瑞星卡卡安全论坛

首先谢谢高手们的辛苦！

我的问题是：我的瑞星一直提示在杀“Trojan.DL.Delf.cxw”这个病毒，瑞星老提示删除成功，但一秒左右又出现，反复如此；再看任务管理器的进程，有IEXPLORE.EXE，Realplayer.exe等病毒进程，并且性能中的cpu使用为100%；确定中毒后，我参考置顶贴 [主页被改为http://www.7939.com的解决办法（realplayer.exe的查杀），作者：newcenturymoon] 所说的方法操作了一遍（确定我的操作过程无误）。把病毒删了，完了后：

重启机子，在没开任何程序的情况下看任务管理器的进程，没有IEXPLORE.EXE，Realplayer.exe这两项，我以为搞定了，于是打开Internet Explorer浏览器，但这时会自动跳出个“嘟嘟网”，我感觉不对劲，再打开任务管理器的进程，发现IEXPLORE.EXE，Realplayer.exe这些东西又来了。

我重新搞了几次都是这样（在安全模式下也试过）：打开Internet Explorer浏览器时，会自动跳出个“嘟嘟网”，然后IEXPLORE.EXE，Realplayer.exe都会在，请问知道的这是为什么？我该怎办？

附日志（我最后一次删了病毒后，重启机子后的扫描）：
ijackThis_zww汉化版扫描日志 V1.99.1
保存于      1:34:14, 日期 2006-8-30
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Realplayer.exe
F:\down\soft\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userint.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的按钮: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F98413B4-D706-4008-AF44-46424A3C85E8}: NameServer = 202.96.128.68,202.96.128.110
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe


任务管理器的进程：




附件: 601277200683022110.bmp

这样,你先修复:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userint.exe
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
删除:
C:\WINDOWS\system32\mskey16.dll
C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
然后再照置顶贴的方法再做一遍,看行不行

【回复“heroxxb”的帖子】
谢谢westbeck的解答，我马上去试试。

我今天会一天在线等。希望大家不吝赐教！！！

顺便说下，这就是弹出的网站，奇怪的是它并没有纂改我的首页，只是开机会头打开网页游览器时会弹出：


附件: 601277200683083758.bmp

那个东西按照置顶可以杀去,楼主是不是操作失误?

O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
偶然发现,确认一下

引用:

【710207的贴子】O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 偶然发现,确认一下 ………………

请问这个？我该如何？

楼主知道它是什么吗?

说不定是病毒后遗症.......

012项在日志中指IE插件新项目

我的也和楼上的一样中了,我晕!!!
HijackThis_815汉化版扫描日志 V1.99.1
保存于      8:40:44, 日期 2006-8-30
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星杀毒\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星杀毒\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\瑞星杀毒\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\瑞星杀毒\Rising\Rav\RavTask.exe
D:\瑞星杀毒\Rising\Rav\Ravmon.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\program files\Tencent\QQ\QQ.exe
D:\program files\Tencent\QQ\TIMPlatform.exe
D:\program files\Netease\popo2004\popo.exe
F:\扫描仪\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr1.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - F:\123456\ComDlls\XunLeiBHO_002.dll
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RavTask] "D:\瑞星杀毒\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - F:\123456\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - F:\123456\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\program files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\program files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\program files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\program files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - F:\123456\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - F:\123456\Thunder.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cn_spi32.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149666101953
O17 - HKLM\System\CCS\Services\Tcpip\..\{867629B0-AE22-4C1B-90D9-9558369CD134}: NameServer = 202.96.128.143
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\Rising\Rav\Ravmond.exe
O23 - NT 服务: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

2006-08-30,08:41:43

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  []
    <CM-SmWizard><C:\WINDOWS\System\SmWizard.exe>  [C-Media Electronics Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"D:\瑞星杀毒\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  []
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{EFAE7B4A-FA39-4818-ACAC-6B6D851CEFF4}><C:\Program Files\Internet Explorer\WinHook.sys>  []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\瑞星杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\瑞星杀毒\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SmartLinkService / SLService]
  <slserv.exe><Smart Link>

==================================

浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\123456\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[shdocvwhlp Class]
  {BE442802-3911-46E0-B227-076B15A4EAD3} <C:\WINDOWS\system32\mskey16.dll, MicroCropration>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <F:\123456\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\123456\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[shdocvwhlp Class]
  {BE442802-3911-46E0-B227-076B15A4EAD3} <C:\WINDOWS\system32\mskey16.dll, MicroCropration>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <F:\123456\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\123456\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\program files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\program files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\program files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\program files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
[PID: 712][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 944][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1032][D:\瑞星杀毒\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1108][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1296][D:\瑞星杀毒\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
    [D:\瑞星杀毒\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\瑞星杀毒\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\瑞星杀毒\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [D:\瑞星杀毒\Rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
    [D:\瑞星杀毒\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\瑞星杀毒\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\瑞星杀毒\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\瑞星杀毒\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [D:\瑞星杀毒\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\瑞星杀毒\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [D:\瑞星杀毒\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\瑞星杀毒\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [D:\瑞星杀毒\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 31>
    [D:\瑞星杀毒\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\瑞星杀毒\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [D:\瑞星杀毒\Rising\Rav\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
    [D:\瑞星杀毒\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\瑞星杀毒\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\瑞星杀毒\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\瑞星杀毒\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\瑞星杀毒\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1384][d:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [d:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [d:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0,

[D:\瑞星杀毒\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [D:\瑞星杀毒\Rising\Rav\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
    [D:\瑞星杀毒\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\瑞星杀毒\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\瑞星杀毒\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\瑞星杀毒\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\瑞星杀毒\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1384][d:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [d:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [d:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [d:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [d:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [d:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [d:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1576][D:\瑞星杀毒\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [D:\瑞星杀毒\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1700][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 1764][C:\WINDOWS\system32\slserv.exe]  <Smart Link><3.80.01MC15>
[PID: 1788][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1908][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 408][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [F:\123456\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [C:\WINDOWS\system32\mskey16.dll]  <MicroCropration><1, 0, 0, 1>
[PID: 492][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
[PID: 612][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1180][C:\WINDOWS\system32\RunDll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system\cmicnfg.cpl]  <C-Media Corporation><1, 0, 40, 9>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINDOWS\System32\udaprop.dll]  <C-Media Corporation><1.0.2.2>
[PID: 1252][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
[PID: 1272][D:\瑞星杀毒\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\瑞星杀毒\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
[PID: 1360][D:\瑞星杀毒\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [D:\瑞星杀毒\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
    [D:\瑞星杀毒\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\瑞星杀毒\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\瑞星杀毒\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\瑞星杀毒\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\瑞星杀毒\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
[PID: 1672][C:\WINDOWS\VM_STI.EXE]  <Vimicro><4, 2, 1225, 6>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 1896][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
[PID: 1192][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
[PID: 2468][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\kakatool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
    [D:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [F:\123456\ComDlls\XunLeiBHO_002.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 2>
    [C:\WINDOWS\system32\mskey16.dll]  <MicroCropration><1, 0, 0, 1>
    [D:\瑞星杀毒\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 3048][D:\program files\Tencent\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\program files\Tencent\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [D:\program files\Tencent\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [D:\program files\Tencent\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [D:\program files\Tencent\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\program files\Tencent\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\WizardCtrl.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QQMainFrame.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [D:\program files\Tencent\QQ\CQQApplication.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\GroupLive.dll]  <N/A><N/A>
    [D:\瑞星杀毒\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\program files\Tencent\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [D:\program files\Tencent\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [D:\program files\Tencent\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [D:\program files\Tencent\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\SCCore.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\QQCustomFace.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [D:\program files\Tencent\QQ\BQQApplication.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\program files\Tencent\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\program files\Tencent\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [D:\program files\Tencent\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\program files\Tencent\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [D:\program files\Tencent\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
[PID: 2308][D:\program files\Tencent\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>

[D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 3668][D:\program files\Netease\popo2004\popo.exe]  <网易(163.com)><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XGDI.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XFile.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\P2PMgr.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XComm.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\Trace.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\Updater.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\UNZIP32.dll]  <Info-ZIP><5.5>
    [D:\program files\Netease\popo2004\ResLoc.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\MailChecker.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\ExtraEditor.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XMP.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\fmod.dll]  <Firelight Technologies Pty, Ltd><3.73>
    [D:\program files\Netease\popo2004\UrlObj.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\Bobo.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\SOX.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\share.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XVideo.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\VCodec.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\XVoice.dll]  <><1, 0, 0, 2>
    [D:\program files\Netease\popo2004\GIPSVoiceEngineDLL.dll]  <Global IP Sound><2, 0, 4, 0>
    [D:\program files\Netease\popo2004\XEmotion.dll]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\MsgHis.dll]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [D:\program files\Netease\popo2004\plugins\MSN.DLL]  <><1, 0, 0, 1>
    [D:\program files\Netease\popo2004\plugins\LIBCURL.dll]  <N/A><N/A>
    [D:\program files\Netease\popo2004\plugins\SSLEAY32.dll]  <N/A><N/A>
    [D:\program files\Netease\popo2004\plugins\LIBEAY32.dll]  <N/A><N/A>
    [D:\瑞星杀毒\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1168][F:\扫描仪\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

也帮我看看,高手们

【回复“yrhao”的帖子】
修复
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
删除
O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll
---------------------------------------------------
O4 - 启动项HKLM\\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
楼主确认一下.......
---------------------------------------------------
到http://forum.ikaka.com/topic.asp?board=67&artid=5188931下载LSPFix.exe和WinsockXPFix两个软件
运行LSPFix.exe
在“I know what I`m doing”前面打勾
把cn_spi32.dll左边转到右边
点“Finish”
修复后重启
如果无法上网...请运行WinsockXPFix...让它修复一下

上网可以上,前两天中了那www.7939.com
还有最新毒trojant系列我晕!
照高手们的杀realplayer.exe
一开机在任务管理器里还有毒就开始上来,开网页就出dudu
但把进程realplayer.exe关了一下,毒就不出来了!
那个网页dudu也不出来了

其实最简单的realplayer.exe解决方法就是用SSM永久阻止它的运行

引用:

【westbeck的贴子】这样,你先修复: F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userint.exe O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\mskey16.dll O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 删除: C:\WINDOWS\system32\mskey16.dll C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 然后再照置顶贴的方法再做一遍,看行不行 ………………

我恢复所说的两项后，查找mskey16.dll，npqtplugin2.dll已没有，
再按置顶贴说的方法，这次只找到C:\WINDOWS\system32\Realplayer.exe，并删了，但brlmon.dll这个没有。置顶贴所说的“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft NT和HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RunDown”也没有（是不是前次的操作我已经删了就没了？）
这是最新扫描的日志，请710207或其它高手一并看下，还有什么问题？谢谢！
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:15:58, 日期 2006-8-30
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\down\soft\HijackThis1991zww.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {BE442802-3911-46E0-B227-076B15A4EAD3} - (no file)
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的按钮: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F98413B4-D706-4008-AF44-46424A3C85E8}: NameServer = 202.96.128.68,202.96.128.110
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

【回复“heroxxb”的帖子】
C:\WINDOWS\system32\Realplayer.exe，并非总是伴随brlmon.dll
这个木马的变种不止一个。

引用:

【baohe的贴子】【回复“heroxxb”的帖子】 C:\WINDOWS\system32\Realplayer.exe，并非总是伴随brlmon.dll 这个木马的变种不止一个。 ………………

baohe 版主看到我的贴了，55555...........偶像啊...........

引用:

【710207的贴子】其实最简单的realplayer.exe解决方法就是用SSM永久阻止它的运行 ………………

哈哈,高手就是不一样啊,照你的方法已从启机,没发现realplayer.exe
dudu 也不出现,谢谢你!
就是还有个问题,我的局网内还有几家也中了,他们都不知道,我的搞好了,会不会再度传染
我的电脑?

【回复“heroxxb”的帖子】
请问710207：
我扫描后O12 - IE插件，支持文件类型.mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll 这项还是有的，我要不要删掉它？

还有请教下：进程里的realshed.exe这个是个什么东东？怎么看起来有点像realplay......有点怕怕。

谢谢！

我顶

学习中！