1   1  /  1  页   跳转

高手请来帮忙啊!!谢谢!

收藏
笑一笑哈哈
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-01-31 13:44 | 只看楼主 短消息 资料
字号: 1楼

高手请来帮忙啊!!谢谢!

我用HJ扫描的结果:

Logfile of HijackThis v1.99.1
Scan saved at 13:26:14, on 2007-1-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Rising\Rav\RavStub.exe
C:\Windows\system32\GOVDN.EXE
C:\Windows\system32\IQYHR.EXE
C:\WINDOWS\Explorer.EXE
C:\Windows\system32\iuacaokd.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX04.485\HijackThis.exe

O2 - BHO: GPXEP - {019F62FA-2E7B-4204-9C96-C4118F2B1092} - C:\WINDOWS\system32\UBJQAHPWGO.DLL
O2 - BHO: QXFNXELTB - {1FD39B0E-BBC9-4410-8DA3-22C85D99BE68} - C:\WINDOWS\system32\VELTCKSZHO.DLL
O2 - BHO: UCJSBKSAIQ - {453ABD80-00CA-45A8-96E6-2B6C1BB720C5} - C:\WINDOWS\system32\PWENYGOW.DLL
O2 - BHO: (no name) - {471A662A-4030-42BC-B632-758700A64DB9} - (no file)
O2 - BHO: NVDLTBJR - {49DF6FA2-E85A-4F1B-9F91-8E47AC471924} - C:\WINDOWS\system32\SZGPZHPYGN.DLL
O2 - BHO: HOWEO - {4E10CD28-1EE8-4467-9F1E-754B9185B70F} - C:\WINDOWS\system32\BIQXGOVDLTAIPX.DLL
O2 - BHO: YFNVFNVDMUCJ - {4ECF7DCF-13F9-4CDB-95CA-7A7EFAF3E51C} - C:\WINDOWS\system32\NUBJTBJ.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\QQ2005\QQIEHelper.dll
O2 - BHO: JQXFOX - {55911A5B-F737-441A-8170-2DA216A09323} - C:\WINDOWS\system32\IPYGQZ.DLL
O2 - BHO: CIRZHQXHOWEMTB - {68399BB3-DD4F-4102-8424-F8FCA8FFAA36} - C:\WINDOWS\system32\VCJRBJRYHP.DLL
O2 - BHO: BHPXFNVDLSAISB - {69A00BAB-639E-4841-B8E0-47C245FA9124} - C:\WINDOWS\system32\GNVDO.DLL
O2 - BHO: GOWEOWEMUBIRYGN - {72C2ECEA-8378-432C-96C6-ECFF757E0F56} - C:\WINDOWS\system32\BIPZJRAIQYGOX.DLL
O2 - BHO: KSZISB - {77D7296C-1F74-487C-924C-47CC6DFE4B30} - C:\WINDOWS\system32\iedrjkljf.dll
O2 - BHO: UBJRCJRYHP - {862AB0AD-E2EB-43BE-A77C-31E1CFAF9C7F} - C:\WINDOWS\system32\PWEMWEMT.DLL
O2 - BHO: NUDKSAIQ - {AD4C069A-E3DC-4A07-985F-1DB773264382} - C:\WINDOWS\system32\DJSAJRYFOVCKSZ.DLL
O2 - BHO: YGNVFNVDKSAH - {B0A662B8-5094-4553-9804-43C6FDB197DB} - C:\WINDOWS\system32\AHPWFNUCKRZHO.DLL
O2 - BHO: NVCKTBJQ - {B6DAB458-913A-43A4-8536-A0710A53D5C0} - C:\WINDOWS\system32\KSZHRY.DLL
O2 - BHO: iCDToolBHO - {B75F81F9-584E-42AE-97D7-721B4FBBE81D} - C:\Program Files\Photo Workshop\Shell\iCDToolBHO.dll
O2 - BHO: IQZHRZ - {BA52D974-60C8-43FF-9313-4C702AF5537B} - C:\WINDOWS\system32\WEMUELTBJQXG.DLL
O2 - BHO: XDKTCLSZHQX - {C42AD3EA-19B0-4341-B215-D30F09A9705A} - C:\WINDOWS\system32\RZIQBIQYHO.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: KRYGPYF - {E326AC33-BB63-4DC8-8CCA-BFF409806CFE} - C:\WINDOWS\system32\XEMUDLTAIQXE.DLL
O3 - Toolbar: iCDBuilder - {CD915D28-FBE3-44D3-94B8-1CDA1DA11587} - C:\Program Files\Photo Workshop\Shell\iCDToolBand.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "c:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KAV] C:\WINDOWS\system32\KAV.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: (no name) - RsAutorunsDisabled - (no file)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\QQ2005\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\QQ2005\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: SysAllowPause (AllowPause) - Unknown owner - C:\Windows\system32\GOVDN.EXE
O23 - Service: SysAllowStop (AllowStop) - Unknown owner - C:\Windows\system32\RYGOXGOVD.EXE
O23 - Service: DepExMTLst (ExMTLst) - Unknown owner - C:\Windows\system32\AIQZKRAHPXFMU.EXE
O23 - Service: KameaDiruu (KameaDir) - Unknown owner - C:\Windows\system32\IQYHR.EXE
O23 - Service: MSServerCheckup (MSServerCheck) - Unknown owner - C:\Windows\system32\RZIQAIPXFM.EXE
O23 - Service: SysPassword (Password) - Unknown owner - C:\Windows\system32\iuacaokd.exe
O23 - Service: ProEvensAV (ProEvens) - Unknown owner - C:\Windows\system32\EKSBKTAHPYFMUCJ.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - c:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - c:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SysServiceStart (ServiceStart) - Unknown owner - C:\Windows\system32\BJRZJRYFOWDKTA.EXE
O23 - Service: SysServrceStart (ServrceStart) - Unknown owner - C:\Windows\system32\ELSBKTAHPXEMUBJ.EXE
O23 - Service: ProWin32Safe (Win32Safe) - Unknown owner - C:\Windows\system32\XELSBJRYHPXF.EXE

最后编辑2007-02-06 11:52:04
分享到:
gototop
 
HTTLOVEWLB
头像
健康舞勺狮
  • 帖子:358
  • 注册: 2005-12-26
  • 来自:安徽省金寨县
发表于: 2007-01-31 13:48 | 短消息 资料
字号: 2楼

你是用什么软件扫描的。你说的是什么问题?
gototop
 
QSteven
头像
初生襁褓狮
  • 帖子:228
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-31 13:55 | 短消息 资料
字号: 3楼

开始->运行->输入services.msc,找到以下服务,将其的启动类型改为禁用(双击服务,在启动类型列表中选择禁用,然后点确定按钮):
O23 - Service: SysAllowPause (AllowPause) - Unknown owner - C:\Windows\system32\GOVDN.EXE
O23 - Service: SysAllowStop (AllowStop) - Unknown owner - C:\Windows\system32\RYGOXGOVD.EXE
O23 - Service: DepExMTLst (ExMTLst) - Unknown owner - C:\Windows\system32\AIQZKRAHPXFMU.EXE
O23 - Service: KameaDiruu (KameaDir) - Unknown owner - C:\Windows\system32\IQYHR.EXE
O23 - Service: MSServerCheckup (MSServerCheck) - Unknown owner - C:\Windows\system32\RZIQAIPXFM.EXE
O23 - Service: SysPassword (Password) - Unknown owner - C:\Windows\system32\iuacaokd.exe
O23 - Service: ProEvensAV (ProEvens) - Unknown owner - C:\Windows\system32\EKSBKTAHPYFMUCJ.EXE
O23 - Service: SysServiceStart (ServiceStart) - Unknown owner - C:\Windows\system32\BJRZJRYFOWDKTA.EXE
O23 - Service: SysServrceStart (ServrceStart) - Unknown owner - C:\Windows\system32\ELSBKTAHPXEMUBJ.EXE
O23 - Service: ProWin32Safe (Win32Safe) - Unknown owner - C:\Windows\system32\XELSBJRYHPXF.EXE

二,用HJ修复以下BHO选项
O2 - BHO: GPXEP - {019F62FA-2E7B-4204-9C96-C4118F2B1092} - C:\WINDOWS\system32\UBJQAHPWGO.DLL
O2 - BHO: QXFNXELTB - {1FD39B0E-BBC9-4410-8DA3-22C85D99BE68} - C:\WINDOWS\system32\VELTCKSZHO.DLL
O2 - BHO: UCJSBKSAIQ - {453ABD80-00CA-45A8-96E6-2B6C1BB720C5} - C:\WINDOWS\system32\PWENYGOW.DLL
O2 - BHO: (no name) - {471A662A-4030-42BC-B632-758700A64DB9} - (no file)
O2 - BHO: NVDLTBJR - {49DF6FA2-E85A-4F1B-9F91-8E47AC471924} - C:\WINDOWS\system32\SZGPZHPYGN.DLL
O2 - BHO: HOWEO - {4E10CD28-1EE8-4467-9F1E-754B9185B70F} - C:\WINDOWS\system32\BIQXGOVDLTAIPX.DLL
O2 - BHO: YFNVFNVDMUCJ - {4ECF7DCF-13F9-4CDB-95CA-7A7EFAF3E51C} - C:\WINDOWS\system32\NUBJTBJ.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\QQ2005\QQIEHelper.dll
O2 - BHO: JQXFOX - {55911A5B-F737-441A-8170-2DA216A09323} - C:\WINDOWS\system32\IPYGQZ.DLL
O2 - BHO: CIRZHQXHOWEMTB - {68399BB3-DD4F-4102-8424-F8FCA8FFAA36} - C:\WINDOWS\system32\VCJRBJRYHP.DLL
O2 - BHO: BHPXFNVDLSAISB - {69A00BAB-639E-4841-B8E0-47C245FA9124} - C:\WINDOWS\system32\GNVDO.DLL
O2 - BHO: GOWEOWEMUBIRYGN - {72C2ECEA-8378-432C-96C6-ECFF757E0F56} - C:\WINDOWS\system32\BIPZJRAIQYGOX.DLL
O2 - BHO: KSZISB - {77D7296C-1F74-487C-924C-47CC6DFE4B30} - C:\WINDOWS\system32\iedrjkljf.dll
O2 - BHO: UBJRCJRYHP - {862AB0AD-E2EB-43BE-A77C-31E1CFAF9C7F} - C:\WINDOWS\system32\PWEMWEMT.DLL
O2 - BHO: NUDKSAIQ - {AD4C069A-E3DC-4A07-985F-1DB773264382} - C:\WINDOWS\system32\DJSAJRYFOVCKSZ.DLL
O2 - BHO: YGNVFNVDKSAH - {B0A662B8-5094-4553-9804-43C6FDB197DB} - C:\WINDOWS\system32\AHPWFNUCKRZHO.DLL
O2 - BHO: NVCKTBJQ - {B6DAB458-913A-43A4-8536-A0710A53D5C0} - C:\WINDOWS\system32\KSZHRY.DLL
O2 - BHO: iCDToolBHO - {B75F81F9-584E-42AE-97D7-721B4FBBE81D} - C:\Program Files\Photo Workshop\Shell\iCDToolBHO.dll
O2 - BHO: IQZHRZ - {BA52D974-60C8-43FF-9313-4C702AF5537B} - C:\WINDOWS\system32\WEMUELTBJQXG.DLL
O2 - BHO: XDKTCLSZHQX - {C42AD3EA-19B0-4341-B215-D30F09A9705A} - C:\WINDOWS\system32\RZIQBIQYHO.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: KRYGPYF - {E326AC33-BB63-4DC8-8CCA-BFF409806CFE} - C:\WINDOWS\system32\XEMUDLTAIQXE.DLL
具体操作为在选项前打勾,然后选择修复按钮。

重启计算机,用HJ重新扫描,将日志再传一遍。
gototop
 
笑一笑哈哈
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-01-31 13:59 | 只看楼主 短消息 资料
字号: 4楼

我的电脑,症状就是:屏幕上的鼠标老是自己在动.而且屏幕最下面出现一些非法程序闪现.
上面是我用HJ扫描的结果;
下面是我用autoruns扫描电脑的结果:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ KAV            File not found: C:\WINDOWS\system32\KAV.EXE

+ RavTask    RavTimer    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtask.exe

+ runeip    Rising AntiSpyware Monitor    Beijing Rising Technology Co., Ltd.    c:\program files\rising\antispyware\runiep.exe

+ TkBellExe    RealNetworks Scheduler    RealNetworks, Inc.    c:\program files\common files\real\update_ob\realsched.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce           

+ KKDelay    RunOnce Application    Beijing Rising Technology Co., Ltd.    c:\program files\rising\antispyware\runonce.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ Rising Execute File Exts hook    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Display Panning CPL Extension            File not found: deskpan.dll

+ HyperTerminal Icon Ext    HyperTerminal Applet Library    Hilgraeve, Inc.    c:\windows\system32\hticons.dll

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    RealNetworks, Inc.    c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension            c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ BHPXFNVDLSAISB            c:\windows\system32\gnvdo.dll

+ CIRZHQXHOWEMTB            c:\windows\system32\vcjrbjryhp.dll

+ GOWEOWEMUBIRYGN            c:\windows\system32\bipzjraiqygox.dll

+ GPXEP            c:\windows\system32\ubjqahpwgo.dll

+ HOWEO            c:\windows\system32\biqxgovdltaipx.dll

+ iCDToolBHO    iCDToolBHO Module    iCDBuilder.com    c:\program files\photo workshop\shell\icdtoolbho.dll

+ IQZHRZ            c:\windows\system32\wemueltbjqxg.dll

+ JQXFOX            c:\windows\system32\ipygqz.dll

+ KRYGPYF            c:\windows\system32\xemudltaiqxe.dll

+ KSZISB            c:\windows\system32\iedrjkljf.dll

+ NTIECatcher Class    Net Transport IE Helper Module    Xi    c:\program files\xi\nettransport 2\ntiehelper.dll

+ NUDKSAIQ            c:\windows\system32\djsajryfovcksz.dll

+ NVCKTBJQ            c:\windows\system32\kszhry.dll

+ NVDLTBJR            c:\windows\system32\szgpzhpygn.dll

+ QQBrowserHelperObject Class    QQIEHelper Module    深圳市腾讯计算机系统有限公司    d:\program files\qq2005\qqiehelper.dll

+ QXFNXELTB            c:\windows\system32\veltckszho.dll

+ UBJRCJRYHP            c:\windows\system32\pwemwemt.dll

+ UCJSBKSAIQ            c:\windows\system32\pwenygow.dll

+ XDKTCLSZHQX            c:\windows\system32\rziqbiqyho.dll

+ YFNVFNVDMUCJ            c:\windows\system32\nubjtbj.dll

+ YGNVFNVDKSAH            c:\windows\system32\ahpwfnuckrzho.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ iCDBuilder ToolBar    iCDToolBand Module    iCDBuilder.com    c:\program files\photo workshop\shell\icdtoolband.dll

+ kakatool.dll    Rising AntiSpyware Toolbar    Beijing Rising Technology Co., Ltd.    c:\windows\system32\kakatool.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions           

+ 腾讯QQ    QQ    TENCENT    d:\program files\qq2005\qq.exe

HKLM\System\CurrentControlSet\Services           

+ AllowPause    Windows SysAllowPause Servers 自动服务。如果被停止服务,Windows SysAllowPause Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\govdn.exe

+ AllowStop    Windows SysAllowStop Servers 自动服务。如果被停止服务,Windows SysAllowStop Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\rygoxgovd.exe

+ ExMTLst            c:\windows\system32\aiqzkrahpxfmu.exe

+ KameaDir            c:\windows\system32\iqyhr.exe

+ MSServerCheck    Windows MSServerCheckup Servers 自动服务。如果被停止服务,Windows MSServerCheckup Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\rziqaipxfm.exe

+ Password    Windows SysPassword Servers 自动服务。如果被停止服务,Windows SysPassword Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\iuacaokd.exe

+ ProEvens            c:\windows\system32\eksbktahpyfmucj.exe

+ RsCCenter    CCenter    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMond    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

+ ServiceStart    Windows SysServiceStart Servers 自动服务。如果被停止服务,Windows SysServiceStart Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\bjrzjryfowdkta.exe

+ ServrceStart    Windows SysServrceStart Servers 自动服务。如果被停止服务,Windows SysServrceStart Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\elsbktahpxemubj.exe

+ Win32Safe    Windows ProWin32Safe Servers 自动服务。如果被停止服务,Windows ProWin32Safe Servers 服务进行无法操作。如果被禁用服务,任何依赖它的服务将无法启动。        c:\windows\system32\xelsbjryhpxf.exe

HKLM\System\CurrentControlSet\Services           

+ ac97intc    Intel(r) Integrated Controller Hub Audio Driver    Intel Corporation    c:\windows\system32\drivers\ac97intc.sys

+ AliIde            File not found: System32\DRIVERS\aliide.sys

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys

+ CmdIde    CMD PCI IDE Bus Driver    CMD Technology, Inc.    c:\windows\system32\drivers\cmdide.sys

+ ExpScaner    ExpScan.sys        c:\program files\rising\rav\expscan.sys

+ FETNDIS    NDIS 5.0 miniport driver    VIA Technologies, Inc.                  c:\windows\system32\drivers\fetnd5.sys

+ FETNDISB    NDIS 5.0 miniport driver    VIA Technologies, Inc.                  c:\windows\system32\drivers\fetnd5b.sys

+ HookCont    HookCont    Rising    c:\program files\rising\rav\hookcont.sys

+ HookReg            c:\program files\rising\rav\hookreg.sys

+ HookSys    Hooksys    Rising    c:\program files\rising\rav\hooksys.sys

+ HWiNFO32    HWiNFO32 Kernel Driver    REALiX(tm)    c:\program files\hwinfo32\hwinfo32.sys

+ icdmmc    Description string for Icdmmc driver    iCDBuilder.com    c:\windows\system32\drivers\icdmmc.sys

+ MegaIDE    LSI MegaRAID IDE Driver    LSI Logic Corporation.    c:\windows\system32\drivers\megaide.sys

+ MEMSCAN    MemScan Driver    瑞星软件有限公司    c:\program files\rising\rav\memscan.sys

+ npkcrypt            File not found: D:\Program Files\QQ2005\npkcrypt.sys

+ nv    NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73     NVIDIA Corporation    c:\windows\system32\drivers\nv4_mini.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys

+ RsNTGDI    RsNTGDI    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\rsntgdi.sys

+ S3SavageNB    S3 ProSavage(DDR) & Twister Miniport Driver    S3 Graphics, Inc.    c:\windows\system32\drivers\s3gnbm.sys

+ Secdrv    SafeDisc driver        c:\windows\system32\drivers\secdrv.sys

+ SKNFW            c:\windows\system32\drivers\sknfw.sys

+ SkyProcs            c:\program files\skynet\firewall\skyprocs.sys

+ VIAudio    VIA AC'97 Enhanced Audio WDM Driver     VIA Technologies, Inc.    c:\windows\system32\drivers\viaudio.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           

+ KKNative.exe    NativeAp    Beijing Rising Technology Co., Ltd.    c:\windows\system32\kknative.exe

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors           

+ CNAB4 Monitor    Canon Advanced Printing Technology Language Monitor    CANON INC.    c:\windows\system32\cnab4lmk.dll
gototop
 
QSteven
头像
初生襁褓狮
  • 帖子:228
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-31 14:08 | 短消息 资料
字号: 5楼

如果照我的操作做了,还有问题,下载SREng,将智能扫描日志传上来,下载地址:http://www.kztechs.com/sreng/download.html。
gototop
 
笑一笑哈哈
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-01-31 14:16 | 只看楼主 短消息 资料
字号: 6楼

我按你的方法做了,下面是用HJ又扫描的一遍,请看一下.谢谢.
Logfile of HijackThis v1.99.1
Scan saved at 13:58:14, on 2007-1-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\GOVDN.EXE
C:\WINDOWS\explorer.exe
C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX00.094\HijackThis.exe

O3 - Toolbar: iCDBuilder - {CD915D28-FBE3-44D3-94B8-1CDA1DA11587} - C:\Program Files\Photo Workshop\Shell\iCDToolBand.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RavTask] "c:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KAV] C:\WINDOWS\system32\KAV.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\QQ2005\SendMMS.htm
O9 - Extra button: (no name) - RsAutorunsDisabled - (no file)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\QQ2005\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\QQ2005\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\QQ2005\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: SysAllowPause (AllowPause) - Unknown owner - C:\Windows\system32\GOVDN.EXE
O23 - Service: SysAllowStop (AllowStop) - Unknown owner - C:\Windows\system32\RYGOXGOVD.EXE
O23 - Service: DepExMTLst (ExMTLst) - Unknown owner - C:\Windows\system32\AIQZKRAHPXFMU.EXE
O23 - Service: KameaDiruu (KameaDir) - Unknown owner - C:\Windows\system32\IQYHR.EXE
O23 - Service: MSServerCheckup (MSServerCheck) - Unknown owner - C:\Windows\system32\RZIQAIPXFM.EXE
O23 - Service: SysPassword (Password) - Unknown owner - C:\Windows\system32\iuacaokd.exe
O23 - Service: ProEvensAV (ProEvens) - Unknown owner - C:\Windows\system32\EKSBKTAHPYFMUCJ.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - c:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - c:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SysServiceStart (ServiceStart) - Unknown owner - C:\Windows\system32\BJRZJRYFOWDKTA.EXE
O23 - Service: SysServrceStart (ServrceStart) - Unknown owner - C:\Windows\system32\ELSBKTAHPXEMUBJ.EXE
O23 - Service: ProWin32Safe (Win32Safe) - Unknown owner - C:\Windows\system32\XELSBJRYHPXF.EXE
gototop
 
QSteven
头像
初生襁褓狮
  • 帖子:228
  • 注册: 2007-01-18
  • 来自:
发表于: 2007-01-31 14:26 | 短消息 资料
字号: 7楼

还有几个恶意进程,你用SREng扫描一下,将智能扫描的日志贴上来。
gototop
 
笑一笑哈哈
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-02-06 12:00 | 只看楼主 短消息 资料
字号: 8楼

2007-01-31,14:03:20

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"c:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KAV><C:\WINDOWS\system32\KAV.EXE>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\Bliss.scr>  [Microsoft]

==================================
启动文件夹
N/A

==================================
服务
[SysAllowPause / AllowPause]
  <C:\Windows\system32\GOVDN.EXE><N/A>
[SysAllowStop / AllowStop]
  <C:\Windows\system32\RYGOXGOVD.EXE><N/A>
[DepExMTLst / ExMTLst]
  <C:\Windows\system32\AIQZKRAHPXFMU.EXE><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KameaDiruu / KameaDir]
  <C:\Windows\system32\IQYHR.EXE><N/A>
[MSServerCheckup / MSServerCheck]
  <C:\Windows\system32\RZIQAIPXFM.EXE><N/A>
[SysPassword / Password]
  <C:\Windows\system32\iuacaokd.exe><N/A>
[ProEvensAV / ProEvens]
  <C:\Windows\system32\EKSBKTAHPYFMUCJ.EXE><N/A>
[Rising Process Communication Center / RsCCenter]
  <"c:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"c:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SysServiceStart / ServiceStart]
  <C:\Windows\system32\BJRZJRYFOWDKTA.EXE><N/A>
[SysServrceStart / ServrceStart]
  <C:\Windows\system32\ELSBKTAHPXEMUBJ.EXE><N/A>
[ProWin32Safe / Win32Safe]
  <C:\Windows\system32\XELSBJRYHPXF.EXE><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[BaseTDI / BaseTDI]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner]
  <\??\c:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
  <\??\c:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\c:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\c:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HWiNFO32 Kernel Driver / HWiNFO32]
  <\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS><REALiX(tm)>
[icdfsd / icdfsd]
  <C:\WINDOWS\SYSTEM32\DRIVERS\icdfsd.SYS><iCDBuilder.com>
[icdfsdvp / icdfsdvp]
  <C:\WINDOWS\SYSTEM32\DRIVERS\icdfsdvp.SYS><iCDBuilder.com>
[icdmmc / icdmmc]
  <\??\C:\WINDOWS\system32\drivers\icdmmc.sys><iCDBuilder.com>
[iFilter / iFilter]
  <C:\WINDOWS\SYSTEM32\DRIVERS\iFilter.SYS><iCDBuilder.com>
[MegaIDE / MegaIDE]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN]
  <\??\c:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\QQ2005\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qvlqcd37 / qvlqcd37]
  <\SystemRoot\system32\\drivers\\qvlqcd37.sys><Microsoft Corporation>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[S3SavageNB / S3SavageNB]
  <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\C:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[iCDBuilder]
  {CD915D28-FBE3-44D3-94B8-1CDA1DA11587} <C:\Program Files\Photo Workshop\Shell\iCDToolBand.dll, iCDBuilder.com>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[PhotoUploadCtrl Control]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <d:\PROGRA~1\QQ2005\QZone\PHOTOU~1.OCX, tencent>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[iCDBuilder]
  {CD915D28-FBE3-44D3-94B8-1CDA1DA11587} <C:\Program Files\Photo Workshop\Shell\iCDToolBand.dll, iCDBuilder.com>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\QQ2005\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 548][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
gototop
 
笑一笑哈哈
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2006-11-30
  • 来自:
发表于: 2007-02-06 12:01 | 只看楼主 短消息 资料
字号: 9楼

3-2158)]
    [C:\WINDOWS\system32\CNAB4LMK.DLL]  [CANON INC., 1.01.0.003]
    [C:\WINDOWS\system32\CNAB4SMK.DLL]  [CANON INC., 1.01.0.003]
    [C:\WINDOWS\system32\CNAB4PTU.DLL]  [CANON INC., 1.01.0.003]
    [C:\WINDOWS\system32\CNAB4EMU.DLL]  [CANON INC., 1.01.0.003]
[PID: 1592][c:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [c:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [c:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2036][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2052][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 27]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2080][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2088][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2176][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2180][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2996][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3328][C:\WINDOWS\system32\CNAB4RPK.EXE]  [CANON INC., 1.01.0.003]
[PID: 3516][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4584][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UBJQAHPWGO.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\VELTCKSZHO.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\PWENYGOW.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\SZGPZHPYGN.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\BIQXGOVDLTAIPX.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\NUBJTBJ.DLL]  [N/A, N/A]
    [d:\Program Files\QQ2005\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\WINDOWS\system32\IPYGQZ.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\VCJRBJRYHP.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\GNVDO.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\BIPZJRAIQYGOX.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\iedrjkljf.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\PWEMWEMT.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\DJSAJRYFOVCKSZ.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\AHPWFNUCKRZHO.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\KSZHRY.DLL]  [N/A, N/A]
    [C:\Program Files\Photo Workshop\Shell\iCDToolBHO.dll]  [iCDBuilder.com, 4,5,0,1142]
    [C:\WINDOWS\system32\WEMUELTBJQXG.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\RZIQBIQYHO.DLL]  [N/A, N/A]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
    [C:\WINDOWS\system32\XEMUDLTAIQXE.DLL]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [c:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\Program Files\Photo Workshop\Shell\iCDToolBand.dll]  [iCDBuilder.com, 4,5,0,1142]
[PID: 3468][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2532][C:\Windows\system32\GOVDN.EXE]  [N/A, N/A]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3704][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Windows\system32\BHPWHOWEMTBJQ.DLL]  [N/A, 1.0.0.1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [c:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3744][C:\DOCUME~1\new\LOCALS~1\Temp\Rar$EX00.609\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT