麻烦高手抽空帮看看日志～～谢谢了 bbs.ikaka.com

我中梅毒了 - 2006-4-14 0:53:00

Logfile of Kaka v2. 0. 0. 8 Scan Module v2. 0. 0. 1
Scan saved at 00:49:17, on 2006-04-14
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))

Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\windows\system32\services.exe

[LSASS.EXE]
CommandLine = C:\windows\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = C:\windows\system32\svchost -k DcomLaunch

[SVCHOST.EXE]
CommandLine = C:\windows\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"

[SVCHOST.EXE]
CommandLine = C:\windows\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\windows\system32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\windows\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmond.exe"

[Explorer.EXE]
CommandLine = C:\windows\Explorer.EXE

[spoolsv.exe]
CommandLine = C:\windows\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[YLive.exe]
CommandLine = "C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe"

[RUNDLL32.EXE]
CommandLine = "C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\3721\helper.dll,Rundll32

[RUNDLL32.EXE]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087

[RUNDLL32.EXE]
CommandLine = "C:\windows\system32\Rundll32.exe" "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows

[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[RUNDLL32.EXE]
CommandLine = "C:\windows\system32\Rundll32.exe" "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo

[ctfmon.exe]
CommandLine = "C:\windows\system32\ctfmon.exe"

[RUNDLL32.EXE]
CommandLine = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service

[SVCHOST.EXE]
CommandLine = C:\windows\system32\svchost.exe -k imgsvc

[Tablet.exe]
CommandLine = C:\WINDOWS\system32\Tablet.exe

[ScannerFinder.exe]
CommandLine = "D:\扫描仪驱动\ScannerFinder.exe"

[VnetClient.exe]
CommandLine = "C:\Program Files\ChinaNet\VnetClient.exe"

[TabUserW.exe]
CommandLine = "C:\WINDOWS\system32\Wtablet\TabUserW.exe"

[alg.exe]
CommandLine = C:\windows\System32\alg.exe

[RUNDLL32.EXE]
CommandLine = RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32

[RUNDLL32.EXE]
CommandLine = C:\windows\SYSTEM32\stdup.dll,Entry

[QQ.exe]
CommandLine = "D:\腾讯QQ\QQ.exe"

[TIMPlatform.exe]
CommandLine = D:\腾讯QQ\TIMPlatform.exe -Embedding

[Photoshop.exe]
CommandLine = "C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe"

[JJSvr.exe]
CommandLine = "C:\Program Files\JJOL\IME\JJSvr.EXE"

[TTraveler.exe]
CommandLine = "D:\TT\TTraveler.exe"

[RsAgent.exe]
CommandLine = "C:\Program Files\Rising\Rav\RsAgent.exe"

[AgentSvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding

[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: CPub Object - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\windows\system32\wmpdrm.dll (file missing)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_1100.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: CaiShowBH Class - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\腾讯QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\windows\SYSTEM32\stdup.dll
O2 - BHO: DTSvc Class - {6B280AC7-8B18-46A4-BF70-FC579A1B2F76} - C:\Program Files\DTSVC\DTS\DTS.dll
O2 - BHO: NewWebController Class - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\windows\system32\kakatool.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\windows\system32\supdate2.dll,Run
O4 - HKLM\..\Run: [RichMedia] C:\windows\system32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = D:\腾讯QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Microtek 扫描仪探测器.lnk = D:\扫描仪驱动\ScannerFinder.exe
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\腾讯QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\腾讯QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\腾讯QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\腾讯QQ\SendMMS.htm
O9 - Extra Button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=zlroomdg (file missing)
O9 - Extra Button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra Button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra Button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra Button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [!IESearch] 百度搜索伴侣
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {038318E8-0C2D-4DF5-A7AF-B4FB373F501E} (HBHelper.HBActivex) - http://download.henbang.net/download/updatelist/helper.cab
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://imgcache.qq.com/qzone/photo/QzoneMediaTools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A30D735-35DB-4575-B8AA-AC4A187A3291}: NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6ABE05-0DFC-4F18-81D0-6EC497C4E891}: NameServer = 202.96.134.133

我中梅毒了 - 2006-4-14 0:54:00

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\windows\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) - - C:\windows\system32\svchost.exe -k netsvcs
O23 - Service: Security Machine Manager (MOVEESS) - - C:\windows\system32\rundll32.exe c:\windows\system32\wbem\irjit.dll,export 1087
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: StdService (StdService) - - C:\windows\system32\rundll32.exe c:\windows\system32\stdsver.dll,service
O23 - Service: TabletService (TabletService) - Wacom Technology, Corp. - C:\windows\system32\tablet.exe

轩辕小聪 - 2006-4-14 1:20:00

用HijackThis（下载地址：http://forum.ikaka.com/topic.asp?board=28&artid=6979213第1楼附件）修复以下几项：
O2 - BHO: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: CPub Object - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\windows\system32\wmpdrm.dll (file missing)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_1100.dll
O2 - BHO: CaiShowBH Class - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll (file missing)
O2 - BHO: NewWebController Class - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\windows\system32\supdate2.dll,Run
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
删除：
C:\PROGRA~1\baidu\iexp\BDSrHook.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_1100.dll
C:\WINDOWS\system32\WinSC.dll
C:\windows\system32\supdate2.dll
——————————————————————
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\windows\SYSTEM32\stdup.dll
O23 - Service: StdService (StdService) - - C:\windows\system32\rundll32.exe c:\windows\system32\stdsver.dll,service（这项HijackThis通常看不到）
这两项参考http://forum.ikaka.com/topic.asp?board=67&artid=7423269处理。
——————————————————————
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O4 - HKLM\..\Run: [RichMedia] C:\windows\system32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
这是很棒小秘书流氓软件，参考http://forum.ikaka.com/topic.asp?board=28&artid=7795226
——————————————————————
O23 - Service: Security Machine Manager (MOVEESS) - - C:\windows\system32\rundll32.exe c:\windows\system32\wbem\irjit.dll,export 1087
这一项HijackThis通常看不到，参考http://forum.ikaka.com/topic.asp?board=67&artid=7926199处理。

另外C:\Program Files\CaiShow Tech\CaiShow\是什么软件？如果不是自己安装的，建议卸载。

我中梅毒了 - 2006-4-14 1:53:00

谢谢高手的帮忙哦～～

那修复的几项在HijackThis中可以修复了　

删除的在HijackThis好像没有删除的选项啊　　那几样应该怎么删除啊？？

觉得爱上了你 - 2006-4-14 2:03:00

高难度厉害，，，哈哈

我中梅毒了 - 2006-4-14 2:04:00

哥哥　不要说风凉话啊　　我急着用电脑　　
晚上还要赶稿。。。

轩辕小聪 - 2006-4-14 2:06:00

晕，删除的当然是在硬盘中找到并删除该文件了。不过楼主的电脑到底有什么问题？

我中梅毒了 - 2006-4-14 2:17:00

打开IE超慢　IE和QQ一起用电脑简直就动不了　还不时跳出来IE网页　

轩辕小聪 - 2006-4-14 2:19:00

呼，我还当是什么问题呢。这个问题正是以上这些项目的典型表现。

我中梅毒了 - 2006-4-14 2:19:00

O23 - Service: StdService (StdService) - - C:\windows\system32\rundll32.exe c:\windows\system32\stdsver.dll,service

rundll32.exe 　　stdsver.dll　　service要删掉吗？

C:\PROGRA~1\baidu\iexp\BDSrHook.dll没有找到啊～～～

轩辕小聪 - 2006-4-14 2:29:00

那篇链接的帖子不是说得很清楚的吗？stdsver.dll要删。rundll32.exe是系统进程，不能删。service只是表示这一项是服务而已，并不是文件名。
HijackThis修复02项时一般也会删除相应的dll文件，C:\PROGRA~1\baidu\iexp\BDSrHook.dll应该已经被删了。

我中梅毒了 - 2006-4-14 2:35:00

兄弟我能加你QQ么？　　我是菜鸟哈　
还有好多问题不懂　　我的QQ是11261808

我中梅毒了 - 2006-4-14 2:42:00

晕　　这次开机就出现这个了

附件: 674991200641424235.BMP

我中梅毒了 - 2006-4-14 3:13:00

Logfile of HijackThis v1.99.1
Scan saved at 3:12:52, on 2006-4-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\windows\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\windows\system32\ieinfo.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\扫描仪驱动\ScannerFinder.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
D:\腾讯QQ\QQ.exe
D:\腾讯QQ\TIMPlatform.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\wuauclt.exe
D:\TT\TTraveler.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
D:\扫描日志的\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\腾讯QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: DTSvc Class - {6B280AC7-8B18-46A4-BF70-FC579A1B2F76} - C:\Program Files\DTSVC\DTS\DTS.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Global Startup: Microtek 扫描仪探测器.lnk = ?
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\腾讯QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\腾讯QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\腾讯QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\腾讯QQ\SendMMS.htm
O9 - Extra button: 百度首页 - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=zlroomdg (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O11 - Options group: [!IESearch] 百度搜索伴侣
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A30D735-35DB-4575-B8AA-AC4A187A3291}: NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6ABE05-0DFC-4F18-81D0-6EC497C4E891}: NameServer = 202.96.134.133
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

瑞星卡卡安全论坛