1   1  /  1  页   跳转

帮我看看啊~谢谢了

收藏
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 13:23 | 只看楼主 短消息 资料
字号: 1楼

帮我看看啊~谢谢了

用灰鸽子专用检测清楚工具杀,不过提取失败,重新起动还是有病毒,怎么办?请帮我看看,怎么处理好!谢谢~
病毒名称    处理结果    发现日期    扫描方式    路径    文件
Rootkit.Vanti.gen    删除成功    2006-04-21 11:25    文件监控    C:\WINDOWS\System32    75uwo7dh.dll
Backdoor.Gpigeon.pi    清除成功    2006-04-21 08:28    手动扫描    IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE

Logfile of HijackThis v1.99.1
Scan saved at 13:14:26, on 2006-4-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\syssmss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX61.171\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O3 - Toolbar: QQ声色通(&Q) - {FC1DF328-F720-4FD3-98A4-2595A7356D7F} - C:\WINDOWS\System32\QQSST.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iebar22.0.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TaxKeyManager] C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯qq.lnk = E:\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--图片搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度--地图搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM
O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度--知道搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM
O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM
O8 - Extra context menu item: 百度--站内搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度--词典搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH]  搜搜地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://80.16.19.11:8001/ctais2/wssb/ScriptX.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

最后编辑2006-04-21 15:59:53
分享到:
gototop
 
不言放弃
头像
社区嘉宾
  • 帖子:30678
  • 注册: 2004-09-17
  • 来自:蓝色星球
发表于: 2006-04-21 13:26 | 短消息 资料
字号: 2楼

【回复“youyou游”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 13:28 | 只看楼主 短消息 资料
字号: 3楼

这些是什么意思?请高手帮我看看啊,先谢了
瑞星个人防火墙日志记录保存
--此文件建立于 2006-04-21 13:25:26

数据包时间规则IP地址/端口号协议事件类型其它

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1              2006-4-21 13:2:37.31          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
2              2006-4-21 13:2:37.500          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
3              2006-4-21 13:2:40.31          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
4              2006-4-21 13:2:40.328          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
5              2006-4-21 13:2:40.562          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
6              2006-4-21 13:2:46.31          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
7              2006-4-21 13:2:46.265          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
8              2006-4-21 13:2:46.328          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
9              2006-4-21 13:2:58.15          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
10            2006-4-21 13:2:58.281          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
11            2006-4-21 13:2:58.328          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
12            2006-4-21 13:3:1.31            Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
13            2006-4-21 13:3:1.265          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
14            2006-4-21 13:3:7.15            Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
15            2006-4-21 13:3:7.312          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
16            2006-4-21 13:3:19.15          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
17            2006-4-21 13:3:22.15          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
18            2006-4-21 13:3:22.328          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
19            2006-4-21 13:3:43.218          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
20            2006-4-21 13:4:10.218          BLA                                            192.168.1.1:5431->192.168.1.2:1042                    TCP SYN+ACK                    该数据包被成功拦截                   
21            2006-4-21 13:4:10.500          Sockets des Troie                              192.168.1.1:3123->192.168.1.2:5000                    TCP SYN                        该数据包被成功拦截                   
22            2006-4-21 13:4:31.437          Rasmin                                        192.168.1.1:5431->192.168.1.2:1045                    TCP SYN+ACK                    该数据包被成功拦截                   
23            2006-4-21 13:5:46.359          缺省的ICMP出站                                192.168.1.2:0->192.168.1.1:0                          ICMP dest unreachable          该数据包被成功拦截                   
24            2006-4-21 13:5:46.359          缺省的ICMP出站                                192.168.1.2:0->192.168.1.1:0                          ICMP dest unreachable          该数据包被成功拦截                   
25            2006-4-21 13:5:54.109          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
26            2006-4-21 13:5:57.109          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
27            2006-4-21 13:5:58.640          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
28            2006-4-21 13:6:3.31            AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
29            2006-4-21 13:6:4.640          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
30            2006-4-21 13:6:15.31          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
31            2006-4-21 13:6:16.640          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
32            2006-4-21 13:6:18.31          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
33            2006-4-21 13:6:18.265          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
34            2006-4-21 13:6:24.62          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
35            2006-4-21 13:6:24.296          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
36            2006-4-21 13:6:36.250          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
37            2006-4-21 13:6:40.843          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
38            2006-4-21 13:7:0.437          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
39            2006-4-21 13:7:29.46          AimSpy                                        192.168.1.1:5431->192.168.1.2:1080                    TCP SYN+ACK                    该数据包被成功拦截                   
40            2006-4-21 13:7:48.437          AimSpy                                        192.168.1.1:5431->192.168.1.2:1081                    TCP SYN+ACK                    该数据包被成功拦截                   
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 13:55 | 只看楼主 短消息 资料
字号: 4楼

内容太长了,先发一半,你在帮我看看啊,谢了
2006-04-21,13:44:26

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <rfw><C:\Program Files\rising\Rfw\Rfw.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TaxKeyManager><C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Mouse Suite 98 Daemon><ICO.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <renewup><C:\Program Files\CNNIC\Cdn\cdnrenew.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AddrPlus3><C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <WinsSystem><C:\Program Files\Internet Explorer\syssmss.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <RavStub><"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯qq]
  <C:\Documents and Settings\qp\「开始」菜单\程序\启动\腾讯qq.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Distributed Mink Tracking Clie / netsvcs]
  <C:\WINDOWS\svchost.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[新浪ViVi收藏夹]
  {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <C:\WINDOWS\Downlo~1\vivimin.dll, 北京新浪信息技术有限公司>
[QQ声色通(&Q)]
  {FC1DF328-F720-4FD3-98A4-2595A7356D7F} <C:\WINDOWS\System32\QQSST.dll, >
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <C:\WINDOWS\Downloaded Program Files\iebar22.0.dll, >
[MeadCo ScriptX]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <C:\WINDOWS\System32\MCScripX.dll, Mead & Co Limited>
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <E:\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <E:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
  <E:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[收藏此页到新浪ViVi]
  <http://vivi.sina.com.cn/collect/click.php?agent=viviband, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>
[百度--MP3搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM, N/A>
[百度--图片搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM, N/A>
[百度--地图搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM, N/A>
[百度--新闻搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM, N/A>
[百度--歌词搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM, N/A>
[百度--知道搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM, N/A>
[百度--硬盘搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM, N/A>
[百度--站内搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM, N/A>
[百度--网页搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM, N/A>
[百度--词典搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM, N/A>
[百度--贴吧搜索]
  <RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
gototop
 
BlackStone
头像
叱咤花甲狮
  • 帖子:2616
  • 注册: 2005-09-27
  • 来自:
发表于: 2006-04-21 13:57 | 短消息 资料
字号: 5楼

O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe

修复
重启
删除C:\Program Files\Internet Explorer\syssmss.exe试试
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 14:00 | 只看楼主 短消息 资料
字号: 6楼

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\system32\Ati2evxx.dll]  <N/A><N/A>
[PID: 552][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 564][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 760][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
[PID: 812][C:\Program Files\rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 828][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1012][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1044][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
[PID: 1064][C:\Program Files\rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [C:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [C:\Program Files\rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1240][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\WINDOWS\Downloaded Program Files\SSjxm.dll]  <Tencent><3, 0, 6, 60>
    [C:\WINDOWS\System32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.5672>
    [C:\WINDOWS\System32\nvshell.dll]  <NVIDIA Corporation><6.14.10.5672>
    [C:\WINDOWS\System32\NVWRSZHC.DLL]  <NVIDIA Corporation><6.14.10.5672>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 70>
[PID: 1392][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\system32\EBPMON2.DLL]  <SEIKO EPSON CORPORATION><2, 20, 0, 0>
    [C:\WINDOWS\system32\HPBMMON.DLL]  <Hewlett-Packard><10.00.15>
    [C:\WINDOWS\system32\hpdomon.dll]  <Hewlett-Packard><03.42.00>
    [C:\WINDOWS\system32\HPBHealr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  <Zenographics, Inc.><5, 54, 330, 0>
    [C:\WINDOWS\system32\Imf32.dll]  <Zenographics, Inc.><5, 60, 1204, 0>
    [C:\WINDOWS\system32\ZTAG32.dll]  <Zenographics, Inc.><5, 60, 1210, 0>
    [C:\WINDOWS\system32\ZSPOOL.dll]  <Zenographics, Inc.><5, 51, 709, 0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
[PID: 1468][C:\Program Files\rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1644][C:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdnglo.dll]  <><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  <N/A><N/A>
[PID: 1652][C:\Program Files\rising\Rfw\Rfw.exe]  <Beijing Rising Technology Corporation Limited><2, 1, 0, 0>
    [C:\Program Files\rising\Rfw\BmpFace.dll]  <Beijing Rising Technology Corporation Limited><2, 1, 0, 0>
    [C:\Program Files\rising\Rfw\rfw.dll]  <Beijing Rising Technology Corporation Limited><2, 1, 0, 4>
    [C:\Program Files\rising\Rfw\chn\rfw.lag]  <Beijing Rising Technology Corporation Limited><2, 0, 0, 15>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 1668][C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe]  <><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 1676][C:\WINDOWS\System32\ICO.EXE]  <Primax Electronics Ltd.><1, 0, 0, 7>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 1716][C:\Program Files\rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 14:01 | 只看楼主 短消息 资料
字号: 7楼

[C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 1732][C:\Program Files\rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [C:\Program Files\rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\Program Files\rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
[PID: 2032][C:\Program Files\Internet Explorer\syssmss.exe]  <asdfasdf><asdfasdf>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
[PID: 120][C:\WINDOWS\System32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5672>
[PID: 196][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 236][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 364][C:\Program Files\rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 460][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 1828][C:\Program Files\Tencent\TT\TTraveler.exe]  <深圳市腾讯计算机系统有限公司><2, 0, 15, 200>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
    [C:\Program Files\rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\System32\TAX_CSP.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\TAX_InterFace.dll]  <><1, 0, 0, 4>
    [C:\WINDOWS\System32\TAX_Device.dll]  <><1, 0, 0, 4>
[PID: 628][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\WINDOWS\Downloaded Program Files\SSjxm.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 70>
    [E:\qq\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 3>
    [E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX]  <N/A><N/A>
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  <CNNIC><1, 1, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>
    [C:\Program Files\rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2960][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
[PID: 3328][C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX10.297\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\Downloaded Program Files\Adhtro.dll]  <Tencent><3, 0, 6, 60>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><1, 0, 1, 4>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\IDNCONV.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\imaconv.dll]  <cnnic><2, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 0>
    [C:\WINDOWS\System32\cdnns.dll]  <N/A><N/A>

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
轩辕小聪
头像
卡卡技术团队
  • 帖子:8368
  • 注册: 2006-01-09
  • 来自:
卡卡名人堂论坛9周年纪念
发表于: 2006-04-21 14:18 | 短消息 资料
字号: 8楼

O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
这项应该是灰鸽子,参考http://forum.ikaka.com/topic.asp?board=28&artid=7713905
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 14:30 | 只看楼主 短消息 资料
字号: 9楼

【回复“BlackStone”的帖子】还是不行,重起还是有这两个病毒
gototop
 
youyou游
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2006-04-21
  • 来自:
发表于: 2006-04-21 15:59 | 只看楼主 短消息 资料
字号: 10楼

Logfile of HijackThis v1.99.1
Scan saved at 15:54:26, on 2006-4-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\rising\Rfw\Rfw.exe
C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Tencent\TT\TTraveler.exe
E:\qq\QQ.exe
E:\qq\TIMPlatform.exe
C:\WINDOWS\REGEDIT.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\qp\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O3 - Toolbar: QQ声色通(&Q) - {FC1DF328-F720-4FD3-98A4-2595A7356D7F} - C:\WINDOWS\System32\QQSST.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\Downloaded Program Files\iebar22.0.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [rfw] C:\Program Files\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TaxKeyManager] C:\Program Files\95599 Certificate Tools\SHANGHAI TAX\TaxKeyManager.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [renewup] C:\Program Files\CNNIC\Cdn\cdnrenew.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\Adplus\stup.exe C:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯qq.lnk = E:\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--图片搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度--地图搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_MAP.HTM
O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度--知道搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM
O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DISK.HTM
O8 - Extra context menu item: 百度--站内搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_SITE.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度--词典搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH]  搜搜地址栏搜索
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://80.16.19.11:8001/ctais2/wssb/ScriptX.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (Qzone Media Tools) - http://imgcache.qq.com/music/QQMusicSetup.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcaststatic.mop.com/dn/files/pCastCtl_1.0.0.71_20050929.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Distributed Mink Tracking Clie (netsvcs) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

请问023-service后面的服务项在注册表编辑器里都删吗?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT