瑞星卡卡安全论坛

Logfile of HijackThis v1.99.1
Scan saved at 0:24:49, on 2007-1-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\360\360safe\safemon\360tray.exe
D:\kav\avp.exe
C:\WINDOWS\MyTvPlayer\YHupdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
D:\kav\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
D:\TT\TTraveler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX09.031\HijackThis.exe

O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [360Safetray] D:\360\360safe\safemon\360tray.exe
O4 - HKLM\..\Run: [kav] "D:\kav\avp.exe"
O4 - HKLM\..\Run: [yhplayer] C:\WINDOWS\MyTvPlayer\YHupdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{101615B0-79C5-4232-AE79-B169932FDC5F}: NameServer = 60.191.134.204 60.191.134.197
O17 - HKLM\System\CS1\Services\Tcpip\..\{101615B0-79C5-4232-AE79-B169932FDC5F}: NameServer = 60.191.134.204 60.191.134.197
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Kaspersky Lab - D:\kav\avp.exe







不知道被啥流氓插了,安全卫士查不出来,兔子查不出来,卡卡也查不出来.症状很平常,时不时的跳出啥啥网页来,有的是刚一跳出来就不见了,有的要手动关掉,什么雅虎相册呀,爆米花视频呀,淘宝店铺也有的,太烦了,高手给看看吧~

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/

谢谢楼上大大,俺下了,也扫描了,这就贴上来~亲人哪~

[CODE]

2007-01-24,01:03:51

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <360Safetray><D:\360\360safe\safemon\360tray.exe>  [奇虎网]
    <kav><"D:\kav\avp.exe">  [Kaspersky Lab]
    <yhplayer><; C:\WINDOWS\MyTvPlayer\YHupdate.exe>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <D:\kav\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[SQLServer Supports / sqlservech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ncio / ncio][Running/Auto Start]
  <system32\DRIVERS\ncio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\qq\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

浏览器加载项
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT>
[Dr.eye WebPage Translation]
  {92B255FE-94E2-4BCA-958D-3926CE38913F} <D:\DreyeMT\DreyeIEBar.dll, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Dr.eye WebPage Translation]
  {92B255FE-94E2-4BCA-958D-3926CE38913F} <D:\DreyeMT\DreyeIEBar.dll, >
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360\360safe\safemon\safemon.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>

正在运行的进程
[PID: 624][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1528][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
[PID: 1604][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1728][D:\360\360safe\safemon\360tray.exe]  [奇虎网, 1, 0, 0, 1001]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [D:\360\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 1001]
    [D:\360\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 1, 2000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1756][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 43]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
[PID: 1772][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]

[PID: 1780][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 240][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1008][D:\qq\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\qq\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\qq\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [D:\qq\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [D:\qq\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\qq\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\qq\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\qq\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\qq\QQMainFrame.dll]  [N/A, N/A]
    [D:\qq\CQQApplication.dll]  [N/A, N/A]
    [D:\qq\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\qq\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\qq\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\qq\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQAllInOne.dll]  [N/A, N/A]
    [D:\qq\GroupLive.dll]  [N/A, N/A]
    [D:\qq\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\qq\QQSpace.dll]  [, 1, 0, 0, 1]

[C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\qq\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\qq\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQPlugin.dll]  [N/A, N/A]
    [D:\qq\QQCustomFace.dll]  [N/A, N/A]
    [D:\qq\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\qq\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\qq\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [D:\qq\QRingMng.dll]  [N/A, N/A]
    [D:\qq\QQAvatar.dll]  [N/A, N/A]
    [D:\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\kav\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\kav\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\kav\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [D:\qq\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQSceneMng.dll]  [N/A, N/A]
    [D:\qq\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\qq\QQSysMsgMng.dll]  [N/A, N/A]

[C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\qq\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\qq\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQPlugin.dll]  [N/A, N/A]
    [D:\qq\QQCustomFace.dll]  [N/A, N/A]
    [D:\qq\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\qq\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\qq\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [D:\qq\QRingMng.dll]  [N/A, N/A]
    [D:\qq\QQAvatar.dll]  [N/A, N/A]
    [D:\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\kav\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\kav\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\kav\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [D:\qq\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\qq\QQSceneMng.dll]  [N/A, N/A]
    [D:\qq\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\qq\QQSysMsgMng.dll]  [N/A, N/A]

[d:\kav\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [d:\kav\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\WINDOWS\system32\DREYESC.IME]  [IES, 1, 0, 0, 1]
    [D:\DreyeMIM\exchange.dll]  [, 1, 0, 0, 1]
[PID: 3492][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kav\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\kav\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\kav\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\kav\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\kav\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 3924][D:\TT\TCPlus.exe]  [腾讯公司, 1, 0, 0, 5]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [D:\TT\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 28]
    [D:\TT\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2408][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3752][C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.313\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [D:\360\360safe\safemon\safemon.dll]  [N/A, 1, 0, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA  错误： LoadLibraryA
RVA  错误： LoadLibraryExA
RVA  错误： LoadLibraryExW
RVA  错误： LoadLibraryW
入口点错误：CreateProcessA
入口点错误：CreateProcessW

==================================


[/CODE]

终于贴完了,真长啊,贴的俺手软.
还望大大们帮着看看~

你说的流氓是？

肯定不是猪兄您呀~

那红鬼大大呢?咋不帮俺看了捏?

小鸡哥哥说了,要顶一顶~

楼主的麻烦和我一样啊 ，差不多，时不时的弹出什么“爆米花”视频啊，“什么相册”什么的 ，好烦啊~~~~
用卡卡扫描结果：c\windows\system32\wben\sholl32.dll（木马）

表现行为：下载其他恶意程序，强制安装。无法彻底删除
出品公司： upcfg.j7y.net
危险级别： 高~

防篡改警报：C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
事件信息：  打开 进程
采取的操作：  已禁止
操作过程：  C:\Program Files\Rising\KakaToolBar\Ras.exe (PID 2644)
时间：  2007年1月26日  9:08:32



求高手帮帮忙，看看怎么回事，？要怎么办呢 ？

附件: 825709200712692322.jpg

你还是查的出来的,俺卡卡扫来扫去都是没有恶意软件,那叫一个郁闷.

而且那流氓活动高峰期似乎是12到1点这段时间,其他时候不怎么动的,丫的过了12点就兴奋啊,NND,丫兴奋了俺就倒霉了~-_-///