求救!!!!!!! bbs.ikaka.com

lgnli - 2005-12-19 21:08:00

各位高手:

我的电脑最近一直每隔几秒钟就自动连接到这两地址:http://superxiang.com/stats/config.ini和http://vip1.66wo.com/tif/tu/c001.tif用了好几种杀毒软件都无法查杀,不知是否中了什么木马?下面是用HijackThis扫描的日志,请大家帮忙分析一下,多谢!

Logfile of HijackThis v1.99.1
Scan saved at 20:23:55, on 2005-12-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TEMP\CP8628.EXE
C:\WINNT\system32\conime.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\3721\ske\TrojanAssistant.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\FlashGet\flashget.exe
C:\PROGRA~1\RASCLI~1\RASCLN~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
L:\virus\sic and hijack\sic and hijack\Hijackthis\HijackThis.exe

O2 - BHO: PPGou BHO - {00000000-0000-0000-0000-C4CA9A05F1E2} - C:\PROGRA~1\PPGou\PPGIEC~1.DLL
O2 - BHO: (no name) - {004416B4-7B6F-0E54-31C3-3600C0F0771E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [FinePrint 分配器 v5] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [pdfFactory Pro 分配器 v2] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 状态窗口.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: RAS程序快捷方式刷新.lnk = C:\WINNT\Installer\{4A298160-EA7E-466F-B59D-FE4EC58B85C5}\Icon4A298160.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - L:\net tools\聊天工具\qq2005\腾讯QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - L:\net tools\聊天工具\qq2005\腾讯QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - L:\net tools\聊天工具\qq2005\腾讯QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134606499625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134605818296
O16 - DPF: {8F9E8A28-C296-4C6F-9A57-8FE4374135A1} (TV Stream Source) - http://php.tech.sina.com.cn/download/temp20051011.php
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3548
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

魔法学徒 - 2005-12-19 21:32:00

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

O2 - BHO: (no name) - {004416B4-7B6F-0E54-31C3-3600C0F0771E} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3548

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINNT\TEMP\CP8628.EXE

lgnli - 2005-12-20 9:51:00

不行啊,还是一直会连接这个地址vip1.66wo.com 我把O20 - AppInit_DLLs: APIHookDll.dll这项修复后,扫描日志如下,请帮忙再分析一下,多谢!!

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 9:35:28, 日期 2005-12-20
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TEMP\EF88C5.EXE
C:\WINNT\system32\conime.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\taskmgr.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\Ras Client\RASclntmgr.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
L:\virus\HijackThis1991zww321\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [FinePrint 分配器 v5] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce
O4 - 启动项HKLM\\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - 启动项HKLM\\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [pdfFactory Pro 分配器 v2] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - 启动项HKCU\\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 状态窗口.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: RAS程序快捷方式刷新.lnk = C:\Program Files\Ras Client\RASclntmgr.exe
O8 - IE右键菜单中的新增项目: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - L:\net tools\聊天工具\qq2005\腾讯QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - L:\net tools\聊天工具\qq2005\腾讯QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - L:\net tools\聊天工具\qq2005\腾讯QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134606499625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134605818296
O16 - DPF: {8F9E8A28-C296-4C6F-9A57-8FE4374135A1} (TV Stream Source) - http://php.tech.sina.com.cn/download/temp20051011.php
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINNT\wc98pp.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - 列举现有的协议: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: OfficeScanNT 实时扫描 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: OfficeScanNT 个人防火墙 (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: OfficeScanNT 侦听程序 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - NT 服务: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

天使之剑 - 2005-12-20 10:55:00

【回复“lgnli”的帖子】

请楼主使用下面的两个多引擎扫描器扫描下列文件：
C:\WINNT\TEMP\EF88C5.EXE
多引擎扫描之Virustotal：

http://www.virustotal.com/
多引擎扫描之Jotti：

http://virusscan.jotti.org/

请务必将报告贴全。

lgnli - 2005-12-20 20:10:00

扫描结果分别如下:

Scanner results
AntiVir Found Heuristic/Backdoor.Generic (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found BACKDOOR.Trojan (probable variant)
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

This is a report processed by VirusTotal on 12/20/2005 at 13:03:57 (CET) after scanning the file "EF88C5.EXE" file.
Antivirus Version Update Result
AntiVir 6.33.0.61 12.20.2005 Heuristic/Backdoor.Generic
Avast 4.6.695.0 12.20.2005 no virus found
AVG 718 12.20.2005 no virus found
Avira 6.33.0.61 12.20.2005 Heuristic/Backdoor.Generic
BitDefender 7.2 12.20.2005 no virus found
CAT-QuickHeal 8.00 12.19.2005 no virus found
ClamAV devel-20051108 12.19.2005 no virus found
DrWeb 4.33 12.20.2005 BACKDOOR.Trojan
eTrust-Iris 7.1.194.0 12.19.2005 no virus found
eTrust-Vet 12.3.3.0 12.20.2005 no virus found
Fortinet 2.54.0.0 12.20.2005 no virus found
F-Prot 3.16c 12.19.2005 no virus found
Ikarus 0.2.59.0 12.20.2005 no virus found
Kaspersky 4.0.2.24 12.20.2005 no virus found
McAfee 4653 12.19.2005 no virus found
NOD32v2 1.1329 12.20.2005 no virus found
Norman 5.70.10 12.20.2005 no virus found
Panda 8.02.00 12.19.2005 no virus found
Sophos 4.01.0 12.20.2005 no virus found
Symantec 8.0 12.20.2005 no virus found
TheHacker 5.9.1.059 12.19.2005 no virus found
VBA32 3.10.5 12.19.2005 no virus found

花落花又开 - 2005-12-20 21:07:00

【回复“lgnli”的帖子】
删除这个C:\WINNT\TEMP\EF88C5.EXE
如删除不了请在安全模式下删除.

魔法学徒 - 2005-12-20 21:26:00

请将C:\WINNT\TEMP\EF88C5.EXE
这个文件压缩打包，密码：virus 发到我的邮箱：lymofa@yahoo.com.cn

请用System Repair Engineer扫个log贴上来

下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

lgnli - 2005-12-21 19:54:00

System Repair Engineer扫log:

2005-12-21,19:32:21

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><CTFMON.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<FinePrint 分配器 v5><"C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /runonce>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SiSPower><Rundll32.exe SiSPower.dll,ModeAgent>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<pdfFactory Pro 分配器 v2><"C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<system64><"C:\WINNT\system32\diskcheck.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[Canon LASER SHOT LBP-1120 状态窗口]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Canon LASER SHOT LBP-1120 状态窗口.LNK><N>
[RAS程序快捷方式刷新]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\RAS程序快捷方式刷新.lnk><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[OfficeScanNT 实时扫描 / ntrtscan]
<C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[OfficeScanNT 个人防火墙 / OfcPfwSvc]
<C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[OfficeScanNT 侦听程序 / tmlisten]
<C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[上网助手]
{BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[Java Plug-in 1.5.0_04]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[上网助手]
{BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[Encrypt Class]
{35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINNT\system32\muweb.dll, Microsoft Corporation>
[Microsoft RDP Client Control (redist)]
{7584C670-2274-4EFB-B00B-D6AABA6D3850} <C:\WINNT\Downloaded Program Files\msrdp.ocx, Microsoft Corporation>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[TV Stream Source]
{8F9E8A28-C296-4C6F-9A57-8FE4374135A1} <C:\WINNT\system32\chaos.ax, >
[PieChart Class]
{A050E865-64E3-431B-8079-F0DFCEA90A2D} <C:\WINNT\Downloaded Program Files\AtxPie.dll, Trend Micro Inc.>
[SassCln Object]
{A8658086-E6AC-4957-BC8E-7D54A7E8A78E} <C:\WINNT\Downloaded Program Files\SassCln.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\flash.ocx, Macromedia, Inc.>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<L:\net tools\聊天工具\qq2005\腾讯QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<L:\net tools\聊天工具\qq2005\腾讯QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<L:\net tools\聊天工具\qq2005\腾讯QQ\SendMMS.htm, N/A>

lgnli - 2005-12-21 19:56:00

==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 200][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 220][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6714>
[C:\WINNT\system32\igfxsrvc.dll] <Intel Corporation><3,0,0,2039>
[C:\WINNT\system32\hccutils.DLL] <Intel Corporation><3,0,0,2039>
[PID: 248][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 260][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6695>
[PID: 416][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 448][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 36>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 504][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 556][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[C:\WINNT\system32\fppmon2.dll] <FinePrint Software, LLC><2.35>
[C:\WINNT\system32\fppr232.dll] <FinePrint Software, LLC><2.35>
[C:\WINNT\system32\fpmon5.dll] <FinePrint Software, LLC><5.25>
[C:\WINNT\system32\fpres532.dll] <FinePrint Software, LLC><5.25>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpinter5.dll] <FinePrint Software, LLC><5.25>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpres532.dll] <FinePrint Software, LLC><5.25>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpgraph5.dll] <FinePrint Software, LLC><5.25>
[PID: 676][C:\WINNT\System32\cisvc.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 672][C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[PID: 748][C:\WINNT\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5672>
[PID: 760][C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\ZLib.dll] <Trend Micro Inc.><1.31.0.1708>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll] <Trend Micro Inc.><1.2.0.1020>
[PID: 780][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 800][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[PID: 952][C:\WINNT\system32\stisvc.exe] <Microsoft Corporation><5.00.2195.6656>
[PID: 1024][C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\TMSOCK.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcDog.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\TmUpdate.dll] <Trend Micro Inc.><2,6,0,1367>
[C:\Program Files\Trend Micro\OfficeScan Client\Unzip.dll] <Trend Micro Inc.><1.32.0.1000>
[PID: 1084][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] <Ulead Systems, Inc.><1, 0, 0, 3>
[PID: 1096][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 1128][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1148][C:\WINNT\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.00.0984>
[PID: 1180][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1524][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 716][C:\WINNT\System32\cidaemon.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 872][C:\WINNT\System32\cidaemon.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 1252][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\system64.dll] <N/A><N/A>
[C:\WINNT\System32\hccutils.DLL] <Intel Corporation><3,0,0,2039>
[C:\WINNT\system32\igfxres.dll] <Intel Corporation><3,0,0,2039>
[C:\WINNT\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5672>
[C:\PROGRA~1\3721\Assist\asbar.dll] <3721><1, 0, 1, 1008>
[C:\PROGRA~1\3721\Assist\asnoad.dll] <><1, 0, 0, 9>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINNT\system32\igfxress.dll] <Intel Corporation><3,0,0,2039>
[C:\WINNT\system32\nvtuicpl.cpl] <NVIDIA Corporation><6.14.10.5672>
[C:\WINNT\system32\igfxcpl.cpl] <Intel Corporation><3,0,0,2039>
[C:\WINNT\system32\ALSNDMGR.CPL] <Realtek Semiconductor Corp.><2.2.0.36>
[C:\WINNT\system32\NQWBX.IME] <念青：http://nq.yeah.net><2.00.03.05>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\3721\ske\contmenu.dll] <N/A><N/A>
[C:\Program Files\AdultPDF\Image To PDF\Menu.dll] <><2, 0, 0,0>
[C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll] <N/A><N/A>
[PID: 1228][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Corporation Limited><3, 1, 0, 18>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[c:\program files\rising\rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1652][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll] <N/A><N/A>
[C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll] <Trend Micro Inc.><7.0.0.1116>
[C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll] <trend_company_name><1, 0, 0, 1>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[

lgnli - 2005-12-21 19:56:00

PID: 1700][C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe] <FinePrint Software, LLC><2.35>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppr232.dll] <FinePrint Software, LLC><2.35>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppint2.dll] <FinePrint Software, LLC><2.35>
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppgraf2.dll] <FinePrint Software, LLC><2.35>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1688][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3292>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1720][C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe] <Sun Microsystems, Inc.><5.0.40.5>
[PID: 1644][C:\WINNT\system32\ctfmon.exe] <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1772][C:\WINNT\system32\spool\drivers\w32x86\3\CAP3LAK.EXE] <CANON INC.><1.00.0.007>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1800][C:\Program Files\Ras Client\RASclntmgr.exe] <COMEXE Inc. ><2.0.0 >
[C:\Program Files\Ras Client\raspin.dll] <TODO: <Company name>><1.0.0.1>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1812][C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE] <CANON INC.><1.00.0.007>
[C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3PMN.DLL] <CANON INC.><1.00.0.007>
[C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SMK.DLL] <CANON INC.><1.00.0.007>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[PID: 1924][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><7.0.0816>
[C:\WINNT\system32\NQWBX.IME] <念青：http://nq.yeah.net><2.00.03.05>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\WINNT\System32\devenum.dll] <N/A><N/A>
[PID: 3392][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2800.1106>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\3721\Assist\asbar.dll] <3721><1, 0, 1, 1008>
[C:\PROGRA~1\3721\Assist\asnoad.dll] <><1, 0, 0, 9>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[PID: 1912][C:\WINNT\TEMP\FZ532B.EXE] <N/A><N/A>
[PID: 6100][C:\Program Files\Outlook Express\msimn.exe] <Microsoft Corporation><6.00.2800.1123>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\WINNT\system32\NQWBX.IME] <念青：http://nq.yeah.net><2.00.03.05>
[PID: 11712][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\3721\Assist\asbar.dll] <3721><1, 0, 1, 1008>
[C:\PROGRA~1\3721\Assist\asnoad.dll] <><1, 0, 0, 9>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[PID: 11648][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\3721\Assist\asbar.dll] <3721><1, 0, 1, 1008>
[C:\PROGRA~1\3721\Assist\asnoad.dll] <><1, 0, 0, 9>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINNT\system32\Macromed\Flash\flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 12688][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2800.1106>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\3721\Assist\asbar.dll] <3721><1, 0, 1, 1008>
[C:\PROGRA~1\3721\Assist\asnoad.dll] <><1, 0, 0, 9>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[PID: 11904][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 0, 0>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\WINNT\system32\Macromed\Flash\flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 13040][L:\virus\扫描\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\Herosoft\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. ["C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛