]
  {DB6CBA02-6AC6-48B5-8A2B-6F164328023D} <C:\WINNT\Downloaded Program Files\P2PManager.dll, >
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Web800 Control]
  {EC53936E-6D4A-4307-9092-A2FC48EAFC56} <d:\PROGRA~1\Tencent\Web800\Web800.ocx, Microsoft>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[使用影音传送带下载]
  <D:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <D:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>

==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 188][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 208][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
    [C:\WINNT\system32\PCANotify.dll]  <Symantec Corporation><10.5.1.505>
[PID: 236][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 248][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 404][d:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [d:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [d:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [d:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [d:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [d:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>

[PID: 420][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 444][d:\Program Files\rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 460][d:\Program Files\rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [d:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [d:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [d:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [d:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [d:\Program Files\rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [d:\Program Files\rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [d:\Program Files\rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [d:\Program Files\rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [d:\Program Files\rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [d:\Program Files\rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [d:\Program Files\rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [d:\Program Files\rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [d:\Program Files\rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [d:\Program Files\rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [d:\Program Files\rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [d:\Program Files\rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [d:\Program Files\rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [d:\Program Files\rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [d:\Program Files\rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [d:\Program Files\rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [d:\Program Files\rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 552][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 656][C:\WINNT\System32\snmp.exe]  <Microsoft Corporation><5.00.2195.6605>
[PID: 680][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 732][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 760][C:\WINNT\system32\Dfssvc.exe]  <Microsoft Corporation><5.00.2195.6664>
[PID: 784][C:\WINNT\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><5.00.0984>
[PID: 804][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  <Microsoft Corporation><9.107.5512.0>
[PID: 864][d:\Program Files\rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [d:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [d:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1236][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\mp3infp.dll]  <win32lab.com><2.50.5.0>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\qdshm.dll]  <><1, 0, 101, 20>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>

[d:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\ewido anti-spyware 4.0\context.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [D:\PROGRA~1\PICAVI~1.0迷\PicaView.dll]  <ACD Systems, Ltd.><2, 0, 0, 78>
    [C:\Program Files\Common Files\ACD Systems\PlugIns2\IDE_ACDStd.apl]  <ACD Systems, Ltd.><3,0,31,0>
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CdrIco.DLL]  <Corel Corporation><1.0.0.458>
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CRLUTL.dll]  <Corel Corporation><1.0.0.458>
    [D:\Program Files\Corel\Corel Graphics 12\PROGRAMS\CRLI18N.dll]  <Corel Corporation><1.0.0.458>
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  <Adobe Systems, Incorporated><7.0>
[PID: 1280][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1316][D:\Program Files\rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1328][D:\Program Files\rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
    [D:\Program Files\rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1340][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 812][D:\Program Files\ewido anti-spyware 4.0\ewido.exe]  <Anti-Malware Development a.s.><4, 0, 0, 172>
    [D:\Program Files\ewido anti-spyware 4.0\engine.dll]  <Anti-Malware Development a.s.><4, 0, 0, 172>
[PID: 1448][C:\WINNT\system32\dllhost.exe]  <Microsoft Corporation><5.00.2195.6692>
[PID: 1480][C:\WINNT\system32\dllhost.exe]  <Microsoft Corporation><5.00.2195.6692>
[PID: 1752][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [C:\WINNT\system32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 504][d:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe]  <Macromedia, Inc.><7.0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\mmcr70.dll]  <Sample Corporation><7.00.0000>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\mmcp70.dll]  <Sample Corporation><7.00.0000>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\xerces-c_1_7.dll]  <Apache Software Foundation><1, 6, 0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\actlib.dll]  <Macromedia Inc.><1, 0, 0, 1>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Fireworks Library.dll]  <Macromedia Inc.><7.0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\NetIO.dll]  <N/A><N/A>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\icuuc26.dll]  <IBM Corporation and others><2, 6, 0, 0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\icudt26l.dll]  <IBM Corporation and others><2, 6, 0, 0>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~efb40d\~df394b.tmp]  <N/A><N/A>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~efb40d\~de1a55.tmp]  <N/A><2.42.000>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\Resources.dll]  <Macromedia, Inc.><2.0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\MMxpt.dll]  <Macromedia, Inc.><3, 0, 0, 146A>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~efda96\~df394b.tmp]  <N/A><N/A>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~efda96\~ded171.tmp]  <N/A><2.42.000>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\MMxptResources.dll]  <Macromedia, Inc.><3, 0, 0, 146A>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\JSExtensions\MMNotes.dll]  <Macromedia, Inc.><3, 0, 2, 0>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\JSExtensions\SWFFile.dll]  <N/A><N/A>
    [d:\Program Files\Macromedia\Dreamweaver MX

2004\Configuration\JSExtensions\MM.dll]  <N/A><N/A>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\JSExtensions\DWfile.dll]  <N/A><N/A>
    [d:\Program Files\Macromedia\Dreamweaver MX 2004\Configuration\JSExtensions\TSL.dll]  <N/A><N/A>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp]  <Macrovision Europe Ltd.><1, 0, 0, 1>
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~e5d141.tmp]  <Macrovision Europe Ltd.><1, 0, 0, 1>
[PID: 1088][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [c:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [C:\WINNT\system32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1724][C:\Documents and Settings\Administrator\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["d:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

清空临时文件夹

已经清空  但还会出来

上面是我的  sreng 日志

帮忙看下

上去  各位帮忙呀

沉的太快了

在线等

继续继续

哎  郁闷

正常..

引用:

【mopery的贴子】正常.. ………………

为啥  会自动出现在我 c:\docume~1\admini~1\locals~1\temp\fuckrav.com

中呢？

我从启动里 也看不出痕迹

c:\docume~1\admini~1\locals~1\temp\
安全模式清空嘛...