瑞星卡卡安全论坛
夜笼寒水月笼沙 - 2006-5-25 23:14:00
某日在杀毒时突然发现我的电脑无法打开
点击系统就提醒说drwtsn32出现错误是否要发送错误报告
染上的毒似乎就是Trojan.DL.small.ifr(忘了看名字了.但也是出现EBAY的图标)
现在搜索等和我的电脑有关的服务一概无法打开
而瑞星防火墙也在开机时就被说是出现错误无法打开...
我无邪 - 2006-5-25 23:20:00
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。
夜笼寒水月笼沙 - 2006-5-25 23:26:00
2006-05-25,23:22:18
System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><C:\Program Files\rising\Rfw\rfwmain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Knight V><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft Update><msconfg.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<win updates><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<win updates><; wugrds.exe>
==================================
启动文件夹
服务
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<C:\Program Files\rising\Rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[QoS Service / WIDETS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Windows Update Service / wuamgrd]
<C:\WINDOWS\system32\wuamgrd.exe><N/A>
==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO_v07.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006424_1100.dll, Microsoft Corporation>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[DTSvc Class]
{2EF14E3B-45CE-45d6-913E-7AA65331A933} <C:\WINDOWS\DTSVC\DTS\DTS.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[QQBrowserHelper
Object Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[HB
Object Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[迅雷]
{1FBA04EE-3024-11D2-8F1F-000019796948}} <C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe, 深圳市迅雷网络技术有限公司>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[VqqSpeedCtrl Class]
{A162E671-4A6F-4BC0-A598-ED17DFFBDDD7} <C:\WINDOWS\VqqSpeedProxy.dll, >
[KSHScan Control]
{ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\Downloaded Program Files\GLIEDown.dll, 联众公司>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan
Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO_v07.dll, N/A>
[ActiveMovieControl
Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006424_1100.dll, Microsoft Corporation>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DTSvc Class]
{2EF14E3B-45CE-45D6-913E-7AA65331A933} <C:\WINDOWS\DTSVC\DTS\DTS.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
[QQBrowserHelper
Object Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[HB
Object Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[]
夜笼寒水月笼沙 - 2006-5-25 23:26:00
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\Program Files\pcast\PodcastbarMini\pcastctl.dll, N/A>
[&使用暴风下载器下载]
<C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll] <Stardock><1, 0, 0, 1>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 784][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 860][C:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 876][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 968][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1008][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1040][C:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1220][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1336][C:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1452][C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe] <Stardock Systems, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 1576][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 1960][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 224][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[PID: 228][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\HBClient\tbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 2>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[PID: 240][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 368][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[PID: 408][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
夜笼寒水月笼沙 - 2006-5-25 23:26:00
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 452][C:\WINDOWS\system32\devldr32.exe] <Creative Technology Ltd.><1, 0, 0, 17>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\DEVCON32.DLL] <Creative Technology Ltd.><4.06.651>
[C:\WINDOWS\system32\SFMAN32.DLL] <Creative Technology Ltd.><4.06.501>
[PID: 952][C:\Program Files\rising\Rav\Rav.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 61>
[C:\Program Files\rising\Rav\PlugIn\RsPgScan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RavUI.Dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 57>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RavUIMsg.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[C:\Program Files\rising\Rav\RavQu.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\MVEngine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\Engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\ExtMail.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\ExtFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[C:\Program Files\rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 980][C:\Program Files\rising\Rav\RsAgent.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1120][C:\WINDOWS\msagent\AgentSvr.exe] <Microsoft Corporation><2.00.0.3422>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 2172][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3596][C:\Program Files\Tencent\TT\TTraveler.exe] <腾讯公司><2, 1, 0, 209>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 3360][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 2696][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <N/A><N/A>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <N/A><N/A>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <N/A><N/A>
[PID: 896][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX21.468\HijackThis1991zww.exe] <Soeperman Enterprises Ltd.><1.99.0001>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
[PID: 3340][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.062\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll] <><2, 0, 0, 3>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
我无邪 - 2006-5-25 23:42:00
建议你下载超级兔子。
http://dl.pconline.com.cn/html_2/1/75/id=273&pn=0.html
安装好后,打开“超级兔子优化王”“专业卸载,卸载除迅雷外所有提示的垃圾软件。
运行System Repair Engineer,点“启动项目,服务,勾选“隐藏微软服务”选中病毒服务QoS Service,Windows Update Service 选择“删除所选服务”“否”最后重启(每一个逗号隔开的就是一个病毒的服务,请逐一删除)
运行System Repair Engineer,使用“启动项目,注册表”来删除以下选项。
(如果在注册表里无法识别那一下,可以选中一项后,点“编辑”这样会有很明细的路径)
以下项如果你知道就不必修复
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\HBClient\tbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Win service><Winje.exe>(如果你也不知道,建议删除
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Knight V><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft System><lssas.exe>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft Update><msconfg.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<win updates><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<win updates><; wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Processor manager><processor.dll>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OS Updating><sysc0d3.exe>
关闭所有浏览窗口以及一些不必要的程序
运行System Repair Engineer,使用“系统修复,浏览器加载项”来删除以下选项。(如果有的话。
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006424_1100.dll, Microsoft Corporation>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent
NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, TODO: <公司名>>
NewWebController Class]
{9ACEEE30-143F-471A-AA45-72B061FE7D60} <C:\WINDOWS\system32\WinSC.dll, N/A>
[HB
Object Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\tbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
VqqSpeedCtrl Class]
{A162E671-4A6F-4BC0-A598-ED17DFFBDDD7} <C:\WINDOWS\VqqSpeedProxy.dll, >
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示您确定更改时,单击“是”
删除
<C:\WINDOWS\system32\Inte32.dll
C:\PROGRA~1\HBClient
C:\WINDOWS\system32\WinSC.dll
C:\WINDOWS\system32\NaviHelper.dll
C:\Program Files\CoolWebsite
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006424_1100.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\system32\wuamgrd.exe
sysc0d3.exe
processor.dll
wbsys.dll
Winje.exe
C:\WINDOWS\system32\spoolsv删除整个文件
C:\Program Files\Common Files\UPDAT
C:\WINDOWS\system32\msicn
修复完后,请重启。
烦再扫份报告粘上来。
夜笼寒水月笼沙 - 2006-5-25 23:51:00
多谢..先试试
夜笼寒水月笼沙 - 2006-5-26 0:01:00
对了.我IE也无法启动.双击了没反应
我无邪 - 2006-5-26 0:19:00
很可能是垃圾软件的缘故
修复后,重启,请再扫份报告粘上来。
夜笼寒水月笼沙 - 2006-5-26 0:30:00
不好意思.得睡觉了.明天还得去学校..
所以最后一步没做完.不过大部分的程序找不到,
无法删除wbsys.dll
夜笼寒水月笼沙 - 2006-5-26 0:30:00
006-05-26,00:26:07
System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><C:\Program Files\rising\Rfw\rfwmain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Knight V><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft Update><msconfg.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<win updates><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll>
==================================
启动文件夹
服务
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<C:\Program Files\rising\Rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
浏览器加载项
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[迅雷]
{1FBA04EE-3024-11D2-8F1F-000019796948}} <C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe, 深圳市迅雷网络技术有限公司>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[KSHScan Control]
{ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\Downloaded Program Files\GLIEDown.dll, 联众公司>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan
Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO_v07.dll, N/A>
[ActiveMovieControl
Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DTSvc Class]
{2EF14E3B-45CE-45D6-913E-7AA65331A933} <C:\WINDOWS\DTSVC\DTS\DTS.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[QQBrowserHelper
Object Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
夜笼寒水月笼沙 - 2006-5-26 0:30:00
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll] <Stardock><1, 0, 0, 1>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 588][C:\WINDOWS\system32\savedump.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 600][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 744][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 872][C:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 900][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 960][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1032][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1080][C:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1252][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1348][C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe] <Stardock Systems, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 1408][C:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1620][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1712][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 1824][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 504][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1000][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
夜笼寒水月笼沙 - 2006-5-26 0:31:00
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[PID: 1016][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 1296][C:\Program Files\MSN Messenger\MsnMsgr.Exe] <Microsoft Corporation><7.5.0324>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 1324][C:\WINDOWS\system32\devldr32.exe] <Creative Technology Ltd.><1, 0, 0, 17>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\WINDOWS\system32\DEVCON32.DLL] <Creative Technology Ltd.><4.06.651>
[C:\WINDOWS\system32\SFMAN32.DLL] <Creative Technology Ltd.><4.06.501>
[PID: 1344][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3116][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.453\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
夜笼寒水月笼沙 - 2006-5-26 0:31:00
另外我按关机会莫名其妙的重启
我无邪 - 2006-5-26 13:09:00
先把系统病毒解决,再说重启的问题。
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Win service><Winje.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<OS Updating><sysc0d3.exe>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Knight V><wugrds.exe>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft System><lssas.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Microsoft Update><msconfg.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<win updates><wugrds.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<OS Updating><sysc0d3.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Win service><Winje.exe>
这几项依然存在
ALT+CTRL+DELETE调出任务管理器,终止以上所有的进程,如果无法终止,请到http://www.onlinedown.net/soft/43974.htm下载诺顿进程管理器跟着目录,来终止它的进程(安装时请注意,在最后一步记得清除安装垃圾软件的选项,默认是选中的)(lssas.exe这个进程要注意,你不能终止位于C:\WINDOWS\system32里的lssas.exe进程,终止会让你30秒重启)
另建议你重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows,在安全模式解决问题。
修复后,就删除
Winje.exe
sysc0d3.exe
processor.dll
wugrds.exe
msconfg.exe
lssas.exe
wugrds.exe
Winje.exe
以上东东,除非你知道,如果不知,建议删除。
夜笼寒水月笼沙 - 2006-5-26 21:55:00
2006-05-26,21:49:51
System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><C:\Program Files\rising\Rfw\rfwmain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Processor manager><processor.dll>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll>
==================================
启动文件夹
服务
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService]
<C:\Program Files\rising\Rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
浏览器加载项
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[迅雷]
{1FBA04EE-3024-11D2-8F1F-000019796948}} <C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe, 深圳市迅雷网络技术有限公司>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[KSHScan Control]
{ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\Downloaded Program Files\GLIEDown.dll, 联众公司>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan
Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F57} <C:\WINDOWS\system32\ThunderBHO_v07.dll, N/A>
[ActiveMovieControl
Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DTSvc Class]
{2EF14E3B-45CE-45D6-913E-7AA65331A933} <C:\WINDOWS\DTSVC\DTS\DTS.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[QQBrowserHelper
Object Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\System32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
==================================
夜笼寒水月笼沙 - 2006-5-26 21:56:00
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 532][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll] <Stardock><1, 0, 0, 1>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 784][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 860][C:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 988][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1028][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 1044][C:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[C:\Program Files\rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1228][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1316][C:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1472][C:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5303>
[PID: 1648][C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe] <Stardock Systems, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 1744][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[PID: 2008][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINDOWS\System32\nvshell.dll] <NVIDIA Corporation><6.14.10.5303>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.5303>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 368][C:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[PID: 384][C:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
[C:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 836][C:\WINDOWS\system32\devldr32.exe] <Creative Technology Ltd.><1, 0, 0, 17>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\WINDOWS\system32\DEVCON32.DLL] <Creative Technology Ltd.><4.06.651>
[C:\WINDOWS\system32\SFMAN32.DLL] <Creative Technology Ltd.><4.06.501>
[PID: 908][C:\WINDOWS\system32\taskmgr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wbsys.dll] <Stardock.Net, Inc><4, 0, 0, 0>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[PID: 1760][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3212][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
[C:\Program Files\rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[PID: 688][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.343\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBlind.dll] <Stardock.Net, Inc><4.4>
[C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll] <Stardock.Net, Inc><4.01>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
夜笼寒水月笼沙 - 2006-5-26 21:56:00
以上是删除所说的所有程序之后的扫描报告
我无邪 - 2006-5-26 23:34:00
wbsys.dll这个文件没事。
日志似乎没有问题了,请问你的系统正常了吗?
1
© 2000 - 2026 Rising Corp. Ltd.