【求助】about-blank.cc(10.7增加新的截图和日志)www.piaoxue.com bbs.ikaka.com

菲西 - 2006-9-21 0:31:00

Logfile of HijackThis v1.99.1
Scan saved at 0:02:35, on 2006-9-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Adobe\Photoshop CS\Photoshop.exe
F:\重大数图\FlashFXP 2.0汉化版.rar\SREng2\SREng.exe
d:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe
E:\tools\hijackthis_16091\hijackthis_16091\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdog1.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdogr0.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tcpipdogr0.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{259363B3-B6E8-40F4-A330-7D04FE148264}: NameServer = 202.202.0.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{259363B3-B6E8-40F4-A330-7D04FE148264}: NameServer = 202.202.0.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{259363B3-B6E8-40F4-A330-7D04FE148264}: NameServer = 202.202.0.33
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe

菲西 - 2006-9-21 0:34:00

2006-09-21,00:06:15

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================

菲西 - 2006-9-21 0:36:00

浏览器加载项
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
<D:\Program Files\BitSpirit\bsurl.htm, N/A>

菲西 - 2006-9-21 0:36:00

正在运行的进程
[PID: 320][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 368][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 392][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 436][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 448][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 596][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 732][d:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 748][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 880][d:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[d:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[d:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[d:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[d:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[d:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[d:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[d:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[d:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[d:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[d:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[d:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[d:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[d:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 16>
[d:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[d:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[d:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[d:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 944][d:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[d:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[d:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[d:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[d:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[d:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1072][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\pdfports.dll] <Adobe Systems Incorporated.><5.0.000>
[d:\Program Files\Adobe\Acrobat 5.0\Distillr\ADistRes.CHS] <Adobe Systems Incorporated.><5.0.0.0>

菲西 - 2006-9-21 0:37:00

[PID: 1156][d:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1600][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[d:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[D:\tools\WinRAR\rarext.dll] <N/A><N/A>
[d:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll] <><1, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1768][d:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[d:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1996][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 1404][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1436][D:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 2208][D:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe] <N/A><N/A>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 2412][C:\WINDOWS\system32\mspaint.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2584][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[d:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[d:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,2,0>
[PID: 2732][D:\Program Files\Adobe\Photoshop CS\Photoshop.exe] <Adobe Systems, Incorporated><8.0.1 (8.0x125)>
[D:\Program Files\Adobe\Photoshop CS\UID.mr.dll] <Adobe Systems, Inc.><1, 1, 0, 0>
[D:\Program Files\Adobe\Photoshop CS\AWSCommonUI.dll] <Adobe Systems, Incorporated><3.0.0.432>
[D:\Program Files\Adobe\Photoshop CS\AWSSCL.dll] <Adobe Systems><4.0.0.34>
[D:\Program Files\Adobe\Photoshop CS\WebAccessUtils.dll] <Adobe Systems, Incorporated><3.0.0.432>
[D:\Program Files\Adobe\Photoshop CS\BIBUtils.dll] <Adobe Systems Incorporated><1.00.0>
[D:\Program Files\Adobe\Photoshop CS\Photoshop.dll] <N/A><N/A>
[D:\Program Files\Adobe\Photoshop CS\PSViews.dll] <Adobe Systems, Incorporated><8.0.1 (8.0x125)>
[D:\Program Files\Adobe\Photoshop CS\PSArt.dll] <Adobe Systems, Incorporated><8.0.1 (8.0x125)>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\AD2KRePi.DLL] <Adobe Systems Inc.><1, 0, 0, 1>
[D:\Program Files\Adobe\Photoshop CS\asn.er.dll] <Adobe Systems Incorporated><1.51x3, EndUser, Release>
[D:\Program Files\Adobe\Photoshop CS\Plug-Ins\扩展\FastCore.8BX] <Adobe Systems, Incorporated><8.0.1 (8.0x126)>
[D:\Program Files\Adobe\Photoshop CS\PLUGIN.dll] <Adobe Systems, Incorporated><8.0.1 (8.0x125)>
[D:\Program Files\Adobe\Photoshop CS\Plug-Ins\扩展\MMXCore.8BX] <Adobe Systems, Incorporated><8.0.1 (8.0x126)>
[D:\Program Files\Adobe\Photoshop CS\Required\ADMPlugin.apl] <Adobe Systems Incorporated><2.84pe69a 02.06.17-00:03:36h>
[D:\Program Files\Adobe\Photoshop CS\Required\PNGIcons.apl] <Adobe Systems Incorporated><1.21x7 2001.12.14-1602h.21s>
[D:\Program Files\Adobe\Photoshop CS\Required\ASDataStream.apl] <Adobe Systems Incorporated><1.02x7 02.02.15-01:45:06h>
[D:\Program Files\Adobe\Photoshop CS\Plug-Ins\解析程序\PDF 增效工具.8BI] <Adobe Systems, Incorporated><8.0.1 (8.0x126)>
[D:\Program Files\Adobe\Photoshop CS\BIB.dll] <Adobe Systems Incorporated><1.1.16>
[D:\Program Files\Adobe\Photoshop CS\JP2KLib.dll] <Adobe systems Incorporated><1.0.28706>
[D:\Program Files\Adobe\Photoshop CS\Plug-Ins\文件格式\Camera Raw.8BI] <Adobe Systems Incorporated><2.0>
[D:\Program Files\Adobe\Photoshop CS\ACE.dll] <Adobe Systems Incorporated><2.05.16>
[D:\Program Files\Adobe\Photoshop CS\AGM.dll] <Adobe Systems Incorporated><4.12.36>
[D:\Program Files\Adobe\Photoshop CS\CoolType.dll] <Adobe Systems Incorporated><4.14.20>
[C:\WINDOWS\system32\ATMLIB.dll] <Adobe Systems><5.1 Build 226>
[D:\Program Files\Adobe\Photoshop CS\AWSCommonSymbols.dll] <Adobe Systems, Incorporated><3.0.0.432>
[D:\Program Files\Adobe\Photoshop CS\ARM.dll] <Adobe Systems, Incorporated><3.0.0.432>
[D:\Program Files\Adobe\Photoshop CS\FileInfo.dll] <Adobe Systems, Incorporated><3.0.0.432>
[D:\Program Files\Adobe\Photoshop CS\Plug-Ins\Adobe Photoshop Only\自动\脚本支持.8li] <Adobe Systems Incorporated><8.0>
[D:\Program Files\Adobe\Photoshop CS\ExtendScriptIDE.dll] <Adobe Systems, Incorporated><3.2.21>
[D:\Program Files\Adobe\Photoshop CS\ExtendScript.dll] <Adobe Systems, Incorporated><3.2.21>
[D:\Program Files\Adobe\Photoshop CS\ScCore.dll] <Adobe Systems, Incorporated><3.2.21>
[D:\Program Files\Adobe\Photoshop CS\Tw10122.dat] <Adobe Systems, Incorporated><8.0.1 (8.0x125)>
[PID: 3044][F:\重大数图\FlashFXP 2.0汉化版.rar\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[F:\重大数图\FlashFXP 2.0汉化版.rar\SREng2\Plugins\SREngPluginDemo.SRE] <Smallfrogs Studio><1, 1, 1, 0>
[PID: 3360][d:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe] <IDM Computer Solutions, Inc.><11.10+3>
[d:\Program Files\IDM Computer Solutions\UltraEdit-32\TIDYLIB.dll] <N/A><N/A>
[d:\Program Files\IDM Computer Solutions\UltraEdit-32\SftpDLL.dll] <WeOnlyDo! COM><2, 2, 2, 10>
[d:\Program Files\IDM Computer Solutions\UltraEdit-32\ueres.dll] <IDM Computer Solutions, Inc.><11.10+1>
[PID: 3532][C:\WINDOWS\system32\NOTEPAD.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

菲西 - 2006-9-21 0:37:00

另：hosts文件没有问题

xmg555 - 2006-9-21 11:04:00

我的IE也中奖了．用瑞星注册表修复工具修复后，再扫描仍然存在．并且，还可以把瑞星的监控关闭．无奈
我按手动修改IE不能修复．可是修改了不到１秒钟．就立即被篡改了．
我又展开注册表解决，结果到（３）步，也不行...
(1)在Windows启动后，点击“开始→运行”菜单项，在“打开”栏中键入regedit，然后单击“确定”键；
(2)展开注册表到：
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main，在右半部分窗口中找到串值“Start Page”双击，将Start Page的键值改为“about:blank”即可；
(3)同理，展开注册表到：
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main，在右半部分窗口中找到串值“Start Page”，然后按(2)中所述方法处理。

求助各位老师！请能给个解决的办法．
我讨厌这些流氓软件，讨厌这些垃圾广告．

附件: 7538002006921105625.gif

xmg555 - 2006-9-21 11:06:00

用工具修复不起作用

附件: 7538002006921105753.gif

xmg555 - 2006-9-21 11:42:00

注册表

附件: 7538002006921113412.gif

我无邪 - 2006-9-21 13:12:00

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\mswdm.exe
删除
C:\WINDOWS\system32\mswdm.exe
有异常你描述一下。

菲西 - 2006-9-25 16:49:00

没有任何异常
删掉了mswdm.exe，但是首页仍然被劫持为about-blank.cc

sjhqqq - 2006-9-26 11:22:00

【回复“菲西”的帖子】
我的电脑也是中了这个病毒,,你现在解决了吗

与病毒势不两立 - 2006-9-28 15:13:00

到system32\drivers目录下，找到aaaaaadd.sys（6个字母跟两个数字)类型的驱动，大小为9216字节，在我机器上是iomibj24.sys和mmxowd94.sys。删掉，就行了。

高义龙哈哈 - 2006-9-28 22:21:00

哈哈
我也种召了
关注楼主怎样解决

附件: 7319212006928221339.jpg

秋日里的蓝天 - 2006-9-28 22:50:00

【回复“高义龙哈哈”的帖子】
请楼主把日志扫描上来
用HIJACKTHIS和SRENG各扫描一份

发新贴

高义龙哈哈 - 2006-9-28 23:28:00

引用:

【秋日里的蓝天的贴子】【回复“高义龙哈哈”的帖子】
请楼主把日志扫描上来
用HIJACKTHIS和SRENG各扫描一份

发新贴
………………

ijackThis_815汉化版扫描日志 V1.99.1
保存于 22:38:07, 日期 2006-9-28
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\系统美化\styler工具栏\Styler.exe
D:\主页浏览\遨游1.33\Maxthon.exe
C:\WINDOWS\system32\PYINTAU.EXE
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\GAOYILONG\桌面\roguecleaner\roguecleaner\RogueCleaner.exe
D:\系统优化\HijackThis1991汉化版\HijackThis.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O3 - IE工具栏增项: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\系统美化\styler工具栏\TB\StylerTB.dll (file missing)
O4 - 启动项HKLM\\Run: [kis] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 快捷方式到 Styler.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 使用 IDM 下载 - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载所有链接 - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - IE右键菜单中的新增项目: 使用WellGet下载(&W) - D:\Program Files\WellGet\nxcatch.htm
O8 - IE右键菜单中的新增项目: 使用WellGet下载全部链接(&D) - D:\Program Files\WellGet\nxall.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\文字处理\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45CFB8B-C60F-4712-B088-F79A9DB7D317}: NameServer = 61.134.1.4 218.30.19.40
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - NT 服务: 卡巴斯基互联网安全套装 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

我无邪 - 2006-9-28 23:32:00

这日志看不出问题
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

高义龙哈哈 - 2006-9-29 3:15:00

恩
我gho了系统
不好意思

草原野狼 - 2006-9-29 8:48:00

我也是受害者,

与病毒势不两立 - 2006-9-29 9:35:00

查杀这个木马花了很多时间。卡巴和诺顿都杀不出。
现在的木马厉害的，躲在驱动里，ring0运行！

游客58618 - 2006-9-30 16:37:00

什么时候，瑞星才能杀啊？？？

秋日里的蓝天 - 2006-9-30 16:43:00

请问一下，是在什么网站中招的

游客58618 - 2006-9-30 17:05:00

记不得了，您在网上搜一下，最近反映挺多的，360论坛也有，如：
http://bbs.360safe.com/viewthread.php?tid=8673

希望瑞星能早日解决。

（我是瑞星用户啊）

天使之剑 - 2006-9-30 20:00:00

【回复“菲西”的帖子】
请楼主执行以下操作：
打开SREng，点击“启动项目”，抽出“服务”选项卡，点击“驱动程序”按钮，分段截图后贴上来。

游客58618 - 2006-10-1 12:44:00

楼主可能已经解决了，我的同事机器也中招了，现在放假不能去试SRENG扫描了，好像是什么视频netmeeting 之类的软件上中的，还有谁也中招的，可上来说说。

游客58618 - 2006-10-2 14:21:00

ddddddddddddddddd

熊猫超人 - 2006-10-2 14:51:00

1.预览器属性中可修改主页
2.用瑞星查杀预览器组建
3.用注册表修复
4.看看防火墙有没有显示异常软件活动（打开预览器后）

菲西 - 2006-10-7 0:18:00

忙了一段时间都没有空，不过一直在关注，好像越来越多的人开始被感染了
仍没有找到有效的方法，不甘心，所以一直留着那个系统
以下是我扫描的sreng日志：

2006-10-07,00:04:43

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <d:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\tools\网际快车FlashGet(JetCar) v1.65 Final 中文绿色版\FlashGet1.65\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
<D:\Program Files\BitSpirit\bsurl.htm, N/A>

菲西 - 2006-10-7 0:19:00

正在运行的进程
[PID: 316][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 372][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 396][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 440][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 452][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 604][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 664][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 736][d:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 752][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 896][d:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[d:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[d:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[d:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[d:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[d:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[d:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[d:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[d:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[d:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[d:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[d:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[d:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[d:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[d:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[d:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 16>
[d:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[d:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[d:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[d:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[d:\Program Files\Rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 952][d:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[d:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[d:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[d:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[d:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[d:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1100][d:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[d:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1188][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\pdfports.dll] <Adobe Systems Incorporated.><5.0.000>
[d:\Program Files\Adobe\Acrobat 5.0\Distillr\ADistRes.CHS] <Adobe Systems Incorporated.><5.0.0.0>
[PID: 1348][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 1368][d:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[d:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1656][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1680][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 236][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 1232][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1264][D:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1256][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2196][D:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe] <N/A><N/A>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[PID: 3592][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[d:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,2,0>
[PID: 3756][E:\tools\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\TcpIpDog1.dll] <N/A><N/A>
[d:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>

瑞星卡卡安全论坛