日志文件 Trend Micro HijackThis v 2.0.2
日志保存时间: 23:43:03,2008-09-07
操作系统: Windows XP SP2 (WinNT 5.01.2600)
IE版本: Internet Explorer v6.00 SP2 (6.00.2900.2180)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\StormII\stormliv.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\bcf2.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\鱼鱼桌面\FishDesk.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\鱼鱼桌面\WIDGETS\硬件监测\File\FishDesk_T1.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\bgswitch.exe
D:\Program Files\Tencent\QQ\TXPlatform.exe
D:\Program Files\Tencent\TT\bin\TTraveler.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\Rising\AntiSpyware\ras.exe
C:\Program Files\Rising\AntiSpyware\knownsvr.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\soft\安全工具\HijackThis.exe
R3 - 默认 URLSearchHook 丢失
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: BHO Class - {1307E689-5CA1-4a15-9583-F2350790290D} - C:\WINDOWS\system32\n4gsw.dll
O2 - BHO: Invoke Class - {25E69F5B-3915-454d-BA25-44969D7623CA} - C:\WINDOWS\system32\ccgb.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [EQSysSecure] C:\Program Files\EQSecure\EQSysSecure.exe /background
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FishDesk] D:\Program Files\鱼鱼桌面\FishDesk.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\Tencent\QQGame\Accel.exe
O8 - 扩展右键菜单项: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 扩展右键菜单项: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - 额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 额外的“工具”菜单项目: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) - http://cache.tv.qq.com/qqlive_ocx/QQLiveInstaller.cab
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exe
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) - http://photo.163.com/163Uploader.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} - http://mimg.163.com/bin/NetEaseMailActiveX.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} - https://www.tenpay.com/download/qqedit.cab
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/pluginsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8EAE420-D095-4411-A3E8-9161A1918C6F}: NameServer = 218.85.157.99 202.101.114.55
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O20 - AppInit_DLLs: kmon.dll
O23 - NT 服务:  ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - NT 服务:  Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\Program Files\StormII\stormliv.exe
O23 - NT 服务:  EQService - EQSecure - C:\Program Files\EQSecure\EQService.exe
O23 - NT 服务:  FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - NT 服务:  Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - NT 服务:  Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务:  Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务:  Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务:  SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
文件结束 - 6777 字节         


麻烦看下~

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler 4.0; .NET CLR 2.0.50727)

上传System Repair Engineer扫描日志
下载地址http://www.kztechs.com/sreng/sreng2.zip
操作方法：
1、下载后解压缩，运行“SREngLdr.EXE”
2、如果无法打开请参考http://bbs.ikaka.com/showtopic-8442813.aspx#3637414
3、打开后依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】
4、选择保存路径，文件名保持默认，直接点击【保存】
5、将日志文件SREngLOG.log作为附件上传到论坛，同时务必详细描述问题现象
如果有查杀不净的病毒务必提供病毒名和路径
注意：扫描前请尽量关闭QQ、游戏、下载工具、媒体播放器等应用程序

http://bbs.ikaka.com/showtopic-8544540.aspx

有广告程序，你可以用卡卡助手扫描一下IE。

用过所有软件都没用，估计是DNS的广告吧，楼主用的是网通吗，垃圾广告特别多，当然电信也有，少一点

鱼鱼卸掉了。。还是有。。。而且会有一个叫BCF2.EXE的进程。那是什么》？
我用的是电信的。。之前都没有。。就这一两天。。

帮忙下。。拜托~~~

查看一下bcf2.exe的属性看看什么公司的，有可能是广告软件。

用.360查看一下bcf2.exe这个进程的属性吧!