瑞星扫描日志:
病毒名称 处理结果 发现日期 扫描方式 路径 文件 病毒来源
Trojan.DL.Small.ibr 删除成功 2006-07-08 09:21 手动扫描 C:\WINDOWS\system32\mscache 147.cpz>>cf.scr 本机
Trojan.DL.Small.ibr 删除成功 2006-07-08 09:24 手动扫描 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\LGCDPH4L\147 cf.scr 本机
SRE2。0扫描日志:
2006-07-08,09:54:58
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run>
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation>
<MsnMsgr><; > [>
<ScanRegistry><; C:\Program Files\pcsporl\Sporl.exe> [>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<load><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run>
<SearchNet_Up><"C:\Program Files\SearchNet\ServeUp.exe"> [中搜在线>
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation>
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.>
<aka9f68><; RunDll32 "C:\WINDOWS\Downlo~1\aka9f68.dll",Run> [Microsoft Corporation>
<CdnCtr><; C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo>
<spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司>
<RavTask><"e:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.>
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME>
<Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [>
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [>
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation>
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [>
<MoveSearch><; C:\Program Files\HuaCi\huaci\zsearch.exe> [中搜在线>
<MP10_EnsureFileVer><; C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions> [Microsoft Corporation>
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation>
<nwiz><; nwiz.exe /install> [NVIDIA Corporation>
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation>
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation>
<PigUpdate><; C:\Program Files\dit\DownLoadPig.exe> [>
<QuickTime Task><; "E:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.>
<ReceiveMessage.exe><; C:\WINDOWS\system32\ReceiveMessage.exe> [联友科技>
<RfwMain><; "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.>
<RichMedia><; C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd>
<rundll32><; > [>
<SendMessage.exe><; C:\Program Files\联友科技\E3S-DMS\SendMessage.exe> [联友科技>
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.>
<SysExplr><; C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> [>
<WangWang><; "E:\Program Files\淘宝旺旺\WangWang.EXE"> [浙江淘宝网络有限公司>
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!>
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [ >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<shell><Explorer.exe> [Microsoft Corporation>
<Userinit><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<AppInit_DLLs><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<UIHost><logonui.exe> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks>
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.>
==================================
启动文件夹
[IE-BAR>
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-BAR.lnk><N>
==================================:(
服务
[InstallDriver Table Manager / IDriverT>
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service>
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc>
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Log / Remote Log>
<system32\ServeHost.exe><Beijing zhongsou online software>
[Rising Proxy Service / RfwProxySrv>
<e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService>
<e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter>
<"e:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon>
<"e:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StdService / StdService>
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
[WinWrCup / WinWrCup>
<C:\WINDOWS\wincup\wincup.exe -R><MsWinCup>
==================================
浏览器加载项
[ThunderIEHelper Class>
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class>
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[wmpdrm>
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[IE Address Browser Helper>
{2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[BrowserHelper Class>
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[AntiFish Class>
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\yp5.dll, 中搜在线软件有限公司>
[XBTP04729 Class>
{41C33D03-4ABD-4e1e-B39D-2A5B0CDA31F7} <C:\PROGRA~1\ONLYDO~1.COM\onlydown.dll, IE Toolbar>
[FlpLauncher Class>
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} <F:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll, >
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>
[CdnForIE Class>
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <, N/A>
[DragSearch BHO>
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[BandIE Class>
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Status Class>
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Thunder Browser Helper>
{889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[QqyJjsvn Class>
{8C60E3C7-5B37-0B21-DD57-325BFBEF254D} <, N/A>
[MacroMediapd>
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, N/A>
[CnsHook Class>
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[WMHlprObj Class>
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <, N/A>
[CdnForIE Class>
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <, N/A>
[MMSAssistMenu>
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[QQ>
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class>
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天>
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[>
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <, N/A>
[Messenger>
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[>
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <, N/A>
[百度超级搜霸>
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Kuaiso Toolsbar>
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040_9598.dll, IE Toolbar>
[PowerPlr Control>
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[CEditCtrl Object>
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, >
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class>
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class>
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[wmpdrm>
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[IE Address Browser Helper>
{2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[BrowserHelper Class>
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, TODO: <公司名>>
[AntiFish Class>
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[CaiShowBH Class>
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[IE Browser Helper>
{3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\yp5.dll, 中搜在线软件有限公司>
[XBTP04729 Class>
{41C33D03-4ABD-4E1E-B39D-2A5B0CDA31F7} <C:\PROGRA~1\ONLYDO~1.COM\onlydown.dll, IE Toolbar>
[FlpLauncher Class>
{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} <F:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll, >
[NetAccelerate Class>
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, N/A>
[CdnForIE Class>
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <, N/A>
[DragSearch BHO>
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[Kuaiso Toolsbar>
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_06040_9598.dll, IE Toolbar>
[BandIE Class>
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Status Class>
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Thunder Browser Helper>
{889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[QqyJjsvn Class>
{8C60E3C7-5B37-0B21-DD57-325BFBEF254D} <, N/A>
[SearchAssistantOC>
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸>
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[MacroMediapd>
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\microapmddt.dll, N/A>
[CnsHook Class>
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[WMHlprObj Class>
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <, N/A>
[ >> 彩信发送 <<>
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[&使用迅雷下载>
<e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接>
<e:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘>
<E:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板>
<E:\qq\AddPanel.htm, N/A>
[添加到QQ表情>
<E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片>
<E:\qq\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 464>[\SystemRoot\System32\smss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 520>[\??\C:\WINDOWS\system32\csrss.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 544>[\??\C:\WINDOWS\system32\winlogon.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588>[C:\WINDOWS\system32\services.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600>[C:\WINDOWS\system32\lsass.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872>[e:\Program Files\Rising\Rav\CCenter.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 888>[C:\WINDOWS\System32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 968>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1064>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076>[e:\Program Files\Rising\Rav\Ravmond.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 1, 26>
[e:\Program Files\Rising\Rav\BWList.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[e:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[e:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[e:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[e:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[e:\Program Files\Rising\Rav\RsLog.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[e:\Program Files\Rising\Rav\HOOKSYS.dll> <Rising><18, 1, 0, 9>
[e:\Program Files\Rising\Rav\Scanner.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[e:\Program Files\Rising\Rav\libload.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[e:\Program Files\Rising\Rav\VirusLib.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[e:\Program Files\Rising\Rav\regmon.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[e:\Program Files\Rising\Rav\HookWeb.dll> <rising><18, 0, 0, 1>
[e:\Program Files\Rising\Rav\MemMon.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[e:\Program Files\Rising\Rav\expscan.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[e:\Program Files\Rising\Rav\mPorts.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[e:\Program Files\Rising\Rav\MailMon.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[e:\Program Files\Rising\Rav\SpamEng.dll> <N/A><18, 0, 0, 6>
[e:\Program Files\Rising\Rav\engine.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[e:\Program Files\Rising\Rav\PostTrt.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[e:\Program Files\Rising\Rav\UnExe.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[e:\Program Files\Rising\Rav\ScanExec.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[e:\Program Files\Rising\Rav\ScanEx.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[e:\Program Files\Rising\Rav\NvFile.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[e:\Program Files\Rising\Rav\ScanMac.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[e:\Program Files\Rising\Rav\ScanSct.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[e:\Program Files\Rising\Rav\Unpacker.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[e:\Program Files\Rising\Rav\RsStore.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[e:\Program Files\Rising\Rav\ExtOLE.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1156>[e:\program files\rising\rfw\rfwsrv.exe> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 30>
[e:\program files\rising\rfw\RfwRule.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
[e:\program files\rising\rfw\rfwlog.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[e:\program files\rising\rfw\Rfwdrv.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[e:\program files\rising\rfw\MonDrv.dll> <rs><1, 0, 0, 4>
[e:\program files\rising\rfw\ProcLib.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1296>[C:\WINDOWS\system32\spoolsv.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1620>[C:\WINDOWS\Explorer.EXE> <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nvcpl.dll> <NVIDIA Corporation><6.14.10.7184>
[C:\WINDOWS\system32\NVRSZHC.DLL> <NVIDIA Corporation><6.14.10.7184>
[C:\WINDOWS\system32\nvshell.dll> <NVIDIA Corporation><6.14.10.10035>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[C:\WINDOWS\system32\msicn\msibm.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bse.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\as.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\navangel.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[e:\Program Files\Rising\Rav\RavScrCh.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll> <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll> < ><2, 0, 1, 1007>
[C:\WINDOWS\downlo~1\CnsHook.dll> <北京三七二一科技有限公司><1, 0, 2, 7>
[C:\WINDOWS\system32\RavExt.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\xunleibho_v14.dll> <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx> <><1, 0, 0, 1>
[C:\WINDOWS\system32\WinDefendor.dll> <TODO: <公司名>><1.0.0.2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll> <Yahoo! China><1, 1, 3, 1035>
[C:\WINDOWS\Downlo~1\yp5.dll> <中搜在线软件有限公司><1, 0, 3, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll> <Yahoo!><2, 1, 8, 1048>
[F:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll> <><1, 1, 0, 2>
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL> <><1, 2, 7, 1006>
[C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> <><1, 2, 0, 2>
[C:\WINDOWS\SYSTEM32\stdup.dll> <><3, 2, 1, 6>
[C:\PROGRA~1\baidu\bar\baidubar.dll> <Baidu.com, Inc.><2, 0, 2, 76>
[C:\Program Files\baigoo\BGooBHO.dll> <><1, 0, 0, 1>
[e:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll> <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[F:\PROGRA~1\KuGoo3\KUGOO3~1.OCX> <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll> <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll> <N/A><1, 0, 1, 1014>
[e:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\畅通伟业\快递通2004\KDTExt.dll> <N/A><1, 0, 0, 1>
[PID: 1684>[e:\program files\rising\rfw\RfwMain.exe> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
[e:\program files\rising\rfw\RsGuiLib.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[e:\program files\rising\rfw\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[e:\program files\rising\rfw\PngDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[PID: 1748>[C:\WINDOWS\system32\Rundll32.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\WINDOWS\downlo~1\CnsMinIO.dll> <北京三七二一科技有限公司><1, 0, 3, 6>
[C:\WINDOWS\downlo~1\cnsio.dll> <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 1928>[C:\WINDOWS\system32\inetsrv\inetinfo.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1964>[C:\WINDOWS\system32\nvsvc32.exe> <NVIDIA Corporation><6.14.10.7184>
[C:\WINDOWS\system32\NVRSZHC.DLL> <NVIDIA Corporation><6.14.10.7184>
[PID: 1984>[C:\WINDOWS\system32\ServeHost.exe> <Beijing zhongsou online software><1, 0, 3, 1>
[PID: 2012>[C:\WINDOWS\system32\rundll32.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\STDSVER.DLL> <><3, 2, 1, 6>
[PID: 2032>[C:\WINDOWS\system32\wdfmgr.exe> <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 204>[C:\WINDOWS\wincup\wincup.exe> <MsWinCup><1, 0, 0, 0>
[PID: 380>[C:\Program Files\SearchNet\SearchNet.exe> <Beijing zhongsou><1, 0, 3, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1548>[C:\Program Files\baigoo\bgoomain.exe> <BGoo><1, 0, 0, 1006>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\Program Files\baigoo\bgooex.dll> <><1, 0, 0, 1007>
[PID: 1504>[C:\Program Files\Common Files\Real\Update_OB\realsched.exe> <RealNetworks, Inc.><0.1.0.3208>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2108>[E:\Program Files\Rising\Rav\RavTask.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[E:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[E:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[E:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2204>[E:\Program Files\Rising\Rav\Ravmon.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 1, 28>
[E:\Program Files\Rising\Rav\RsGuiLib.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[E:\Program Files\Rising\Rav\BWList.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[E:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[E:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[E:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[E:\Program Files\Rising\Rav\PngDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[PID: 2216>[C:\WINDOWS\system32\ctfmon.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\WINDOWS\system32\msicn\msibm.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 2392>[C:\WINDOWS\System32\alg.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2448>[C:\WINDOWS\system32\rundll32.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\IE-BAR\Cast\dmipn.dll> <千橡互联><2, 2, 1, 0>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\PROGRA~1\IE-BAR\Cast\dmshell.dll> <千橡互联><2, 2, 1, 0>
[C:\Progra~1\IE-BAR\Cast\221~1.0\dmplayer.dll> <千橡互联><2, 2, 1, 0>
[PID: 2560>[C:\WINDOWS\system32\wscntfy.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2720>[C:\Program Files\Maxthon\Maxthon.exe> <Maxthon International Ltd.><1, 5, 6, 42>
[C:\Program Files\Maxthon\maxzlib.dll> < ><1, 0, 0, 2>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\WINDOWS\system32\wmpdrm.dll> <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll> <><1, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgook.dll> <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll> <BAIGOO><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll> <BAIGOO><1.0.0.1007>
[e:\Program Files\Rising\Rav\RavScrCh.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\msicn\msibm.dll> <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\JPWB.IME> <常诚研制><4.00.950>
[C:\Program Files\畅通伟业\快递通2004\KDTExt.dll> <N/A><1, 0, 0, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx> <Macromedia, Inc.><8,0,24,0>
[PID: 3392>[C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe> < ><2, 0, 0, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll> <><2, 1, 5, 1045>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll> < ><2, 0, 1, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll> <><1, 0, 0, 5>
[PID: 3520>[C:\WINDOWS\system32\rundll32.exe> <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\SYSTEM32\stdup.dll> <><3, 2, 1, 6>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1480>[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aukld1\aukld1.exe> <N/A><N/A>
[PID: 3752>[e:\Program Files\Rising\Rav\RsAgent.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[e:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[PID: 3756>[C:\WINDOWS\msagent\AgentSvr.exe> <Microsoft Corporation><2.00.0.3422>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
[PID: 2312>[E:\soft\fcbu\病毒检测\SREng2\SREng.exe> <Smallfrogs Studio><2.0.21.505>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll> <><2, 0, 1, 1018>
[C:\Program Files\baigoo\bgoohk.dll> < ><1, 0, 0, 1007>
[C:\WINDOWS\downlo~1\CnsMin.dll> <北京三七二一科技有限公司><1, 5, 3, 1>
[C:\Program Files\SearchNet\SrvNet32.dll> <中搜在线><1, 0, 2, 7>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1>
.EXE OK. ["%1" %*>
.COM OK. ["%1" %*>
.PIF OK. ["%1" %*>
.REG OK. [regedit.exe "%1">
.BAT OK. ["%1" %*>
.SCR OK. ["%1" /S>
.CHM OK. ["C:\WINDOWS\hh.exe" %1>
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1>
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1>
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1>
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.LNK OK. [{00021401-0000-0000-C000-000000000046}>
==================================
Winsock 提供者
==================================
找到文件路径删除它们 c:\WINDOWS\system32\mscache\147.cpz
清理IE临时文件
用恶意软件清理工具清理IE插件
修复以下
<aka9f68><; RunDll32 "C:\WINDOWS\Downlo~1\aka9f68.dll",Run> [Microsoft Corporation>
<CdnCtr><; C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo>
<Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>
<igUpdate><; C:\Program Files\dit\DownLoadPig.exe>
RichMedia><; C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows>
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
并找到以下路径删除文件
C:\WINDOWS\System32\STDSVER.DLL
C:\PROGRA~1\hbclient\HBHelper.dll
启动项:
<aka9f68><; RunDll32 "C:\WINDOWS\Downlo~1\aka9f68.dll",Run> [Microsoft Corporation>
<MP10_EnsureFileVer><; C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions> [Microsoft Corporation>
服务:
[StdService / StdService>
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
[WinWrCup / WinWrCup>
<C:\WINDOWS\wincup\wincup.exe -R><MsWinCup>
修复,删除
控制面板卸载 百狗 划词搜索 百度 千橡互联(IE-BAK) 傲讯 雅虎 桌面传媒
并用恶意软件清理助手清理系统,清空系统(自已)的临时文件夹和IE缓存
并看看控制面板中有没有多余的任务计划
版主谢谢你的指导,可是服务都删不掉呀.我是个新手 |
|
设为首页
加入收藏
联系我们
打印本文 
返回顶部 
加入收藏 
关闭窗口
