瑞星卡卡安全论坛
紫月鱼儿 - 2006-9-2 12:14:00
在开网页的时候老是会有一些网页跳出来。关了~过一会儿又有,连接的网页都不相同。以下几个工具扫出来的日志,烦请帮我看看哦,
前几天用瑞星杀毒还有病毒杀出来,现在杀不出毒了,可还不停的跳
ijackThis_zww汉化版扫描日志 V1.99.1
保存于 16:32:05, 日期 2006-09-01
操作系统: Windows 98 SE (Win9x 4.10.2222A)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\WINPENJR\WIN32\PPHIDPAD.EXE
C:\PROGRAM FILES\YAHOO!\ASSISTANT\YLIVE.EXE
C:\WINDOWS\SYSTEM\E_S6I3A1.EXE
C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
I:\下载\瑞星病毒专杀\HIJACKTHIS\HIJACKTHIS1991ZWW.EXE
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [SystemTray] SysTray.Exe
O4 - 启动项HKLM\\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - 启动项HKLM\\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - 启动项HKLM\\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [LoadQM] loadqm.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\YAHOO!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [EPSON Stylus C67 Series] C:\WINDOWS\SYSTEM\E_S6I3A1.EXE /P23 "EPSON Stylus C67 Series" /O5 "LPT1:" /M "Stylus C67"
O4 - 启动项HKLM\\RunServices: [RavMon] "C:\Program Files\rising\Rav\RavMon.exe" -system
O4 - 启动项HKLM\\RunServices: [StdService] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM32\STDSVER.DLL,Service
O4 - 启动项HKLM\\RunServices: [WinWrCup] C:\WINDOWS\WINCUP\WINCUP.EXE -R
O4 - 启动项HKLM\\RunServices: [RsCcenter] "C:\Program Files\rising\Rav\CCenter.exe"
O4 - 启动项HKLM\\RunServices: [RavMond] "C:\Program Files\rising\Rav\RavMond.exe"
O4 - HKCU\..\Run: [Foxmail] "C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE" -min
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 添加到中国网爪(&Z) - C:\Program Files\ChinaClaw\AddUrl.htm
O8 - IE右键菜单中的新增项目: 添加所有或选择到中国网爪 - C:\Program Files\ChinaClaw\AddAll.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\SYSTEM\fmrsslink.dll/201
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL/203
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL/YRSSMENUEXT
O9 - 浏览器额外的按钮: 词霸 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL
O9 - 浏览器额外的按钮: 卓越 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL
O9 - 浏览器额外的按钮: 网爪 - {0B47C180-9E84-11D3-9DE6-00A0CC2E4AA6} - C:\Program Files\ChinaClaw\ChinaClaw.exe
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: _{2761225D-F0F2-44E8-A2C9-476FB6A3316A} - http://dl_dir.qq.com/qqtools/trsetup.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.101.103.55,202.101.103.54
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\WEBWORK\WEBWORK.DLL
紫月鱼儿 - 2006-9-2 12:15:00
2006-09-02,11:49:00
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)
Windows 98 SE -
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Foxmail><"C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE" -min> [Tencent Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe> [Microsoft Corporation]
<SystemTray><SysTray.Exe> [Microsoft Corporation]
<ScanRegistry><C:\WINDOWS\scanregw.exe /autorun> [Microsoft Corporation]
<TaskMonitor><C:\WINDOWS\taskmon.exe> [Microsoft Corporation]
<StillImageMonitor><C:\WINDOWS\SYSTEM\STIMON.EXE> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<LoadQM><loadqm.exe> [Microsoft Corporation]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe> []
<YLive.exe><C:\PROGRA~1\YAHOO!\ASSIST~1\YLive.exe> [Yahoo! China]
<EPSON Stylus C67 Series><C:\WINDOWS\SYSTEM\E_S6I3A1.EXE /P23 "EPSON Stylus C67 Series" /O5 "LPT1:" /M "Stylus C67"> [SEIKO EPSON CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<yalertreg4_98><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<RavMon><"C:\Program Files\rising\Rav\RavMon.exe" -system> [Beijing Rising Technology Co., Ltd.]
<StdService><C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM32\STDSVER.DLL,Service> [MStdup Co Ltd.]
<WinWrCup><C:\WINDOWS\WINCUP\WINCUP.EXE -R> []
<RsCcenter><"C:\Program Files\rising\Rav\CCenter.exe"> [Beijing Rising Technology Co., Ltd.]
<RavMond><"C:\Program Files\rising\Rav\RavMond.exe"> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
==================================
启动文件夹
[Image Transfer]
<C:\WINDOWS\Start Menu\Programs\启动\Image Transfer.lnk><N>
==================================
服务
==================================
浏览器加载项
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, MStdup Co Ltd.>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL, Yahoo! China>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL, $>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL, $>
[网爪]
{0B47C180-9E84-11D3-9DE6-00A0CC2E4AA6} <C:\Program Files\ChinaClaw\ChinaClaw.exe, http://www.51357.com>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[Yahoo 1G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8B.OCX, Macromedia, Inc.>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNMESSENGERSETUPDOWNLOADER.OCX, Microsoft Corporation>
[添加到中国网爪(&Z)]
<C:\Program Files\ChinaClaw\AddUrl.htm, N/A>
[添加所有或选择到中国网爪]
<C:\Program Files\ChinaClaw\AddAll.htm, N/A>
[添加到QQ自定义面板]
<C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm, N/A>
[上传到QQ网络硬盘]
<C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
<res://C:\WINDOWS\SYSTEM\fmrsslink.dll/201, N/A>
[雅虎搜索]
<res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL/203, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL/YRSSMENUEXT, N/A>
==================================
紫月鱼儿 - 2006-9-2 12:17:00
正在运行的进程
[PID: 4294954923][C:\WINDOWS\SYSTEM\MPREXE.EXE] <Microsoft Corporation><4.10.1998>
[C:\WINDOWS\SYSTEM32\STDSVER.DLL] <MStdup Co Ltd.><3, 2, 2, 3>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294858031][C:\WINDOWS\RUNDLL32.EXE] <Microsoft Corporation><4.10.1998>
[PID: 4294881175][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL] <WinZip Computing, Inc.><3.0 (32-bit)>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL] <Yahoo! China><3, 0, 2, 1004>
[C:\WINDOWS\SYSTEM32\STDUP.DLL] <MStdup Co Ltd.><3, 2, 2, 3>
[C:\WINDOWS\SYSTEM\RAVEXT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL] <yahoo! china><3, 0, 7, 1051>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL] <Yahoo! China><3, 0, 1, 1010>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL] <yahoo! china><3, 2, 5, 1075>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\WINDOWS\WEBWORK\WEBWORK.DLL] <MSWebwork Cop.><1, 0, 0, 1>
[PID: 4294773743][C:\WINDOWS\EXPLORER.EXE] <Microsoft Corporation><4.72.3110.1>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294820531][C:\WINDOWS\SYSTEM\RPCSS.EXE] <Microsoft Corporation><4.71.2900>
[PID: 4294668287][C:\WINDOWS\SYSTEM\INTERNAT.EXE] <Microsoft Corporation><4.10.2222>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[PID: 4294664987][C:\WINDOWS\SYSTEM\SYSTRAY.EXE] <Microsoft Corporation><4.10.2222>
[PID: 4294663615][C:\WINDOWS\TASKMON.EXE] <Microsoft Corporation><4.10.1998>
[C:\WINDOWS\SYSTEM\N124UFW.DLL] <CANON INC.><2.050>
[C:\WINDOWS\SYSTEM\CNQU70.DLL] <CANON INC.><1, 0, 0, 3>
[PID: 4294663511][C:\WINDOWS\SYSTEM\STIMON.EXE] <Microsoft Corporation><4.10.2222>
[PID: 4294688255][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] <RealNetworks, Inc.><0.1.0.3292>
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294676191][C:\WINDOWS\LOADQM.EXE] <Microsoft Corporation><5.4.1103.3>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294680467][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294676643][C:\WINPENJR\WIN32\PPHIDPAD.EXE] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YNOTIFIER.DLL] <yahoo! china><3, 0, 0, 1000>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL] <Yahoo! China><3, 0, 1, 1010>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL] <yahoo! china><3, 2, 5, 1075>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[PID: 4294697839][C:\PROGRAM FILES\YAHOO!\ASSISTANT\YLIVE.EXE] <Yahoo! China><3, 0, 3, 1009>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294691843][C:\WINDOWS\SYSTEM\E_S6I3A1.EXE] <SEIKO EPSON CORPORATION><4.00>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\PROGRAM FILES\FOXMAIL\3RDPARTY\PUNYLIB.DLL] <CNNIC><1, 0, 0, 3>
[C:\PROGRAM FILES\FOXMAIL\3RDPARTY\ADDONS\AD\MSGAPI.DLL] <Tencent inc.><1.0.0.0>
[C:\PROGRAM FILES\FOXMAIL\FOXANTISPAM.DLL] <N/A><N/A>
[C:\PROGRAM FILES\FOXMAIL\PCRE.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294587927][C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE] <Tencent Inc.><6.04.104.20>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.DLL] <N/A><N/A>
[PID: 4294619299][C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE] <N/A><N/A>
[C:\WINDOWS\SYSTEM\EPIPPJ70.DLL] <SEIKO EPSON CORP.><3.0.2>
[C:\WINDOWS\SYSTEM\EPIPPJ60.DLL] <SEIKO EPSON CORP.><2.0.8>
[C:\WINDOWS\SYSTEM\EBPMON.DLL] <SEIKO EPSON CORPORATION><2, 45, 0, 0>
[C:\WINDOWS\SYSTEM\NMPMON.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\EPUSBMN.DLL] <SEIKO EPSON CORPORATION><3.01.046>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294627431][C:\WINDOWS\SYSTEM\SPOOL32.EXE] <Microsoft Corporation><4.10.1998>
[PID: 4294543139][C:\WINDOWS\SYSTEM\WMIEXE.EXE] <Microsoft Corporation><5.00.1755.1>
[C:\WINDOWS\SYSTEM\VTDD.DLL] <VIA/S3 Graphics Co, Ltd.><4.14.10.0059-16.01.23.15>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294282767][C:\WINDOWS\SYSTEM\DDHELP.EXE] <Microsoft Corporation><4.08.00.0400>
[C:\PROGRAM FILES\RISING\RAV\EXTOLE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL] <N/A><18, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL] <rising><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\REGMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
紫月鱼儿 - 2006-9-2 12:17:00
[PID: 4294595915][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[PID: 4294154975][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
[C:\PROGRAM FILES\RISING\RAV\SCANELF.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\PROGRAM FILES\RISING\RAV\EXTOLE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\EXTMAIL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\PROGRAM FILES\RISING\RAV\MVENGINE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\PROGRAM FILES\RISING\RAV\RAVUIMSG.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\RAVUI.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 64>
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\PLUGIN\RSPGSCAN.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[PID: 4294556747][C:\PROGRAM FILES\RISING\RAV\RAV.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 75>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8B.OCX] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\SYSTEM32\STDUP.DLL] <MStdup Co Ltd.><3, 2, 2, 3>
[C:\WINDOWS\SYSTEM\RAVEXT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YSETTINGS.DLL] <yahoo! china><3, 0, 3, 1006>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASIESEC.DLL] <Yahoo! China><3, 0, 0, 1000>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASWIPER.DLL] <Yahoo! China><3, 0, 0, 1000>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL] <Yahoo! China><3, 0, 0, 1000>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL] <Yahoo! China><3, 0, 2, 1004>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASNOAD.DLL] <yahoo! china><3, 0, 1, 1003>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YZSNETPROTO.DLL] <Yahoo! China><3, 0, 0, 1000>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YSEARCH.DLL] <Yahoo! China><3, 0, 4, 1005>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL] <yahoo! china><3, 0, 7, 1051>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALLIVEEX.DLL] <Yahoo! China><3, 0, 1, 1010>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL] <yahoo! china><3, 2, 5, 1075>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YSCRBLOCK.DLL] <Yahoo! China><3, 0, 0, 1000>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294742947][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPATCH.DLL] <Yahoo! China><3, 0, 3, 1009>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\YHELPER.DLL] <Yahoo! China><3, 0, 2, 1020>
[PID: 4294216523][I:\下载\瑞星病毒专杀\111\SRENG2\SRENG.EXE] <Smallfrogs Studio><2.0.21.505>
紫月鱼儿 - 2006-9-2 12:17:00
==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
我无邪 - 2006-9-2 13:21:00
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,文件关联,勾选“全选”点“修复”使所有扩展名都恢复正常
下载超级兔子,专业卸载。
http://www.pctutu.com/news.asp?id=92
安装好后,打开“winspeed”“专业卸载,卸载所有提示的垃圾软件,卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后,重启,再扫个日志粘上来。
紫月鱼儿 - 2006-9-2 14:37:00
以上了操作已经做好了,新的日志如下:
Smallfrogs (http://www.KZTechs.com)
Windows 98 SE -
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Foxmail><"C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE" -min> [Tencent Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<internat.exe><internat.exe> [Microsoft Corporation]
<SystemTray><SysTray.Exe> [Microsoft Corporation]
<ScanRegistry><C:\WINDOWS\scanregw.exe /autorun> [Microsoft Corporation]
<TaskMonitor><C:\WINDOWS\taskmon.exe> [Microsoft Corporation]
<StillImageMonitor><C:\WINDOWS\SYSTEM\STIMON.EXE> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<LoadQM><loadqm.exe> [Microsoft Corporation]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe> []
<EPSON Stylus C67 Series><C:\WINDOWS\SYSTEM\E_S6I3A1.EXE /P23 "EPSON Stylus C67 Series" /O5 "LPT1:" /M "Stylus C67"> [SEIKO EPSON CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<RavMon><"C:\Program Files\rising\Rav\RavMon.exe" -system> [Beijing Rising Technology Co., Ltd.]
<StdService><C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM32\STDSVER.DLL,Service> [MStdup Co Ltd.]
<WinWrCup><C:\WINDOWS\WINCUP\WINCUP.EXE -R> []
<RsCcenter><"C:\Program Files\rising\Rav\CCenter.exe"> [Beijing Rising Technology Co., Ltd.]
<RavMond><"C:\Program Files\rising\Rav\RavMond.exe"> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
==================================
启动文件夹
[Image Transfer]
<C:\WINDOWS\Start Menu\Programs\启动\Image Transfer.lnk><N>
==================================
服务
==================================
浏览器加载项
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL, $>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\KINGSOFT\FASTAIT\IEPLUGIN.DLL, $>
[网爪]
{0B47C180-9E84-11D3-9DE6-00A0CC2E4AA6} <C:\Program Files\ChinaClaw\ChinaClaw.exe, http://www.51357.com>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[Yahoo 1G电邮]
紫月鱼儿 - 2006-9-2 14:38:00
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8B.OCX, Macromedia, Inc.>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNMESSENGERSETUPDOWNLOADER.OCX, Microsoft Corporation>
[添加到中国网爪(&Z)]
<C:\Program Files\ChinaClaw\AddUrl.htm, N/A>
[添加所有或选择到中国网爪]
<C:\Program Files\ChinaClaw\AddAll.htm, N/A>
[添加到QQ自定义面板]
<C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm, N/A>
[上传到QQ网络硬盘]
<C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
<res://C:\WINDOWS\SYSTEM\fmrsslink.dll/201, N/A>
紫月鱼儿 - 2006-9-2 14:38:00
正在运行的进程
[C:\WINDOWS\SYSTEM\EPIPPJ70.DLL] <SEIKO EPSON CORP.><3.0.2>
[C:\WINDOWS\SYSTEM\EPIPPJ60.DLL] <SEIKO EPSON CORP.><2.0.8>
[C:\WINDOWS\SYSTEM\EBPMON.DLL] <SEIKO EPSON CORPORATION><2, 45, 0, 0>
[C:\WINDOWS\SYSTEM\NMPMON.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\EPUSBMN.DLL] <SEIKO EPSON CORPORATION><3.01.046>
[PID: 4294964575][C:\WINDOWS\SYSTEM\SPOOL32.EXE] <Microsoft Corporation><4.10.1998>
[PID: 4294958727][C:\WINDOWS\SYSTEM\MPREXE.EXE] <Microsoft Corporation><4.10.1998>
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[PID: 4294878299][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
[C:\WINDOWS\SYSTEM32\STDSVER.DLL] <MStdup Co Ltd.><3, 2, 2, 3>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294869603][C:\WINDOWS\RUNDLL32.EXE] <Microsoft Corporation><4.10.1998>
[PID: 4294880035][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL] <N/A><18, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL] <rising><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\REGMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[PID: 4294897627][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[PID: 4294661943][C:\WINDOWS\SYSTEM\PSTORES.EXE] <Microsoft Corporation><5.00.1877.3>
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\WINDOWS\WEBWORK\WEBWORK.DLL] <MSWebwork Cop.><1, 0, 0, 1>
[C:\WINDOWS\SYSTEM\RAVEXT.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 4294651899][C:\WINDOWS\EXPLORER.EXE] <Microsoft Corporation><4.72.3110.1>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294743359][C:\WINDOWS\SYSTEM\RPCSS.EXE] <Microsoft Corporation><4.71.2900>
[PID: 4294732215][C:\WINDOWS\SYSTEM\INTERNAT.EXE] <Microsoft Corporation><4.10.2222>
[PID: 4294586919][C:\WINDOWS\SYSTEM\SYSTRAY.EXE] <Microsoft Corporation><4.10.2222>
[PID: 4294602191][C:\WINDOWS\TASKMON.EXE] <Microsoft Corporation><4.10.1998>
[C:\WINDOWS\SYSTEM\N124UFW.DLL] <CANON INC.><2.050>
[C:\WINDOWS\SYSTEM\CNQU70.DLL] <CANON INC.><1, 0, 0, 3>
[PID: 4294600643][C:\WINDOWS\SYSTEM\STIMON.EXE] <Microsoft Corporation><4.10.2222>
[PID: 4294593199][C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] <RealNetworks, Inc.><0.1.0.3292>
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] <N/A><N/A>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294597675][C:\WINDOWS\LOADQM.EXE] <Microsoft Corporation><5.4.1103.3>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294594683][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[PID: 4294614967][C:\WINPENJR\WIN32\PPHIDPAD.EXE] <N/A><N/A>
[PID: 4294601335][C:\WINDOWS\SYSTEM\E_S6I3A1.EXE] <SEIKO EPSON CORPORATION><4.00>
[C:\PROGRAM FILES\FOXMAIL\3RDPARTY\PUNYLIB.DLL] <CNNIC><1, 0, 0, 3>
[C:\PROGRAM FILES\FOXMAIL\3RDPARTY\ADDONS\AD\MSGAPI.DLL] <Tencent inc.><1.0.0.0>
[C:\PROGRAM FILES\FOXMAIL\FOXANTISPAM.DLL] <N/A><N/A>
[C:\PROGRAM FILES\FOXMAIL\PCRE.DLL] <N/A><N/A>
紫月鱼儿 - 2006-9-2 14:38:00
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294637335][C:\PROGRAM FILES\FOXMAIL\FOXMAIL.EXE] <Tencent Inc.><6.04.104.20>
[C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.DLL] <N/A><N/A>
[PID: 4294538547][C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE] <N/A><N/A>
[PID: 4294444059][C:\WINDOWS\SYSTEM\WMIEXE.EXE] <Microsoft Corporation><5.00.1755.1>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[PID: 4294406543][I:\下载\瑞星病毒专杀\111\SRENG2\SRENG.EXE] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] <N/A><N/A>
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] <rising><18, 0, 0, 1>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4294493807][C:\PROGRAM FILES\RISING\RAV\SMARTUP.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 71>
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 25>
==================================
文件关联
.TXT OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
紫月鱼儿 - 2006-9-2 14:40:00
hijackThis的日志需要扫上来吗?
我无邪 - 2006-9-2 14:48:00
ALT+CTRL+DELETE调出任务管理器,终止所有RUNDLL32.EXE 的进程
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“启动项目,注册表”来删除以下选项。
C:\WINDOWS\SYSTEM32\STDSVER.DLL
C:\WINDOWS\WINCUP\WINCUP.EXE
删除
C:\WINDOWS\SYSTEM32\STDSVER.DLL
C:\WINDOWS\WINCUP\WINCUP.EXE
第一项可能你无法删除,兔子你用了?这个应该没有问题的。
紫月鱼儿 - 2006-9-2 15:06:00
恩~兔子已用了,STDSVER。DLL 已找到并删除了,
C:\WINDOWS\WINCUP\WINCUP.EXE在注册表里已删除,但是它的文件及文件夹在电脑里都查找不到。只找到一个WINCUP.lgc的文件是在C:\WINDOWS\applog 中的
我无邪 - 2006-9-2 15:07:00
那你的系统还有异常吗?
紫月鱼儿 - 2006-9-2 15:20:00
网页似乎没有跳了,哈哈~~~
谢谢你呀~~~
以前是一开社区或是其它什么网站就带着出来,现在没有了,太好了!我在多试几次呵,谢谢你!!!!
1
© 2000 - 2026 Rising Corp. Ltd.