求救！机子中了Trojan.dl等病毒瑞星杀后，使用WinsockXPFix也不行 bbs.ikaka.com

erickvirus - 2006-7-28 15:19:00

你好！

我大体按照下面这个方法删除病毒，修复机子，其中没有找到upfdll.dll这个文件,最后也用WinsockXPFix修复，但是仍然不能上网~~求救~~~

引用:

运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常
进入控制面版的添加删除程序中卸载，搜搜地址栏搜索(QQ搜索小助手)

请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
运行LSPFix.exe
删除
upfdll.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\PROGRA~1\TENCENT\Adplus
C:\WINDOWS\system32\upfdll.dll
修复后，请重启。
如果无法上网，请运行WinsockXPFix，让它修复一下
烦再扫份日志粘上来。

我的当前日志。机子是IBM t43：

2006-07-28,14:52:04

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations

Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\System32\ctfmon.exe) [Microsoft Corporation]
(LocalSystem)(C:\WINDOWS\system\svchost.exe) []
(caidiysetup)(; C:\temp\diynetsetupuni.exe) []
(googletalk)(; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart) [Google]
(MSNShell)(; ) []
(MyShares)(; c:\program Files\易虎\MyShares.exe /tray) []
(NetSP - restore settings on power failure)(; "C:\Program Files\AT&T Network Client\NetSP.exe" -show) [AT&T]
(VoipDiscount)(; "D:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized) [VoipDiscount]
(Yahoo! Pager)(; D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(ccApp)("C:\Program Files\Common Files\Symantec Shared\ccApp.exe") [Symantec Corporation]
(vptray)(C:\PROGRA~1\SYMANT~1\VPTray.exe) [Symantec Corporation]
(KernelFaultCheck)(%systemroot%\system32\dumprep 0 -k) []
(TPHOTKEY)(C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe) []
(C4EBReg)("C:\Program Files\c4ebreg\c4ebreg.exe" /q) [IBM Global Services]
(Isamtray)("C:\Program Files\c4ebreg\isamtray.exe") [IBM Global Services]
(ISSI EZUpdate Service)("c:\sdwork\issimsvc.exe") [IBM Global Services]
(RfwMain)("d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(spoolsv)(; C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer) []
(SOUNDM)(winsmd.exe) []
(BMMGAG)(; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor) [IBM Corp.]
(BMMLREF)(; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE) []
(BMMMONWND)(; rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor) []
(ControlCenter)(; "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup) [UPEK Inc.]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(iTunesHelper)(; "D:\Program Files\iTunes\iTunesHelper.exe") [Apple Computer, Inc.]
(MoveSearch)(; C:\Program Files\HuaCi\huaci\zsearch.exe) []
(MSPY2002)(; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC) []
(PHIME2002A)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [Microsoft Corporation]
(PHIME2002ASync)(; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [Microsoft Corporation]
(Picasa Media Detector)(; D:\Program Files\Picasa2\PicasaMediaDetector) []
(PigUpdate)(; ) []
(QuickTime Task)(; "C:\Program Files\QuickTime\qttask.exe" -atboottime) [Apple Computer, Inc.]
(res)(; ) []
(RichMedia)(; C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows) []
(stgclean)(; c:\sdwork\w32main2.exe /cleanup) [IBM Global Services]
(TotalRecorderScheduler)(; "d:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe") [High Criteria inc.]
(UpdateManager)(; "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r) [Sonic Solutions]
(YLive.exe)(; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe) [ ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(KB853957M.LOG) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(GinaDLL)(vrlogon.dll) [UPEK Inc.]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(DVDBurn)(C:\WINDOWS\Downloaded Program Files\AfxEdit.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
(WinlogonNotify: tphotkey)(tphklock.dll) []
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\UD.SCR) [International Business Machines Corporation]

--------------------------------------------------------------------------------

Startup Folders

Services

[ACU Configuration Service / ACS]
(C:\WINDOWS\System32\acs.exe)(N/A)
[Adobe LM Service / Adobe LM Service]
("C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe")(Adobe Systems)
[Ati HotKey Poller / Ati HotKey Poller]
(C:\WINDOWS\System32\Ati2evxx.exe)(ATI Technologies Inc.)
[Bluetooth Service / btwdins]
(C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe)(WIDCOMM, Inc.)
[C-DillaSrv / C-DillaSrv]
(C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE)(C-Dilla Ltd)
[Symantec Event Manager / ccEvtMgr]
("C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe")(Symantec Corporation)
[Symantec Password Validation / ccPwdSvc]
("C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe")(Symantec Corporation)
[Symantec Settings Manager / ccSetMgr]
("C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe")(Symantec Corporation)
[Cryptographic Transer Services / Cryptsvcer]
(C:\Program Files\Common Files\Update.exe)(N/A)
[Symantec AntiVirus Definition Watcher / DefWatch]
("C:\Program Files\Symantec AntiVirus\DefWatch.exe")(Symantec Corporation)
[IBM PM Service / IBMPMSVC]
(C:\WINDOWS\System32\ibmpmsvc.exe)(N/A)
[InstallDriver Table Manager / IDriverT]
("C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe")(Macrovision Corporation)
[iPodService / iPodService]
(C:\Program Files\iPod\bin\iPodService.exe)(Apple Computer, Inc.)
[IBM Standard Asset Manager Service / ISAMSvc]
(C:\Program Files\c4ebreg\c4ebreg.exe)(IBM Global Services)
[Indexing Data / iSPONER]
(C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087)(N/A)
[ISSI EZUpdate / ISSIMon]
(c:\sdwork\issimsvc.exe)(IBM Global Services)
[ldlcserv / ldlcserv]
(C:\WINDOWS\System32\Drivers\ldlcserv.exe)(IBM Corporation)
[Macromedia Licensing Service / Macromedia Licensing Service]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")(N/A)
[Multi-user Cleanup Service / Multi-user Cleanup Service]
(C:\notes\ntmulti.exe)(IBM Corp)
[Network Configuration Service / NetCfgSvr]
(C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE)(AT&T)
[QCONSVC / QCONSVC]
(System32\QCONSVC.EXE)(IBM Corp.)
[RegSrvc / RegSrvc]
(C:\WINDOWS\System32\RegSrvc.exe)(Intel Corporation)
[Rising Proxy Service / RfwProxySrv]
(d:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService]
(d:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[RsRavMon Service / RsRavMon]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[Spectrum24 Event Monitor / S24EventMonitor]
(C:\WINDOWS\System32\S24EvMon.exe)(Intel Corporation)
[SavRoam / SavRoam]
("C:\Program Files\Symantec AntiVirus\SavRoam.exe")(symantec)
[Symantec Network Drivers Service / SNDSrvc]
("C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe")(Symantec Corporation)
[Symantec AntiVirus / Symantec AntiVirus]
("C:\Program Files\Symantec AntiVirus\Rtvscan.exe")(Symantec Corporation)
[IBM KCU Service / TpKmpSVC]
(C:\WINDOWS\system32\TpKmpSVC.exe)(N/A)
[TrcBoot / TrcBoot]
(C:\WINDOWS\System32\drivers\trcboot.exe)(IBM Corporation)
[TrueVector Internet Monitor / vsmon]
(C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service)(Zone Labs Inc.)
[Protector Suite Virtual Token / vtserver]
(C:\Program Files\Common Files\Virtual Token\vtserver.exe)(UPEK Inc.)
[VNC Server / winvnc]
("C:\Program Files\ORL\VNC\WinVNC.exe" -service)(AT&T Research Labs Cambridge)

erickvirus - 2006-7-28 15:21:00

Browser Add-ons

[HelperObject Class]
{00C6482D-C502-44C8-8409-FCE54AD9C208} (D:\Program Files\TechSmith\SnagIt 88\SnagItBHO.dll, TechSmith Corporation)
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} (C:\WINDOWS\System32\wmpdrm.dll, N/A)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (D:\Program Files\Tencent\qq\QQIEHelper.dll, ??????????????)
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} (C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions)
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[闪客精灵]
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} (, N/A)
[????????]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} (C:\Program Files\KOS\KOSIEBar.dll, ??????????)
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!)
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} (D:\Program Files\TechSmith\SnagIt 88\SnagItIEAddin.dll, TechSmith Corporation)
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (C:\WINDOWS\opuc.dll, Microsoft Corporation)
[&??????]
(8E405-C6DE-49FF-83AE-41EE9F4C36CE}, N/A)
[&??????????]
(, N/A)
[Add to QQ Customized Panel]
(D:\Program Files\Tencent English version\qq\AddPanel.htm, N/A)
[Add to QQ Emoticons]
(D:\Program Files\Tencent English version\qq\AddEmotion.htm, N/A)
[Send picture by MMS]
(D:\Program Files\Tencent English version\qq\SendMMS.htm, N/A)
[Send the Picture by QQ MMS]
(D:\Program Files\Tencent English version\qq\SendMMS.htm, N/A)
[闪客精灵]
(d:\Program Files\SourceTec\sothinkflash\InternetExplorer.htm, N/A)
[使用网际快车下载]
(D:\Program Files\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(D:\Program Files\FlashGet\jc_all.htm, N/A)
[???QQ????]
(, N/A)
[????????]
(, N/A)
[????????????]
(, N/A)
[??? Microsoft Excel(&x)]
(, N/A)
[???QQ?????]
(, N/A)
[???QQ??]
(, N/A)
[?QQ???????]
(, N/A)

--------------------------------------------------------------------------------

Running Processes

[PID: 772][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 856][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 896][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.1557 (xpsp2_gdr.040517-1325))
[C:\WINDOWS\System32\vrlogon.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\IBM fingerprint software\ExtVapi.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\psutil.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\resmgr.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\Remote.dll] (UPEK Inc.)(4.5.3.167)
[C:\WINDOWS\system32\tphklock.dll] (N/A)(N/A)
[C:\Program Files\Common Files\Virtual Token\passport.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\psdlg.dll] (UPEK Inc.)(4.5.3.167)
[PID: 940][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 976][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 1140][C:\Program Files\Common Files\Virtual Token\vtserver.exe] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\psutil.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\passport.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\DevTc.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\BTcVer.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\Remote.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\config.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\LocPass.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\SBioPass.dll] (UPEK Inc.)(4.5.3.167)
[C:\Program Files\Common Files\Virtual Token\AlgVer.dll] (UPEK Inc.)(4.5.3.167)
[PID: 1160][C:\WINDOWS\System32\ibmpmsvc.exe] (N/A)(N/A)
[PID: 1188][C:\WINDOWS\System32\Ati2evxx.exe] (ATI Technologies Inc.)(6.14.10.4110)
[C:\WINDOWS\System32\Ati2edxx.dll] (ATI Technologies, Inc.)(6, 14, 10, 2495)
[PID: 1224][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 1268][C:\Program Files\Rising\Rav\CCenter.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[PID: 1284][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 1384][C:\WINDOWS\System32\S24EvMon.exe] (Intel Corporation )(8, 1, 0, 49a)
[PID: 1968][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 2008][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 2024][C:\Program Files\Rising\Rav\Ravmond.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 29)
[C:\Program Files\Rising\Rav\BWList.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RsLog.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 20)
[C:\Program Files\Rising\Rav\HOOKSYS.dll] (Rising)(18, 1, 0, 9)
[C:\Program Files\Rising\Rav\Scanner.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 30)
[C:\Program Files\Rising\Rav\libload.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\VirusLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\Program Files\Rising\Rav\regmon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\HookWeb.dll] (rising)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\MemMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\Program Files\Rising\Rav\expscan.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\mPorts.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 3)
[C:\Program Files\Rising\Rav\MailMon.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\Program Files\Rising\Rav\SpamEng.dll] (N/A)(18, 0, 0, 6)
[C:\Program Files\Rising\Rav\engine.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 30)
[C:\Program Files\Rising\Rav\PostTrt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\Program Files\Rising\Rav\UnExe.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanExec.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\ScanEx.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\NvFile.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 7)
[C:\Program Files\Rising\Rav\ScanMac.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 8)
[C:\Program Files\Rising\Rav\ScanSct.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 17)
[C:\Program Files\Rising\Rav\Unpacker.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[C:\Program Files\Rising\Rav\ExtOLE.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[PID: 236][d:\program files\rising\rfw\rfwsrv.exe] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 32)
[d:\program files\rising\rfw\RfwRule.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 13)
[d:\program files\rising\rfw\rfwlog.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 6)
[d:\program files\rising\rfw\Rfwdrv.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 21)
[d:\program files\rising\rfw\MonDrv.dll] (rs)(1, 0, 0, 4)
[d:\program files\rising\rfw\ProcLib.dll] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 9)
[PID: 604][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] (Symantec Corporation)(2.2.2.008)
[PID: 656][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(2.2.2.008)
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] (Symantec Corporation)(2.2.2.008)
[PID: 688][C:\Program Files\Rising\Rav\RavStub.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[PID: 1908][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2800.1221 (xpsp2.030511-1403))
[C:\WINDOWS\Downloaded Program Files\swflash.dll] (N/A)(N/A)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] (Yahoo!)(2, 1, 8, 1048)
[C:\WINDOWS\system32\dla\tfswshx.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\System32\tfswapi.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\system32\dla\tfswcres.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\system32\RavExt.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 21)
[PID: 2040][C:\WINDOWS\System32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.1106 (xpsp1.020828-1920))
[PID: 1784][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.1699 (xpsp2.050610-1533))
[C:\WINDOWS\system32\bthcrp.dll] (WIDCOMM, Inc.)(1.4.2 Build 18)
[C:\WINDOWS\system32\WidcommSdk.dll] (WIDCOMM, Inc.)(1.4.2 Build 18)
[C:\WINDOWS\system32\wbtapi.dll] (WIDCOMM, Inc.)(1.4.2 Build 18)

erickvirus - 2006-7-28 15:21:00

[C:\WINDOWS\system32\selnt.dll] (N/A)(N/A)
[C:\WINDOWS\system32\pdclntif.dll] (N/A)(N/A)
[C:\WINDOWS\system32\pdprDlg.dll] (N/A)(N/A)
[C:\WINDOWS\system32\pdresrc.dll] (N/A)(N/A)
[C:\WINDOWS\system32\psmmonnt.dll] (N/A)(N/A)
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmpcl2pp.dll] (Lexmark International, Inc.)(7.1)
[PID: 492][d:\program files\rising\rfw\RfwMain.exe] (Beijing Rising Technology Co., Ltd.)(4, 0, 0, 51)
[d:\program files\rising\rfw\RsGuiLib.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 23)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[d:\program files\rising\rfw\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[d:\program files\rising\rfw\PngDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[PID: 808][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL] (Symantec Corporation)(2.0.39.0)
[C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL] (Symantec Corporation)(2.0.39.0)
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] (Symantec Corporation)(2.2.2.008)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] (Symantec Corporation)(2.2.2.008)
[C:\WINDOWS\System32\SYMREDIR.dll] (Symantec Corporation)(5.3.6.13)
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] (Symantec Corporation)(2.2.2.008)
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] (Symantec Corporation)(9.0.3.1000)
[PID: 1084][C:\PROGRA~1\SYMANT~1\VPTray.exe] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] (Symantec Corporation)(9.3.0.28)
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] (Symantec Corporation)(9.0.3.1000)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] (Symantec Corporation)(9.0.3.1000)
[PID: 1588][C:\WINDOWS\System32\drivers\trcboot.exe] (IBM Corporation)(5060.0.2226.456)
[PID: 1848][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] (N/A)(N/A)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] (N/A)(N/A)
[C:\WINDOWS\System32\Oemdspif.dll] (ATI Technologies, Inc.)(6.14.0011)
[C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll] (N/A)(N/A)
[PID: 1360][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe] (N/A)(N/A)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[PID: 1364][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe] (IBM Corporation)(1.06)
[PID: 1700][C:\Program Files\Rising\Rav\RavTask.exe] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 22)
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\Program Files\Rising\Rav\CfgDll.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\Program Files\Rising\Rav\RsCommX.dll] (rising)(18, 0, 0, 1)
[PID: 444][C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe] (WIDCOMM, Inc.)(1.4.2 Build 18)
[PID: 2300][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE] (C-Dilla Ltd)(3.24.010)
[PID: 2320][C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\DEFSECUR.DLL] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\MILLUTIL.DLL] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSWLIB.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSPREF.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSCLIB.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSMSG.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSW32X.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSWLIBI.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\NODEINIT.DLL] (IBM Corporation)(5060.0.2226.456)
[C:\WINDOWS\System32\NSTRC.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\SPELLING.DLL] (IBM Corporation)(5060.0.2226.456)
[C:\WINDOWS\System32\FMT_UTIL.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\PCSCAPI.dll] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\OOCSVCS2.dll] (N/A)(N/A)
[C:\Program Files\IBM\Personal Communications\MESSAGE.DLL] (IBM Corporation)(5060.0.2226.456)
[C:\Program Files\IBM\Personal Communications\MSGIO.dll] (IBM Corporation)(5060.0.2226.456)
[PID: 2672][C:\Program Files\Symantec AntiVirus\DefWatch.exe] (Symantec Corporation)(9.0.3.1000)
[PID: 2676][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[PID: 2740][C:\Program Files\c4ebreg\c4ebreg.exe] (IBM Global Services)(6.00)
[C:\Program Files\c4ebreg\osprules.dll] (IBM Global Services)(1.8)
[C:\Program Files\c4ebreg\python23.dll] (Python Software Foundation)(2.3.4)
[C:\Program Files\c4ebreg\pmemw.dll] (N/A)(N/A)
[PID: 3884][c:\sdwork\issimsvc.exe] (IBM Global Services)(2.11)
[PID: 468][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] (Microsoft Corporation)(7.00.9466)
[PID: 1492][C:\notes\ntmulti.exe] (IBM Corp)(7.0.00.5226)
[PID: 2052][C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE] (AT&T)(6.4.0.3000)
[C:\PROGRA~1\AT&TNE~1\NetClient.dll] (AT&T)(6.4.1.2004)
[C:\WINDOWS\System32\vsdata.dll] (Zone Labs Inc.)(5.2.059.000)
[C:\WINDOWS\System32\VSINIT.dll] (Zone Labs Inc.)(5.2.059.000)
[PID: 2228][C:\WINDOWS\System32\QCONSVC.EXE] (IBM Corp.)(3, 5, 3, 0)
[PID: 2540][C:\WINDOWS\System32\RegSrvc.exe] (Intel Corporation)(8, 1, 0, 49a)
[PID: 2916][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.0 (xpclient.010817-1148))
[PID: 1464][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] (Symantec Corporation)(9.0.3.1000)
[C:\WINDOWS\System32\CBA.DLL] (Intel?Corporation)(6.12.0.130 E)
[C:\WINDOWS\System32\MsgSys.dll] (Intel?Corporation)(6.12.0.130 E)
[C:\WINDOWS\System32\NTS.dll] (Intel?Corporation)(6.12.0.130 E)
[C:\WINDOWS\System32\PDS.DLL] (Intel?Corporation)(6.12.0.130 E)
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\ecmldr32.DLL] (Symantec Corp.)(1.1.0.3)
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] (Symantec Corporation)(9.3.0.28)
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] (Symantec Corporation)(9.0.3.1000)
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060601.019\ecmsvr32.dll] (Symantec Corporation)(61.1.0.11)
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060601.019\NAVEX32a.DLL] (Symantec Corporation)(20061.1.0.14)
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060601.019\NAVENG32.DLL] (Symantec Corporation)(20061.1.0.14)
[C:\Program Files\Symantec AntiVirus\IMail.dll] (Symantec Corporation)(9.0.3.1000)

erickvirus - 2006-7-28 15:22:00

[C:\Program Files\Symantec AntiVirus\NotesExt.dll] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\vpmsece2.dll] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] (Symantec Corporation)(9.0.3.1000)
[C:\Program Files\Symantec AntiVirus\DecSDK.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2ID.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2SS.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2CAB.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2LHA.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2LZ.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2AMG.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2TAR.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2RTF.dll] (Symantec Corporation)(3.02.12.09)
[C:\Program Files\Symantec AntiVirus\Dec2Text.dll] (Symantec Corporation)(3.02.12.09)
[PID: 3488][C:\WINDOWS\system32\TpKmpSVC.exe] (N/A)(N/A)
[PID: 3528][C:\WINDOWS\System32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: dnsrv(bld4act))
[PID: 3556][C:\WINDOWS\system32\ZoneLabs\vsmon.exe] (Zone Labs Inc.)(3.5.175.057)
[C:\WINDOWS\System32\VSUTIL.dll] (Zone Labs Inc.)(3.5.175.057)
[C:\WINDOWS\system32\ZoneLabs\VSDB.dll] (Zone Labs Inc.)(3.5.175.057)
[C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL] (Zone Labs Inc.)(3.5.175.057)
[C:\WINDOWS\system32\ZoneLabs\html.tdr] (Zone Labs Inc.)(3.5.175.057)
[C:\WINDOWS\System32\vsdata.dll] (Zone Labs Inc.)(5.2.059.000)
[C:\WINDOWS\System32\VSINIT.dll] (Zone Labs Inc.)(5.2.059.000)
[C:\WINDOWS\system32\ZoneLabs\ssleay32.dll] (Zone Labs Inc.)(3.5.175.057)
[PID: 3740][C:\Program Files\ORL\VNC\WinVNC.exe] (AT&T Research Labs Cambridge)(3, 3, 3, 9)
[C:\Program Files\ORL\VNC\VNCHooks.dll] (AT&T Research Labs Cambridge)(3, 3, 3, 6)
[C:\Program Files\ORL\VNC\omnithread_rt.dll] (N/A)(N/A)
[PID: 3768][C:\WINDOWS\System32\Drivers\ldlcserv.exe] (IBM Corporation)(5060.0.2226.456)
[PID: 2944][D:\Anti-virus\WinsockXPFix.exe] (Option^Explicit Software Solutions)(1.01.0013)
[PID: 2208][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL] (N/A)(N/A)
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] (N/A)(N/A)
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] (N/A)(N/A)
[D:\Program Files\TechSmith\SnagIt 88\SnagItIEAddin.dll] (TechSmith Corporation)(1.0.6)
[D:\Program Files\TechSmith\SnagIt 88\SnagItIEAddinRes.dll] (TechSmith Corporation)(1.0.6)
[D:\Program Files\TechSmith\SnagIt 88\SnagItBHO.dll] (TechSmith Corporation)(1.0.1)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] (Yahoo!)(2, 1, 8, 1048)
[D:\Program Files\Tencent\qq\QQIEHelper.dll] (??????????????)(1, 1, 0, 5)
[C:\WINDOWS\system32\dla\tfswshx.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\System32\tfswapi.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\system32\dla\tfswcres.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\Program Files\Rising\Rav\RavScrCh.dll] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[PID: 3336][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106 (xpsp1.020828-1920))
[C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL] (N/A)(N/A)
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] (N/A)(N/A)
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] (N/A)(N/A)
[D:\Program Files\TechSmith\SnagIt 88\SnagItIEAddin.dll] (TechSmith Corporation)(1.0.6)
[D:\Program Files\TechSmith\SnagIt 88\SnagItIEAddinRes.dll] (TechSmith Corporation)(1.0.6)
[D:\Program Files\TechSmith\SnagIt 88\SnagItBHO.dll] (TechSmith Corporation)(1.0.1)
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] (Yahoo!)(2, 1, 8, 1048)
[D:\Program Files\Tencent\qq\QQIEHelper.dll] (??????????????)(1, 1, 0, 5)
[C:\WINDOWS\system32\dla\tfswshx.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\System32\tfswapi.dll] (Sonic Solutions)(1.04.07a)
[C:\WINDOWS\system32\dla\tfswcres.dll] (Sonic Solutions)(1.04.07a)
[PID: 3904][D:\Anti-virus\sreng2\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\WINDOWS\System32\DrvTrNTm.dll] (High Criteria inc.)(5, 2, 0, 1)
[C:\WINDOWS\System32\DrvTrNTl.dll] (High Criteria inc.)(5, 2, 0, 1)

--------------------------------------------------------------------------------

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

--------------------------------------------------------------------------------

Winsock Provider

谢谢！！！！

瑞星卡卡安全论坛