最近电脑太莫名其妙了老大帮我看看啊 bbs.ikaka.com

没事情做2 - 2006-7-3 21:46:00

Logfile of HijackThis v1.99.1
Scan saved at 21:32:52, on 2006-7-3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] ; internat.exe
O4 - HKLM\..\Run: [KnightIII] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows内存整理] C:\Program Files\Wom\WinMem.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O15 - Trusted IP range: http://10.0.197.101
O15 - Trusted IP range: http://10.0.197.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D2F5A1-5E77-4BF7-9225-C905ADC2E531}: NameServer = 221.12.1.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E26A9A4-2E6A-4B8F-A5A2-338DC592B759}: NameServer = 218.108.248.245 218.108.248.219
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
头疼~~~~~~~~~~~~~~~~

我无邪 - 2006-7-3 22:09:00

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
04C:\WINDOWS\SMSS.EXE
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\NaviHelper.dll
Explorer.exe 搜一下，正常的进程应该是在windows和servicepackfiles\i386下面，如果在其它的地方发现，就删除它们。

你的这个C:\WINDOWS\SMSS.EXE似乎有些不同，但愿只是一般的病毒。修复后，重启。请再扫份日志粘上来。
另附上那个很难缠的病毒的手工查杀方法。

关于这个C:\WINDOWS\SMSS.EXE，修复有些难度的。
看以下的帖子
这个破马早就有。最初见到它是2005年9月22日，我称之为“传奇龙”木马，因为其主体文件的图标是个红色背景的龙，此马属于传奇盗号木马。最近，这个木马的变种又开始流行。这几天在“江民”论坛看到不少人在议论“征途旗帜图标木马——SMSS.EXE”的查杀，搞得很多人头痛！
其实，这个木马还是可以手工杀净的，只是操作比较麻烦。
我最初写的查杀帖子：http://forum.ikaka.com/topic.asp?board=28&artid=7205233
2005-12-4的另一个查杀帖子：http://forum.ikaka.com/topic.asp?board=28&artid=7495863
2006-01-13写的第三个查杀帖子：http://forum.ikaka.com/topic.asp?board=28&artid=7678628
以下是最近写的一个查杀方法

SMSS.EXE手工查杀流程：

1、安装SSM（下载地址：http://www.syssafety.com/files.html。开机后，SSM会有若干此类报警（见图1）。一律按图1所示操作处理。
2、将SREng改名运行（图2），修复主要文件关联。
3、删除木马文件（图3）。
4、清理注册表：
展开HKEY_CLASSES_ROOT\.bfc\ShellNew
将"Command"="%SystemRoot%\\system32\\rundll32.com %SystemRoot%\\system32\\syncui.dll,Briefcase_Create %2!d! %1"中的Command"="%SystemRoot%\\system32\\rundll32.com 删除。
展开HKEY_CLASSES_ROOT\.lnk\ShellNew
将"Command"="rundll32.com appwiz.cpl,NewLinkHere %1"中的rundll32.com删除
展开HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
展开HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
展开HKEY_CLASSES_ROOT\cplfile\shell\cplopen\command
将@="rundll32.com shell32.dll,Control_RunDLL \"%1\",%*"中的rundll32.com 删除
展开HKEY_CLASSES_ROOT\Drive\shell\find\command
将@="%SystemRoot%\\explorer.com"改为@="%SystemRoot%\\explorer.exe"
展开HKEY_CLASSES_ROOT\dunfile\shell\open\command
将@="%SystemRoot%\\system32\\rundll32.com NETSHELL.DLL,InvokeDunFile %1"中的%SystemRoot%\\system32\\rundll32.com删除
展开HKEY_CLASSES_ROOT\ftp\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" %1"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"
展开HKEY_CLASSES_ROOT\htmlfile\shell\open\command
将@="\"C:\\Program Files\\Internet Explorer\\iexplore.com\" -nohome"改为@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
展开HKEY_CLASSES_ROOT\htmlfile\shell\opennew\command
将@="\"C:\\Program Files\\common~1\\iexplore.pif\" %1"改为@="\"C:\\Program Files\\common~1\\iexplore.exe\" %1"
展开HKEY_CLASSES_ROOT\htmlfile\shell\print\command
将@="rundll32.com %SystemRoot%\\system32\\mshtml.dll,PrintHTML \"%1\""中的rundll32.com删除
展开HKEY_CLASSES_ROOT\InternetShortcut\shell\open\command
将@="finder.com shdocvw.dll,OpenURL %l"中的finder.com删除
展开HKEY_CLASSES_ROOT\scrfile\shell\install\command
将@="finder.com desk.cpl,InstallScreenSaver %l"中的finder.com删除
展开HKEY_CLASSES_ROOT\scriptletfile\Shell\Generate Typelib\command
将@="\"C:\\WINDOWS\\system32\\finder.com\" C:\\WINDOWS\\system32\\scrobj.dll,GenerateTypeLib \"%1\""中的\"C:\\WINDOWS\\system32\\finder.com\"删除
展开HKEY_CLASSES_ROOT\telnet\shell\open\command
将@="finder.com url.dll,TelnetProtocolHandler %l"中的finder.com删除
展开HKEY_CLASSES_ROOT\Unknown\shell\openas\command
将@="%SystemRoot%\\system32\\finder.com %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1"中的%SystemRoot%\\system32\\finder.com 删除
展开HKEY_CLASSES_ROOT\winfiles\Shell\Open\Command
删除@="C:\\windows\\ExERoute.exe \"%1\" %*"
展开HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings
删除"GUID"="{C08L95-CW547B-IC74A8-57KU9O-J7M617}"
展开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
删除Tprogram
展开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
删除Tprogram
展开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
将"Shell"="Explorer.exe 1"中的1删除

没事情做2 - 2006-7-3 22:25:00

老大 C:\WINDOWS\SMSS.EXE这个东西我找了找没吗~~~
那个传奇的图表也没了~~~~

我无邪 - 2006-7-3 22:27:00

如果是个传奇的图标，那可能就是它了。
你重启后，看看还有没有它的身影
如果有
建议你使用系统还原来解决问题
如果你的系统还原从未关闭过
你可以这样做
开始，程序，附件，系统工具，系统还原。把系统还原到最早的一个还原点。
如果手动总杀不净，建议你重装系统了事了。

没事情做2 - 2006-7-3 22:41:00

Logfile of HijackThis v1.99.1
Scan saved at 22:30:03, on 2006-7-3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Wom\WinMem.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\NaviHelper.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [internat.exe] ; internat.exe
O4 - HKLM\..\Run: [KnightIII] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows内存整理] C:\Program Files\Wom\WinMem.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O15 - Trusted IP range: http://10.0.197.101
O15 - Trusted IP range: http://10.0.197.102
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D2F5A1-5E77-4BF7-9225-C905ADC2E531}: NameServer = 221.12.1.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E26A9A4-2E6A-4B8F-A5A2-338DC592B759}: NameServer = 218.108.248.245 218.108.248.219
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

没事情做2 - 2006-7-3 22:42:00

白天已经搞过SMSS了现在重新启动后好象没的~~~~

没事情做2 - 2006-7-3 22:43:00

将"Shell"="Explorer.exe 1"中的1删除
这1部我记得很清楚的
开机出现了个无法打开1的提示~~~~

我无邪 - 2006-7-4 0:33:00

你明天上网后，再扫一次日记
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

没事情做2 - 2006-7-4 10:27:00

2006-07-04,10:15:16

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<Apoint><C:\Program Files\Apoint\Apoint.exe> [Alps Electric Co., Ltd.]
<IgfxTray><C:\WINDOWS\System32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [Intel Corporation]
<Dell QuickSet><C:\Program Files\Dell\QuickSet\quickset.exe> []
<SigmaTel StacMon><C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe> [SigmaTel Inc.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<PRONoMgr.exe><c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<internat.exe><; internat.exe> [Microsoft Corporation]
<KnightIII><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey> [Network Associates, Inc.]
<avgnt><"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
<Windows内存整理><C:\Program Files\Wom\WinMem.exe> [鲁锦]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\Userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
<WinlogonNotify: Sebring><c:\WINDOWS\System32\LgNotify.dll> [Intel Corporation]

==================================
启动文件夹
[NkvMon.exe]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\NkvMon.exe.lnk><N>

==================================
服务
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler]
<C:\Program Files\AntiVir PersonalEdition Classic\sched.exe><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService]
<C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe><AVIRA GmbH>
[McAfee Framework 服务 / McAfeeFramework]
<C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Indexing Data / MOBILL]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[O&O Defrag / O&O Defrag]
<C:\WINDOWS\System32\oodag.exe><O&O Software GmbH>
[RegSrvc / RegSrvc]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[StyleXPService / StyleXPService]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[WinKld / WinKld]
<C:\WINDOWS\System32\RunDLL32.exe "C:\PROGRA~1\winkld\winkld.dll",Run -r><N/A>

没事情做2 - 2006-7-4 10:28:00

浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[百万图库]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/star, N/A>
[铃声图片下载]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&Google Search]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&Translate English Word]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[Backward Links]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[Similar Pages]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Translate Page into English]
<res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

没事情做2 - 2006-7-4 10:29:00

正在运行的进程
[PID: 396][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 624][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 648][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[c:\WINDOWS\System32\LgNotify.dll] <Intel Corporation><8, 0, 0, 162>
[PID: 704][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 716][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1312][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1336][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe] <><0, 20, 0, 3000>
[PID: 1364][C:\WINDOWS\System32\S24EvMon.exe] <Intel Corporation ><8, 0, 0, 162>
[PID: 1808][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1824][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 2004][C:\WINDOWS\system32\ZCfgSvc.exe] <Intel Corporation><8, 0, 0, 162>
[C:\WINDOWS\system32\PfMgrApi.dll] <Intel Corporation><8, 0, 0, 162>
[C:\WINDOWS\system32\PsRegApi.dll] <Intel Corporation><8, 0, 0, 162>
[C:\WINDOWS\system32\WConfig.DLL] <Intel Corporation><8, 0, 0, 162>
[C:\WINDOWS\system32\WiFiAdap.DLL] <Intel Corporation><8, 0, 0, 162>
[C:\WINDOWS\system32\PsGuiMgr.dll] <Intel Corporation.><8, 0, 0, 162>
[C:\WINDOWS\system32\C1XStngs.dll] <Intel Corporation><8, 0, 0, 162>
[c:\Program Files\Intel\PROSetWireless\PROSet\CHT\ZcSvcCHT.dll] <Intel Corporation><8, 0, 0, 107>
[c:\Program Files\Intel\PROSetWireless\PROSet\CHT\PmApiCHT.dll] <Intel Corporation><8, 0, 0, 107>
[C:\WINDOWS\system32\S24MUDLL.dll] <Intel Corporation><8, 0, 0, 162>
[c:\Program Files\Intel\PROSetWireless\PROSet\CHT\C1XStCHT.dll] <Intel Corporation><8, 0, 0, 107>
[PID: 912][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1228][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[c:\program files\google\googletoolbar2.dll] <Google Inc.><3, 0, 131, 0>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\System32\rmoc3260.dll] <RealNetworks, Inc.><6.0.9.2049>
[C:\WINDOWS\System32\PNCRT.dll] <Real Networks, Inc><6.0.0.0>
[C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll] <RealNetworks, Inc.><6.0.12.1040>
[C:\Program Files\Common Files\Real\Common\pngu3267.dll] <RealNetworks, Inc.><6.7.0.2419>
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] <RealNetworks, Inc.><6.0.9.3775>
[C:\Program Files\Common Files\Real\Common\objb3201.dll] <RealNetworks, Inc.><0.1.0.6032>
[C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll] <RealNetworks, Inc.><6.0.9.2828>
[C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll] <RealNetworks, Inc.><6.0.9.2793>
[C:\Program Files\Common Files\Real\Common\pnen3260.dll] <RealNetworks, Inc.><10.0.0.654>

没事情做2 - 2006-7-4 10:30:00

[C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll] <RealNetworks, Inc.><10.1.0.536>
[C:\Program Files\Common Files\Real\Plugins\zipf3260.dll] <RealNetworks, Inc.><6.0.8.2259>
[C:\Program Files\Common Files\Real\Plugins\vidsite.dll] <RealNetworks, Inc.><10.0.0.609>
[C:\Program Files\Common Files\Real\Plugins\clntxres.dll] <RealNetworks, Inc.><10.0.0.2358>
[C:\Program Files\Real\RealPlayer\lang\cdplay_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\dbcomp_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\embed_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\pngui_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\pdgenxfer_cn.dll] <N/A><N/A>
[C:\Program Files\Real\RealPlayer\lang\rjctl_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjeq_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjres_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjskin_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjviz_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjfade_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjdlg_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjmisc_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rjprog_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpapp_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpclsvc_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpclutil_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpdemand_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpdsplyr_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpgutil_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpmnpane_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpplylst_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\rpwebctl_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tcdinfo_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tclsvc_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tdwnmgr_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tmp3_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\twave_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\teasdk_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tearm_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\tmdedit_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Real\RealPlayer\lang\mydevices_cn.dll] <RealNetworks, Inc.><6.0.12.298>
[C:\Program Files\Common Files\Real\Plugins\memfsys.dll] <RealNetworks, Inc.><10.0.0.596>
[C:\Program Files\Common Files\Real\Plugins\authmgr.dll] <RealNetworks, Inc.><10.0.0.1055>
[C:\Program Files\Common Files\Real\Codecs\hxltcolor.dll] <RealNetworks, Inc.><10.0.0.466>
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll] <RealNetworks, Inc.><10.0.0.2015>
[C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll] <RealNetworks, Inc.><6.0.9.2745>
[C:\Program Files\Common Files\Real\Plugins\ramfformat.dll] <RealNetworks, Inc.><10.0.0.1454>
[C:\Program Files\Common Files\Real\Plugins\rmfformat.dll] <RealNetworks, Inc.><10.0.0.853>
[C:\Program Files\Common Files\Real\Plugins\rarender.dll] <RealNetworks, Inc.><10.0.0.613>
[C:\Program Files\Common Files\Real\Codecs\cook.dll] <RealNetworks, Inc.><10.0.0.967>
[C:\Program Files\Common Files\Real\Plugins\rvrender.dll] <RealNetworks, Inc.><10.0.0.634>
[C:\Program Files\Common Files\Real\Codecs\RV40.DLL] <RealNetworks, Inc.><10.0.0.1091>
[C:\Program Files\Common Files\Real\Codecs\drvc.dll] <RealNetworks, Inc.><10.0.0.1091>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll] <H+BEDV Datentechnik GmbH><7.00.00.04>
[PID: 1612][C:\Program Files\Apoint\Apoint.exe] <Alps Electric Co., Ltd.><5.5.101.123>
[C:\WINDOWS\System32\VXDIF.DLL] <Alps Electric Co., Ltd.><6.0.2.66>
[C:\Program Files\Apoint\Apoint.DLL] <Alps Electric Co., Ltd.><5.5.104.216>
[C:\Program Files\Apoint\EzAuto.dll] <Alps Electric Co., Ltd.><4.5.1.83>
[C:\Program Files\Apoint\EzLaunch.DLL] <Alps Electric Co., Ltd.><5.5.1.62>
[PID: 1636][C:\WINDOWS\System32\hkcmd.exe] <Intel Corporation><3.0.0.3775>
[C:\WINDOWS\System32\hccutils.DLL] <Intel Corporation><3.0.0.3775>
[C:\WINDOWS\System32\igfxdev.dll] <Intel Corporation><3.0.0.3775>
[C:\WINDOWS\System32\igfxsrvc.dll] <Intel Corporation><3.0.0.3775>
[C:\WINDOWS\System32\igfxres.dll] <Intel Corporation><3.0.0.3775>
[C:\WINDOWS\System32\igfxhk.dll] <Intel Corporation><3.0.0.3775>
[PID: 1648][C:\Program Files\Dell\QuickSet\quickset.exe] <><1, 0, 0, 1>
[C:\WINDOWS\System32\KPOWER.DLL] <Intel Corporation><1, 0, 0, 3>
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] <N/A><N/A>
[PID: 1656][C:\Program Files\SigmaTel\SigmaTel AC97 音频驱动器\stacmon.exe] <SigmaTel Inc.><1, 0, 0, 3>
[PID: 1680][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 1704][C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe] <Avira GmbH><7.00.00.10>
[C:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll] <Avira GmbH><7.00.00.09>
[PID: 1736][C:\Program Files\Wom\WinMem.exe] <鲁锦><2.9.4.712>
[PID: 1784][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1764][C:\Program Files\Apoint\Apntex.exe] <Alps Electric Co., Ltd.><5.0.1.15>
[C:\WINDOWS\System32\VXDIF.DLL] <Alps Electric Co., Ltd.><6.0.2.66>
[PID: 1852][C:\Program Files\Nikon\NkView6\NkvMon.exe] <Nikon Corporation><6, 0, 0, 3000>
[PID: 1948][C:\WINDOWS\System32\conime.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 160][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 244][C:\Program Files\AntiVir PersonalEdition Classic\sched.exe] <Avira GmbH><7.00.00.17>
[C:\Program Files\AntiVir PersonalEdition Classic\schedr.dll] < Avira GmbH><7.00.00.04>
[PID: 264][C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe] <AVIRA GmbH><7.00.00.28>
[C:\Program Files\AntiVir PersonalEdition Classic\GUARDMSG.DLL] <H+BEDV Datentechnik GmbH><7.00.00.04>
[C:\Program Files\AntiVir PersonalEdition Classic\AVPREF.DLL] <Avira GmbH><7.00.00.01>
[C:\Program Files\AntiVir PersonalEdition Classic\SMTPLIB.DLL] <Avira GmbH><1.02.00.08>
[C:\Program Files\AntiVir PersonalEdition Classic\AVEWIN32.DLL] <Avira GmbH><7.1.0.19>
[PID: 240][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe] <Network Associates, Inc.><3.1.1.184>
[C:\Program Files\Network Associates\Common Framework\nailog.dll] <Network Associates, Inc.><3.1.1.159>
[C:\Program Files\Network Associates\Common Framework\naXML.dll] <Network Associates, Inc.><3.1.1.159>
[C:\Program Files\Network Associates\Common Framework\NaiSign.dll] <Network Associates, Inc.><3.1.0.197>
[C:\Program Files\Network Associates\Common Framework\naCmnLib.dll] <Network Associates, Inc.><3.1.1.159>
[C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll] <Network Associates, Inc.><3.1.1.184>
[PID: 312][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL] <N/A><N/A>
[PID: 416][C:\WINDOWS\System32\RegSrvc.exe] <Intel Corporation><8, 0, 0, 162>
[PID: 512][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 568][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 2188][C:\WINDOWS\System32\1XConfig.exe] <Intel><8, 0, 0, 162>
[C:\WINDOWS\System32\IntelAE5.dll] <Meetinghouse Data Communications><1, 42, 19, 1>
[C:\WINDOWS\System32\SSLEAY32.dll] <N/A><N/A>
[C:\WINDOWS\System32\LIBEAY32.dll] <N/A><N/A>
[C:\WINDOWS\System32\PsRegApi.dll] <Intel Corporation><8, 0, 0, 162>
[PID: 3292][C:\Documents and Settings\Administrator\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛