【求助】IE首页被恶意改为4199 bbs.ikaka.com

枫城吻之の恋 - 2006-9-20 11:49:00

麻烦高手看下扫描日志帮忙解决下:
ijackThis_zww汉化版扫描日志 V1.99.1
保存于 11:23:43, 日期 2006-9-20
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscntfy.exe
H:\QQ\QQ.exe
H:\QQ\TIMPlatform.exe
C:\Documents and Settings\老婆老婆我爱你\Local Settings\Temp\Nonsenser.Com
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\老婆老婆我爱你\Local Settings\Temp\theopen.exe
F:\hijackthis\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com

枫城吻之の恋 - 2006-9-20 11:49:00

ijackThis_zww汉化版扫描日志 V1.99.1
保存于 11:23:43, 日期 2006-9-20
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wscntfy.exe
H:\QQ\QQ.exe
H:\QQ\TIMPlatform.exe
C:\Documents and Settings\老婆老婆我爱你\Local Settings\Temp\Nonsenser.Com
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\老婆老婆我爱你\Local Settings\Temp\theopen.exe
F:\hijackthis\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com

deadmanzj - 2006-9-20 11:55:00

C:\WINDOWS\system32\Realplayer.exe参考置顶，下载专杀

结束
C:\WINDOWS\svchost.exe
修复
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com

日志不全

枫城吻之の恋 - 2006-9-20 11:59:00

请稍等下喔我扫描下完整日志

枫城吻之の恋 - 2006-9-20 12:04:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<svc><C:\WINDOWS\svchost.exe> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<91cast><> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{C0B48E6A-07D9-2052-0515-060403060056}><"C:\Program Files\Common Files\{C0B48E6A-07D9-2052-0515-060403060056}\Update.exe" > []
<zz><C:\WINDOWS\system32\intenet.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<Update><C:\Program Files\Common Files\UPDATE2\Update.exe> []
<svc><C:\WINDOWS\svchost.exe> []
<sysmini><C:\WINDOWS\system32\sysmini.exe> []
<realtpsk><C:\WINDOWS\system\realsched.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe> []
<91cast><> []
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<rundll><rundll32 user.dll s> []
<Synchronization><rundll32.exe C:\WINDOWS\system32\MSCOMCT32.dll,DllUnregisterServer> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

枫城吻之の恋 - 2006-9-20 12:04:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\493db900.dll> []

==================================
启动文件夹
[IE-Bar]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-Bar.lnk><N>

==================================
服务
[ATK Keyboard Service / ATKKeyboardService]
<C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows2 Disk Applications Manager Service / WDAMS2]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe><N/A>

==================================
浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5064.dll, N/A>
[ui Class]
{16DCA182-CFB2-4a4d-9E6A-6292559688CE} <C:\WINDOWS\system32\SPORD0R.dll, >
[ComBho]
{1F80EA54-211C-4A3A-9C4E-C3F19D589079} <C:\WINDOWS\system32\iScreensaver.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <H:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, IE Toolbar>
[JMX.JmxCenter]
{63859236-76BF-493C-A587-DF479EBA2D4B} <C:\WINDOWS\system32\EJMX.dll, 广州盛行网络有限公司>
[XBTP05676 Class]
{72BA415A-AE03-4279-ACAB-39A3DF73FD4E} <C:\PROGRA~1\BBMAOT~1\BBMAO_~1.DLL, IE Toolbar>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\rundll32.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <h:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IEHlprObj Class]
{953C1DBE-D287-4C00-BF50-E1AD5A2D3276} <C:\WINDOWS\system32\KEHelper.dll, >
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\493ob900.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <h:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <H:\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <H:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[bbmao Toolbar]
{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} <C:\Program Files\bbmao toolbar\bbmao_tb_v1_0_pd1002.dll, IE Toolbar>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll, IE Toolbar>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5064.dll, N/A>
[ui Class]
{16DCA182-CFB2-4A4D-9E6A-6292559688CE} <C:\WINDOWS\system32\SPORD0R.dll, >
[ComBho]
{1F80EA54-211C-4A3A-9C4E-C3F19D589079} <C:\WINDOWS\system32\iScreensaver.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]

枫城吻之の恋 - 2006-9-20 12:05:00

{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <H:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[XBTP03129 Class]
{6029B367-250A-4696-925C-641709CA7381} <C:\PROGRA~1\KUAISO~1\KUAISO~1.DLL, IE Toolbar>
[JMX.JmxCenter]
{63859236-76BF-493C-A587-DF479EBA2D4B} <C:\WINDOWS\system32\EJMX.dll, 广州盛行网络有限公司>
[bbmao Toolbar]
{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} <C:\Program Files\bbmao toolbar\bbmao_tb_v1_0_pd1002.dll, IE Toolbar>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll, IE Toolbar>
[XBTP05676 Class]
{72BA415A-AE03-4279-ACAB-39A3DF73FD4E} <C:\PROGRA~1\BBMAOT~1\BBMAO_~1.DLL, IE Toolbar>
[CpapView Class]
{77962960-536E-47EC-9DDB-52651519705F} <C:\WINDOWS\system32\rundll32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <h:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IEHlprObj Class]
{953C1DBE-D287-4C00-BF50-E1AD5A2D3276} <C:\WINDOWS\system32\KEHelper.dll, >
[perfdp]
{995FF616-7583-4D6B-9675-EED24EDC93BB} <C:\WINDOWS\system32\perfidp.dll, >
[DDOC]
{A64E86D2-203D-4145-AA9B-2425BAF568E9} <C:\WINDOWS\system32\henroer.dll, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <, N/A>
[Webacc Class]
{CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\system32\svchost.dll, >
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\493ob900.dll, N/A>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[&使用迅雷下载]
<h:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<h:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<H:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<H:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<H:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<H:\QQ\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 628][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 676][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[PID: 924][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[PID: 1068][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1084][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 1148][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[PID: 1252][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[PID: 1304][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>

枫城吻之の恋 - 2006-9-20 12:05:00

\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 16>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1400][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1584][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 1948][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\Rsvtub.dll] <N/A><N/A>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[C:\WINDOWS\system32\MSCOMCT32.dll] <Microsoft Corporation><6.00.8804>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\navangel.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8421>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[C:\WINDOWS\system32\EJMX.dll] <广州盛行网络有限公司><1.03.0005>
[h:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\henroer.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\svchost.dll] <><1, 0, 0, 1>
[C:\Program Files\kuzhan\kuzhan.dll] <Fengcent><1, 0, 0, 2>
[C:\WINDOWS\493ob900.dll] <N/A><N/A>

枫城吻之の恋 - 2006-9-20 12:05:00

Files\Analog Devices\Core\smax4pnp.exe] <Analog Devices, Inc.><6, 0, 0, 61>
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] <Analog Devices, Inc.><6, 0, 4400, 9>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 220][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] <Analog Devices, Inc.><5, 2, 0, 28>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 268][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 324][C:\Program Files\Common Files\UPDATE2\Update.exe] <N/A><N/A>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 332][C:\WINDOWS\svchost.exe] <N/A><N/A>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 352][C:\WINDOWS\system\realsched.exe] <N/A><N/A>
[C:\WINDOWS\system\vp_VM.dll] <N/A><N/A>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 364][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3536>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 472][C:\Program Files\CNNIC\Cdn\cdnup.exe] <><2, 4, 0, 6>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] <CNNIC><2, 2, 0, 3>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 548][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 648][C:\WINDOWS\ATKKBService.exe] <ASUSTeK COMPUTER INC.><1, 0, 0, 0>
[PID: 888][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8421>
[PID: 1720][C:\program files\internet explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 2248][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2784][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 3508][H:\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[H:\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[H:\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[H:\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\QQAPI.dll] <><1, 0, 0, 1>
[H:\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[H:\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[H:\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[H:\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[H:\QQ\QQMainFrame.dll] <N/A><N/A>
[H:\QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[H:\QQ\NewSkin.dll] <><1, 0, 0, 1>
[H:\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[H:\QQ\CameraDll.dll] <><1, 0, 0, 1>
[H:\QQ\MailSummary.dll] <><1, 0, 0, 1>
[H:\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[H:\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[H:\QQ\GroupLive.dll] <N/A><N/A>
[H:\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[H:\QQ\QQPlugin.dll] <N/A><N/A>
[H:\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[H:\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\macromed\flash\flash.ocx] <Macromedia, Inc.><6,0,79,0>
[H:\QQ\QQAvatar.dll] <N/A><N/A>
[H:\QQ\QQAllInOne.dll] <N/A><N/A>
[H:\QQ\SCCore.dll] <TENCENT><2, 0, 0, 1>
[H:\QQ\QQPet.dll] <><1, 0, 0, 1>
[H:\QQ\QQCustomFace.dll] <N/A><N/A>
[H:\QQ\QRingMng.dll] <N/A><N/A>
[H:\QQ\QQSceneMng.dll] <N/A><N/A>
[H:\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[H:\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[H:\QQ\VPortal.dll] <><1, 0, 0, 4>
[H:\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[H:\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[H:\QQ\QQSysMsgMng.dll] <N/A><N/A>
[H:\QQ\InPlus.dll] <Tencent><1, 6, 0, 0>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[H:\QQ\BQQApplication.dll] <N/A><N/A>
[H:\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[H:\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[H:\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[H:\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[H:\QQ\videodevice.dll] <Tencent><1, 6, 0, 0>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[H:\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[H:\QQ\VqqModule.dll] <><1, 0, 0, 1>
[H:\QQ\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[H:\QQ\VqqAllInOne.dll] <Tencent><1, 6, 0, 0>
[H:\QQ\tencent-proto1.dll] <tencent><1, 6, 0, 0>
[H:\QQ\tencent-comlib.dll] <tencent><1, 6, 0, 0>
[H:\QQ\tencent-proto2.dll] <tencent><1, 6, 0, 0>
[H:\QQ\QQFileTransfer.dll] <Tencent><0, 3, 3, 5>
[PID: 4000][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 3704][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\2b66203\1.dll] <千橡互联><3, 0, 2, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[C:\2b66203\3.dll] <千橡互联><3, 0, 2, 8>
[C:\2b66203\4.dll] <千橡互联><3, 0, 2, 8>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[PID: 3448][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3808][F:\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 3>
[H:\QQ\DShared.dll] <Tencent><1, 6, 0, 0>
[C:\WINDOWS\system32\user.dll] <N/A><N/A>
[C:\WINDOWS\system32\SrvDll.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 2620][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\windows\system32\urlmons32.dll] <N/A><N/A>
[PID: 3180][C:\WINDOWS\system32\drwtsn32.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

FireWall和IDS - 2006-9-20 12:07:00

F8，安全模式下，用最新病毒库的瑞星查杀。在系统完全启动的第一时间里，扫个日志上来看看。

Flying1889 - 2006-9-20 12:08:00

<svc><C:\WINDOWS\svchost.exe> []
<Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe
按照2楼的朋友说的做

枫城吻之の恋 - 2006-9-20 12:09:00

我早试过了!现在就是杀好毒扫描的日志

FireWall和IDS - 2006-9-20 12:11:00

是不是在安全模式下？

枫城吻之の恋 - 2006-9-20 12:12:00

恩！杀了４个毒　其中一个是在Ｃ盘里的

Flying1889 - 2006-9-20 12:14:00

关掉还原

枫城吻之の恋 - 2006-9-20 12:14:00

这是C盘的病毒　其他３个都是游戏的！不在系统盘里杀的

附件: 6945362006920120620.jpg

枫城吻之の恋 - 2006-9-20 12:15:00

除了系统还原没有别的办法了吗

Flying1889 - 2006-9-20 12:16:00

不是喊你还原..

Flying1889 - 2006-9-20 12:17:00

打开我的电脑属性--系统还原--在所有驱动器上关闭系统还原打钩,然后安全模式断网操作杀毒

deadmanzj - 2006-9-20 12:18:00

C:\WINDOWS\system32\Realplayer.exe参考置顶，下载专杀

打开SREng 启动项目注册表删除
<svc><C:\WINDOWS\svchost.exe> []
<zz><C:\WINDOWS\system32\intenet.exe> []
<Update><C:\Program Files\Common Files\UPDATE2\Update.exe> []
<svc><C:\WINDOWS\svchost.exe> []
<sysmini><C:\WINDOWS\system32\sysmini.exe> []
<realtpsk><C:\WINDOWS\system\realsched.exe> []
<91cast><> []
<rundll><rundll32 user.dll s> []
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys> []
<DelayRun><C:\WINDOWS\493db900.dll> []

<Userinit><userinit.exe,> 修改成<Userinit><C:\WINDOWS\system32\userinit.exe,>

启动项目服务WIN32 删除
[Windows2 Disk Applications Manager Service / WDAMS2]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe><N/A>

重启，安全模式删除
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\intenet.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\sysmini.exe
C:\WINDOWS\system\realsched.exe
C:\WINDOWS\system32\user.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\Program Files\Internet Explorer\PLUGINS\system2.sys
C:\WINDOWS\493db900.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe（这个删除前先压缩，加密123，等回到正常模式，发送到gudugd@yahoo.com.cn

C:\WINDOWS\system32\SrvDll.dll

回到正常模式，去我的E盘下载killbiox（我的E盘见我签名），填上要删除的文件，勾上删除前先结束Explorer.exe，删除DLL文件前先反注册此文件，替换文件和替换后重启电脑

FireWall和IDS - 2006-9-20 12:19:00

看了日志，头晕啊。

deadmanzj - 2006-9-20 12:21:00

卸载IE-bar，在IE-bar的文件夹里有个卸载程序的。。。卸掉后，删除那个文件夹，楼上面的别灌水了。。。

ruirui888888 - 2006-9-20 12:27:00

我的找不到IT-BAR啊.我也是被4199修改了主页!

deadmanzj - 2006-9-20 12:36:00

IE-bar是流氓，主页问题不是他搞的鬼，别的毒搞的

ruirui888888 - 2006-9-20 12:43:00

那我杀了毒后然后用卡卡修复主页后,停一会又自动改4199,怎么办啊,用改主页7939的办法能不能把4199这个恶意篡改主页网址给彻底弄掉??

瑞星卡卡安全论坛