经常弹出IE网页 bbs.ikaka.com

碧空 - 2006-10-24 12:48:00

我的电脑经常弹出IE网页广告，以下是我的两个系统扫描报告，请求帮忙解决，谢谢！

碧空 - 2006-10-24 12:49:00

Logfile of HijackThis v1.99.1
Scan saved at 12:27:57, on 2006-10-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Nero 7\InCD\InCDsrv.exe
E:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
E:\Tencent\TT\TTraveler.exe
E:\Tencent\QQ\QQ.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe

O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\Kingsoft\FastAIT 2006\IEBand.dll
O3 - Toolbar: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - (no file)
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Download by NetAnts - E:\NetAnts\NAGet.htm
O8 - Extra context menu item: Add to QQ Emoticons - E:\Tencent\SanookQQ\AddEmotion.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用Web迅雷下载 - E:\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用脱兔下载 - E:\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - E:\Tuotu\TT_all.htm
O8 - Extra context menu item: 使用超级解霸播放 - d:\Herosoft\Hero 9\MPURLGET.HTM
O8 - Extra context menu item: 使用迅雷下载 - e:\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\QQ\SendMMS.htm

碧空 - 2006-10-24 12:50:00

O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - d:\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\NetAnts\NetAnts.exe
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\SanookQQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Sanook! QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Tencent\SanookQQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 中文上网
O14 - IERESET.INF: START_PAGE_URL=http://www.9991.com/?duote
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\AutodeskAutoCAD 2002\InstFred.ocx
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (MofileUploadX Control) - http://www.mofile.com/activex/UploadFX.CAB
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://D:\AutodeskAutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\AutodeskAutoCAD 2002\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://D:\AutodeskAutoCAD 2002\AcPreview.ocx
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6401B5BE-108A-4C01-A455-82229941E83E}: NameServer = 202.96.128.166,61.144.56.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5A6B2D-C384-492E-8043-C465BA642D9E}: NameServer = 202.96.128.166,61.144.56.101
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Alcohol 120\StarWind\StarWindService.exe

碧空 - 2006-10-24 12:51:00

2006-10-24,12:32:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> [北京三七二一科技有限公司]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><; d:\Herosoft\Hero 9\解霸屏保.SCR> []

==================================
启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Crypkey License / Crypkey License]
<crypserv.exe><Kenonic Controls Ltd.>
[Dcopiio / Dcopiio]
<><N/A>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[InCD Helper / InCDsrv]
<D:\Nero 7\InCD\InCDsrv.exe><Nero AG>
[NBService / NBService]
<D:\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService]
<E:\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[Standard Update Net Service / stdupnet]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><N/A>

==================================
浏览器加载项
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[豪杰超级解霸9]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Herosoft\Hero 9\STHSDVD.EXE, herosoft>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[NetAnts]
{57E91B47-F40A-11D1-B792-444553540000} <E:\NetAnts\NetAnts.exe, >
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\SanookQQ\QQ.EXE, M-web ( Thailand ) Limited>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet\flashget.exe, FlashGet.com>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\FlashGet\fgiebar.dll, Amaze Soft>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[InstaFred]
{1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINDOWS\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[MofileUploadX Control]
{7260569F-1D40-4E7F-B95B-2E68D35668B9} <C:\WINDOWS\DOWNLO~1\MoUpload.ocx, >
[AcDcToday 控件]
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[NOXLATE-BANR]
{AE563722-B4F5-11D4-A415-00108302FDFD} <C:\WINDOWS\DOWNLO~1\InstBanr.ocx, Autodesk, Inc.>
[AcPreview 控件]
{F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[CLDown Object]
{0BECAB3A-E1F8-45E6-8332-38DD750EBA01} <E:\Tuotu\TuoTuHelper.dll, N/A>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <E:\FlashGet\jccatch.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\FlashGet\fgiebar.dll, Amaze Soft>
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <E:\FlashGet\getflash.dll, N/A>
[&Download by NetAnts]
<E:\NetAnts\NAGet.htm, N/A>
[Add to QQ Emoticons]
<E:\Tencent\SanookQQ\AddEmotion.htm, N/A>
[Download &All by NetAnts]
<E:\NetAnts\NAGetAll.htm, N/A>
[E&xport to Microsoft Excel]
<res://D:\MICROS~1\Office12\EXCEL.EXE/3000, N/A>
[上传到QQ网络硬盘]
<E:\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<E:\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<E:\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用网际快车下载]
<E:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\FlashGet\jc_all.htm, N/A>
[使用脱兔下载]
<E:\Tuotu\TT_one.htm, N/A>
[使用脱兔下载全部链接]
<E:\Tuotu\TT_all.htm, N/A>
[使用超级解霸播放]
<d:\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[使用迅雷下载]
<e:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<e:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<E:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Tencent\QQ\SendMMS.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

碧空 - 2006-10-24 12:58:00

==================================
正在运行的进程
[PID: 664][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 748][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 792][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1144][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\windows\system32\jetspeed.dll] <><1, 0, 0, 1>
[PID: 1280][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1416][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1440][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 18>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1536][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1740][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><17.0.54.0>
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 4, 2>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><17.0.116.0>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[D:\Nero 7\Nero BackItUp\NBShell.dll] <Nero AG><2, 6, 5, 0>
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] <WinZip Computing LP><4.1 (32-bit)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\mp3infp.dll] <win32lab.com><2.53.26.0>
[D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1828][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\EBPMON2.DLL] <SEIKO EPSON CORPORATION><2, 16, 0, 0>
[PID: 1916][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[PID: 2020][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 260][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[PID: 356][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 372][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.030>
[PID: 464][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] <C-Dilla Ltd><3.27.000>
[PID: 484][C:\WINDOWS\system32\crypserv.exe] <Kenonic Controls Ltd.><5.4.0>
[PID: 528][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] <SEIKO EPSON CORPORATION><2, 1, 0, 0>
[C:\WINDOWS\system32\EBAPI2.DLL] <SEIKO EPSON CORPORATION><1, 3, 0, 0>
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] <SEIKO EPSON CORPORATION><2, 16, 0, 0>
[PID: 588][D:\Nero 7\InCD\InCDsrv.exe] <Nero AG><5, 5, 0, 5>
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] <Nero AG><5,2,1, 8200>
[C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll] <Nero AG><1, 0, 0, 18>
[D:\Nero 7\InCD\incdshx.dll] <Nero AG><5, 5, 0, 5>
[PID: 700][E:\Alcohol 120\StarWind\StarWindService.exe] <Rocket Division Software><2.6.1 Build 0x20050401>
[PID: 988][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\stdupnet.dll] < ><4, 1, 0, 3>
[C:\WINDOWS\system32\albus.dll] <Albus><1, 0, 0, 3>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[C:\WINDOWS\system32\stdvote.dll] < ><1, 0, 0, 5>
[PID: 1076][C:\WINDOWS\System32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\TEMP\jtemp\comare.dll] <N/A><N/A>
[PID: 2168][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2476][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>

碧空 - 2006-10-24 12:59:00

[PID: 2572][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[PID: 2740][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[PID: 2912][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3500][E:\Tencent\TT\TTraveler.exe] <腾讯公司><3.1.0.261>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><17.0.54.0>
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 4, 2>
[E:\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[E:\Tencent\TT\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[E:\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 576][E:\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[E:\Tencent\QQ\RunJin.dll] <飘云 http://www.pyqq.cn><飘云>
[E:\Tencent\QQ\ipsearcher.dll] <><1.0.0.3>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[E:\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[E:\Tencent\SanookQQ\TIMProxy.dll] <tencent><2.05>
[E:\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[E:\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[E:\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[E:\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[E:\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[E:\Tencent\QQ\SCCore.dll] <N/A><N/A>
[E:\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[E:\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 4, 2>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[E:\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[PID: 3172][C:\PROGRA~1\WINZIP\winzip32.exe] <WinZip Computing LP><21.0 (32-bit)>
[C:\PROGRA~1\WINZIP\wzeay32.dll] <WinZip Computing LP><0.9.7g (32-bit)>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[C:\PROGRA~1\WINZIP\WZCKTREE.DLL] <WinZip Computing LP><1.1 (32-bit)>
[C:\PROGRA~1\WINZIP\WZVINFO.DLL] <WinZip Computing LP><1.1 (32-bit)>
[C:\PROGRA~1\WINZIP\WZCAB3.DLL] <WinZip Computing LP><3.1 (32-bit)>
[C:\PROGRA~1\WINZIP\wz32.dll] <WinZip Computing LP><21.0 (32-bit)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><17.0.54.0>
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 4, 2>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 3208][C:\Documents and Settings\Administrator\Local Settings\Temp\wz5ce0\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[PID: 2160][C:\Program Files\Rising\Rav\ravhdbak.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 3, 9>
[C:\WINDOWS\system32\stdstub.dll] <MS Stdup><1, 0, 0, 4>
[C:\WINDOWS\system32\stdplay.dll] < ><1, 0, 0, 5>
[C:\Program Files\Rising\Rav\HDBACKUP.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\Zip.dll] <rising><13, 0, 0, 1>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

千年冰寒 - 2006-10-24 13:29:00

看的眼都花了
你先将浏览器－工具－管理加载项中的你认为没作用的禁止使用，比如：

浏览器加载项

[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>

启动项中除了这个有点问题，其它的应该是正常的！

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []

碧空 - 2006-10-24 14:01:00

照做了，IE还是一样会弹出来?

红夜鬼1 - 2006-10-24 14:27:00

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
C-DillaCdaC11BA
C-DillaSrv
Dcopiio
Standard Update Net Service
，选择“删除服务”
点“设置”选择“否”
显示隐藏文件
删除：
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\stdstub.dll
[C:\WINDOWS\system32\stdplay.dll

碧空 - 2006-10-24 15:10:00

已经删除：
C:\WINDOWS\system32\stdupnet.dll
C:\WINDOWS\system32\stdstub.dll
[C:\WINDOWS\system32\stdplay.dll
但：
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
应该为Autocad(Autodesk公司产品）2002的windows补丁服务
所以没删

但现在又出现了新的问题：主页被改为www.feixue.net，改不回来了，传上最新报告，请高手帮忙解决，谢谢！

红夜鬼1 - 2006-10-24 15:37:00

看一下这个

http://hi.baidu.com/nslog

碧空 - 2006-10-24 15:43:00

修改主IE主页的问题已经用Windows清理助手解决了，谢谢！
现在还有一个问题，我是用路由器上网的（还有几台电脑），但经常没法正常上传，QQ经常登录不上，但重启中由器后就能上了，但一段时间后又不行了，请高手解答，谢谢！

秋日里的蓝天 - 2006-10-24 18:37:00

引用:

【碧空的贴子】修改主IE主页的问题已经用Windows清理助手解决了，谢谢！
现在还有一个问题，我是用路由器上网的（还有几台电脑），但经常没法正常上传，QQ经常登录不上，但重启中由器后就能上了，但一段时间后又不行了，请高手解答，谢谢！
………………

几台电脑都一样，都出现断流，注意一下路由器的变化，要么就是有一台电脑有病毒，

瑞星卡卡安全论坛