【求助】某个网页自动打开自动关闭，如何阻止 bbs.ikaka.com

Petto - 2006-2-23 17:33:00

从上周末开始，http://wiki.koook.com/mini/index.shtml，上面这个可恶的网页只要电脑连网就会每隔一、两个小时自动打开自动关闭，有时还不肯自动关闭，烦不胜烦。
在卡卡论坛上搜了一些急救措施补救，还是无可奈何。

请教高手，如何才能阻止这类情况，不胜感激。

以下是运行HijackThis的结果：

Logfile of HijackThis v1.99.1
Scan saved at 17:21:54, on 2006-2-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\rising\Rfw\rfwmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\BCUP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DOUBLE~1\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AdsHlpObj Class - {C74332D8-097F-41E7-8F8A-2E4D5A07A31E} - C:\WINDOWS\system32\AdsHlp.dll
O2 - BHO: YMIN IEBand - {D4F7605B-084D-4353-A1E1-C1BC3161938C} - C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\system32\BCUP.exe
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 雅虎邮箱通 - {D1B76CE4-CCCA-4B22-9ECB-09F85C140904} - yminimsgr:ClickIEBT (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/22339e56b57531774405/netzip/RdxIE601_cn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127386290687
O16 - DPF: {7260569F-1D40-4E7F-B95B-2E68D35668B9} (MofileUploadX Control) - http://andromeda.mofile.com/upload/UploadFX.CAB
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D083891E-C11A-11D6-9A01-0010D7094A99} (bfdown Class) - http://www.gameabc.com/com/bfinst.cab
O16 - DPF: {DE3496D2-AFB9-47EB-A8C2-C3B330222513} (PhotoUpload Control) - http://www.photo.163.com/PhotoUpload.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://njcmbchina.nj-enterprise.com/pb45.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{321EE3B3-985E-4527-82BA-642086AB97AF}: NameServer = 202.101.172.46 202.101.172.47
O17 - HKLM\System\CS1\Services\Tcpip\..\{321EE3B3-985E-4527-82BA-642086AB97AF}: NameServer = 202.101.172.46 202.101.172.47
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe

Petto - 2006-2-23 17:46:00

【回复“Petto”的帖子】
以下是运行System Repair Engineer的log:

2006-02-23,17:41:48

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Home Edition Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<RegBar><regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<IncrediMail><C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<AboutSys><regsvr32.exe msaddon.dll /s>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NeroCheck><C:\WINDOWS\System32\\NeroCheck.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-2052><"C:\Program Files\D-Tools\daemon.exe" -lang 2052>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BCUpdate><C:\WINDOWS\system32\BCUP.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\Userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[GStartup]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\GStartup.lnk><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

Petto - 2006-2-23 17:47:00

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[AdsHlpObj Class]
{C74332D8-097F-41E7-8F8A-2E4D5A07A31E} <C:\WINDOWS\system32\AdsHlp.dll, N/A>
[IEBandObj Class]
{D4F7605B-084D-4353-A1E1-C1BC3161938C} <C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll, >
[雅虎邮箱通]
{D1B76CE4-CCCA-4B22-9ECB-09F85C140904} <yminimsgr:ClickIEBT, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[MSN 工具栏]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Checkers Class]
{00B71CFB-6864-4346-A978-C0A14556272C} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Minesweeper Flags Class]
{2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft? Corporation>
[RdxIE Class]
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINDOWS\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[MofileUploadX Control]
{7260569F-1D40-4E7F-B95B-2E68D35668B9} <C:\WINDOWS\system32\MoUpload.ocx, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[MSN Photo Upload Tool]
{C3DFA998-A486-11D4-AA25-00C04F72DAEB} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[bfdown Class]
{D083891E-C11A-11D6-9A01-0010D7094A99} <C:\WINDOWS\Downloaded Program Files\bfinst.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[PhotoUpload Control]
{DE3496D2-AFB9-47EB-A8C2-C3B330222513} <C:\WINDOWS\DOWNLO~1\PHOTOU~1.OCX, 网易>
[IMDownloader Class]
{F00F4763-7355-4725-82F7-0DA94A256D46} <, N/A>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\System32\CmbPb40.ocx, China Merchants Bank>
[MSN Chat Control 4.5]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} <C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx, Microsoft Corporation>
[Solitaire Showdown Class]
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} <C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[MSN 工具栏]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, Microsoft Corporation>
[AdsHlpObj Class]
{C74332D8-097F-41E7-8F8A-2E4D5A07A31E} <C:\WINDOWS\system32\AdsHlp.dll, N/A>
[雅虎邮箱通]
{D1B76CE4-CCCA-4B22-9ECB-09F85C140904} <C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[IEBandObj Class]
{D4F7605B-084D-4353-A1E1-C1BC3161938C} <C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll, >
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&Add animation to IncrediMail Style Box]
<C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[用比特精灵下载(&B)]
<C:\Program Files\BitSpirit\bsurl.htm, N/A>

Petto - 2006-2-23 17:49:00

==================================
正在运行的进程
[PID: 544][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 612][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 636][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\PLUG.dll] <Bokee><2, 1, 0, 1>
[PID: 684][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 924][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1036][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1176][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1244][C:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 10>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 4>
[C:\Program Files\rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1476][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\PROGRA~1\FlashGet\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll] <><2, 0, 4, 6>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[C:\WINDOWS\system32\AdsHlp.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINDOWS\System32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\INCRED~1\bin\ImShExt.dll] <IncrediMail, Ltd.><2, 0, 0, 0>
[PID: 1516][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 29>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 11>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 19>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1700][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1868][C:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1984][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>

Petto - 2006-2-23 17:49:00

[PID: 2016][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 14>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 2024][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018>
[PID: 2036][C:\Program Files\rising\Rfw\rfwmain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 45>
[C:\Program Files\rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 316][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5216>
[PID: 380][C:\WINDOWS\System32\snmp.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 908][C:\WINDOWS\system32\BCUP.exe] <N/A><N/A>
[PID: 960][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1360][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 2064][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2296][C:\Program Files\rising\Rav\RsAgent.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 2324][C:\WINDOWS\msagent\AgentSvr.exe] <Microsoft Corporation><2.00.0.3422>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 1604][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\kakatool.dll] <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\FlashGet\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINDOWS\system32\AdsHlp.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll] <><2, 0, 4, 6>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 2624][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AdsHlp.dll] <N/A><N/A>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 3420][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\kakatool.dll] <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
[C:\WINDOWS\system32\xunleibho_v8.dll] <Thunder Networking Technologies,LTD><4, 5, 1, 33>
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] <><2005, 4, 6, 1>
[c:\PROGRA~1\chinanet\Communicate.dll] <0><2005, 3, 3, 1>
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] <><2004, 2, 28, 1>
[C:\PROGRA~1\FlashGet\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINDOWS\system32\AdsHlp.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\PROGRA~1\Yahoo!\MiniMsgr\ymini.dll] <><2, 0, 4, 6>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1060][C:\Program Files\FlashGet\flashget.exe] <Amaze Soft><1, 6, 0, 0>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 3652][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 3184][C:\DOCUME~1\DOUBLE~1\LOCALS~1\Temp\Rar$EX01.812\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>

==================================
文件关联
.TXT Error. [Notepad %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

瑞星卡卡安全论坛