机子有这个木马，应该关闭那些服务，高手解答啊！ bbs.ikaka.com

zhangyouyou - 2006-7-28 21:34:00

2006-07-28,21:08:31

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
<91cast><; > []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Winpatch AutoUpdate><C:\WINNT\system32\IEXPLORE.EXE> []
<Load><rundll32 "C:\WINNT\Downloaded Program Files\NProtect.dll",NProtect> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> [www.yok.com]
<spoolsv><; C:\WINNT\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<bgoomain.exe><; C:\PROGRA~1\baigoo\bgoomain.exe> [BGoo]
<Desktop><; C:\WINNT\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> []
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [ ]
<CnsMin><; Rundll32.exe C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<MoveSearch><C:\Program Files\HuaCi\huaci\zsearch.exe> [中搜在线]
<MiniPPGou.exe><; C:\Program Files\MiniPPGou\MiniPPGou.exe> []
<winlass><; C:\Program Files\Outlook Express\winlass.exe> [ ]
<helper.dll><; C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<91cast><; > []
<RavTimer><C:\Program Files\Rising\Rav\RavTimer.exe> [Beijing Rising Technology Co., Ltd.]
<RavMon><C:\Program Files\Rising\Rav\RavMon.exe -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe> [Beijing Rising Technology Corporation Limited]
<Super Rabbit SRRestore><; C:\Program Files\Super Rabbit\Superr\SRRest.exe /autosave> [Super Rabbit Soft]
<SOUNDM><winsmd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<SoundMix><rundll32.exe C:\WINNT\system32\soundmix.dll,Load> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ffdffm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB525181M.LOG> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Vision><> []
<DVDBurn><C:\WINNT\Downloaded Program Files\AfxEdit.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

zhangyouyou - 2006-7-28 21:34:00

==================================
启动文件夹
[DuDu下载加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DuDu下载加速器.lnk><H>
[IE-BAR]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\IE-BAR.lnk><H>
[腾讯QQ]
<C:\Documents and Settings\Iralewes\「开始」菜单\程序\启动\腾讯QQ.lnk><H>
[腾讯QQ珊瑚虫版]
<C:\Documents and Settings\Iralewes\「开始」菜单\程序\启动\腾讯QQ珊瑚虫版.lnk><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft AntiVirus Service / KAVSvc]
<><N/A>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
<C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Te1net / Te1net]
<C:\WINNT\System32\VIPTray.exe><N/A>
[Windows Audio Server / Windows Audio Server]
<C:\WINNT\system32\drwatsn.exe><N/A>

==================================

zhangyouyou - 2006-7-28 21:34:00

浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <, N/A>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <, N/A>
[Adobe-Plugins Manager]
{2AFA7CEC-26D9-4256-AF57-497A13180BA5} <, N/A>
[BrowserHelper Class]
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <, N/A>
[DDDMon Class]
{6BDE1669-B490-48E3-B668-456314F2D6C3} <, N/A>
[珊瑚虫工具栏]
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <, N/A>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <, N/A>
[IEHlprObj Class]
{D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[珊瑚虫工具栏]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <, N/A>
[系统标准按钮(&E)]
{6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINNT\system32\SystemToolbar.dll, N/A>
[IE标准栏]
{954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINNT\system32\amstreamxb.dll, >
[Downloader Class]
{5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINNT\system32\iMopDl.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINNT\system32\pcastctl.dll, >
[&使用DuDu 加速器下载]
<res://C:\Program Files\DuDu\DddClient\dddmext.dll/202, N/A>
[&使用DuDu 加速器下载全部链接]
<res://C:\Program Files\DuDu\DddClient\dddmext.dll/203, N/A>
[&使用迅雷下载]
<C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A>
[&使用迷你屁屁狗[PPGou]加速下载]
<C:\Program Files\MiniPPGou\geturl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[反向链接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[易趣购物]
<C:\Program Files\AD4All\link1\ebaylink.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎收藏+]
<http://myweb.cn.yahoo.com/post.html?F=D2_A, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[珊瑚虫搜索]
<C:\Program Files\YOK.com\SuperSearch\yoksch.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
[类似网页]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================

zhangyouyou - 2006-7-28 21:35:00

==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 172][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4113>
[PID: 228][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 240][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 384][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4113>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 472][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 512][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 576][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 632][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 652][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 85>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 0>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 80>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 81>
[PID: 800][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 860][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 908][C:\WINNT\System32\VIPTray.exe] <N/A><N/A>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 956][C:\WINNT\system32\VKTServ.exe] <Microsoft Corporation><1.1.2600.2180>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1020][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1048][C:\WINNT\system32\mspmspsv.exe] <Microsoft Corporation><7.10.00.3059>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1068][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1096][C:\WINNT\System32\locator.exe] <Microsoft Corporation><5.00.2195.6619>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1208][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4113>

zhangyouyou - 2006-7-28 21:36:00

[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1256][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINNT\Downloaded Program Files\swflash.dll] <N/A><N/A>
[C:\WINNT\system32\soundmix.dll] <><1, 4, 0, 0>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINNT\system32\KB5251816.LOG] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] <N/A><N/A>
[C:\WINNT\system32\ext\DTSM.dll] <N/A><N/A>
[C:\WINNT\system32\ext\dtdl.dll] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[PID: 1396][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1428][C:\Program Files\Rising\Rav\RavTimer.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 30>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 15>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 39>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 1476][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 99>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[PID: 1508][C:\WINNT\system32\rundll32.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\Downloaded Program Files\NProtect.dll] <N/A><N/A>
[PID: 1552][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[PID: 1624][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[PID: 1180][C:\Program Files\河南铁通宽带拨号软件\HNMainUI.exe] <N/A><2, 3, 0, 1>
[C:\Program Files\河南铁通宽带拨号软件\HNKernel.dll] <HelloNet><2.2.0.1>
[C:\Program Files\河南铁通宽带拨号软件\HNUtils.dll] <N/A><2, 2, 0, 1>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\Program Files\河南铁通宽带拨号软件\HNRes_0804.dll] <N/A><2, 2, 0, 1>
[C:\Program Files\河南铁通宽带拨号软件\plugins\Diagnose.dll] <HelloNet><2.2.0.1>
[PID: 940][C:\WINNT\system32\conime.exe] <Microsoft Corporation><5.00.2195.6655>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[PID: 1784][D:\download\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\download\QQ\CoralAssist.DLL] <Coral Team><4.5.0 build 20060515>
[D:\download\QQ\CoralQQ.DLL] <Coral Team><4.5.1 Build 20060620>
[D:\download\QQ\ipsearcher.dll] <N/A><1.0.0.4>
[D:\download\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[D:\download\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\download\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\download\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\download\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\download\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\download\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\download\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\download\QQ\CQQApplication.dll] <N/A><N/A>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[D:\download\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\download\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\download\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[D:\download\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\download\QQ\GroupLive.dll] <N/A><N/A>
[D:\download\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\download\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQPlugin.dll] <N/A><N/A>
[D:\download\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\download\QQ\SCCore.dll] <N/A><N/A>
[D:\download\QQ\QQCustomFace.dll] <N/A><N/A>
[D:\download\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\download\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\download\QQ\QRingMng.dll] <N/A><N/A>
[D:\download\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\download\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\download\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINNT\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[D:\download\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQAvatar.dll] <N/A><N/A>
[D:\download\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\download\QQ\BQQApplication.dll] <N/A><N/A>
[D:\download\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[D:\download\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\download\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\download\QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\download\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[D:\download\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 5, 50>
[D:\download\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[C:\WINNT\system32\KIme.ime] <金山软件公司><1, 0, 0, 1>
[PID: 1232][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[D:\download\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2176][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[PID: 2180][C:\DOCUME~1\Iralewes\LOCALS~1\Temp\Rar$EX02.609\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINNT\KB525181M.LOG] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\cdnspie.dll] <><2, 1, 0, 3>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\WINNT\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>

zhangyouyou - 2006-7-28 21:36:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

天天泡泡 - 2006-7-28 21:37:00

[Te1net / Te1net]
<C:\WINNT\System32\VIPTray.exe><N/A>
在这呢，禁用Te1net服务。

还有一个：
[Windows Audio Server / Windows Audio Server]
<C:\WINNT\system32\drwatsn.exe><N/A>

zhangyouyou - 2006-7-28 21:41:00

禁用的方法呢？

我无邪 - 2006-7-28 22:08:00

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Te1net，选择“删除服务”点“设置”选择“否”

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后
关掉所有浏览窗口。
ALT+CTRL+DELETE调出任务管理器,终止所有IEXPLORE.EXE，winlass.exe的进程，如果有的话。
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
C:\WINNT\system32\IEXPLORE.EXE
C:\WINNT\Downloaded Program Files\NProtect.dll
C:\Program Files\Outlook Express\winlass.exe
C:\WINNT\system32\soundmix.dll
C:\WINNT\Downloaded Program Files\AfxEdit.dll

运行(双击)System Repair Engineer，使用“启动项目，注册表”选中要修复的项
KB525181M.LOG
，点“编辑”在“值”里删除KB525181M.LOG

重启后删除
C:\WINNT\KB525181M.LOG
C:\WINNT\System32\VIPTray.exe
C:\WINNT\system32\IEXPLORE.EXE
C:\WINNT\Downloaded Program Files\NProtect.dll
C:\Program Files\Outlook Express\winlass.exe
C:\WINNT\system32\soundmix.dll
C:\WINNT\Downloaded Program Files\AfxEdit.dll

关于这一项
C:\WINNT\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\ffdffm.exe
看以下的帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8122808
都修复后，重启。
请再扫份日志粘上来。

zhangyouyou - 2006-7-29 17:36:00

2006-07-29,17:22:21

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [Microsoft Corporation]
<svc><C:\WINNT\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Winpatch AutoUpdate><C:\WINNT\system32\IEXPLORE.EXE> []
<Load><rundll32 "C:\WINNT\Downloaded Program Files\NProtect.dll",NProtect> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RavTimer><C:\Program Files\Rising\Rav\RavTimer.exe> [Beijing Rising Technology Co., Ltd.]
<RavMon><C:\Program Files\Rising\Rav\RavMon.exe -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe> [Beijing Rising Technology Corporation Limited]
<SOUNDM><winsmd.exe> []
<MSService_v1.0><C:\WINNT\system\realsched.exe> []
<Desktop><C:\WINNT\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> []
<LetsCool><C:\Program Files\LetsCool\LetsCool.exe> []
<bgoomain.exe><C:\Program Files\baigoo\bgoomain.exe> []
<svc><C:\WINNT\svchost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<SoundMix><rundll32.exe C:\WINNT\system32\soundmix.dll,Load> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DVDBurn><C:\WINNT\Downloaded Program Files\AfxEdit.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]

zhangyouyou - 2006-7-29 17:36:00

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\Iralewes\「开始」菜单\程序\启动\腾讯QQ.lnk><H>
[腾讯QQ珊瑚虫版]
<C:\Documents and Settings\Iralewes\「开始」菜单\程序\启动\腾讯QQ珊瑚虫版.lnk><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINNT\system32\ati2sgag.exe><>
[Logical Disk Manager Administrative Service / dmadmin]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft AntiVirus Service / KAVSvc]
<><N/A>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
<C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Te1net / Te1net]
<C:\WINNT\System32\VIPTray.exe><N/A>
[Windows Audio Server / Windows Audio Server]
<C:\WINNT\system32\drwatsn.exe><N/A>

==================================

zhangyouyou - 2006-7-29 17:37:00

浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Downloader Class]
{5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINNT\system32\iMopDl.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[百度--地图搜索]
<RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_MAP.HTM, N/A>
[百度--知道搜索]
<RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM, N/A>
[百度--硬盘搜索]
<RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_DISK.HTM, N/A>
[百度--站内搜索]
<RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_SITE.HTM, N/A>

==================================

zhangyouyou - 2006-7-29 17:38:00

正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\csrss.exe] <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\winlogon.exe] <Microsoft Corporation><5.00.2195.6898>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINNT\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4113>
[PID: 216][C:\WINNT\system32\services.exe] <Microsoft Corporation><5.00.2195.6700>
[C:\WINNT\system32\dmserver.dll] <VERITAS Software Corp.><2195.6605.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe] <Microsoft Corporation><5.00.2195.6902>
[PID: 340][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4113>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 436][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 460][C:\WINNT\system32\spoolsv.exe] <Microsoft Corporation><5.00.2195.6659>
[PID: 504][C:\WINNT\System32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 568][C:\WINNT\system32\regsvc.exe] <Microsoft Corporation><5.00.2195.6701>
[PID: 600][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 85>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 0>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 80>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 81>
[PID: 648][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <rising><17, 0, 0, 1>
[PID: 680][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 95>
[C:\PROGRAM FILES\RISING\RAV\guidll.dll] <rising><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] <rising><17, 0, 0, 39>
[C:\Program Files\Rising\Rav\Scanner.dll] <Rising><17, 0, 0, 33>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 15>
[C:\Program Files\Rising\Rav\libload.dll] <Rising><17, 0, 0, 12>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Rising><17, 0, 0, 25>
[C:\PROGRAM FILES\RISING\RAV\MailMon.dll] < ><17, 0, 0, 6>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] <N/A><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] < ><17, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] <rising><17, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] <北京瑞星><17, 3, 0, 8>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Rising><17, 0, 0, 10>
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
[C:\Program Files\Rising\Rav\engine.dll] <rising><17, 0, 0, 32>
[C:\Program Files\Rising\Rav\UnExe.dll] <Rising><17, 0, 0, 23>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Rising><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\NvFile.dll] <瑞星><17, 0, 0, 13>
[C:\Program Files\Rising\Rav\ScanMac.dll] <rising><17, 0, 0, 6>
[C:\Program Files\Rising\Rav\ScanSct.dll] <rising><17, 0, 0, 15>
[C:\Program Files\Rising\Rav\ScanExec.dll] <N/A><17, 0, 0, 15>
[C:\Program Files\Rising\Rav\Unpacker.dll] <rising><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <rising><17, 0, 0, 12>
[PID: 712][C:\WINNT\system32\MSTask.exe] <Microsoft Corporation><4.71.2195.6704>
[PID: 748][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 808][C:\WINNT\system32\VKTServ.exe] <Microsoft Corporation><1.1.2600.2180>
[PID: 848][C:\WINNT\System32\WBEM\WinMgmt.exe] <Microsoft Corporation><1.50.1085.0100>
[PID: 860][C:\WINNT\system32\mspmspsv.exe] <Microsoft Corporation><7.10.00.3059>
[PID: 872][C:\WINNT\system32\svchost.exe] <Microsoft Corporation><5.00.2134.1>
[PID: 892][C:\WINNT\System32\locator.exe] <Microsoft Corporation><5.00.2195.6619>

zhangyouyou - 2006-7-29 17:38:00

[PID: 992][C:\WINNT\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4113>
[C:\WINNT\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2496>
[PID: 1024][C:\WINNT\Explorer.EXE] <Microsoft Corporation><5.00.3700.6690>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINNT\Downloaded Program Files\swflash.dll] <N/A><N/A>
[C:\WINNT\system32\soundmix.dll] <><1, 4, 0, 0>
[C:\WINNT\system32\KB5251816.LOG] <N/A><N/A>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINNT\system32\ext\DTSM.dll] <N/A><N/A>
[C:\WINNT\system32\ext\dtdl.dll] <N/A><N/A>
[PID: 1120][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3208>
[PID: 1144][C:\Program Files\Rising\Rav\RavTimer.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 30>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 15>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 39>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[PID: 1168][C:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 1, 0>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 39>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\Program Files\Rising\Rav\PngDll.dll] <Rising><17, 0, 0, 2>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 15>
[PID: 1176][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 99>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[PID: 1036][C:\WINNT\system\realsched.exe] <N/A><N/A>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1200][C:\WINNT\system32\rundll32.exe] <Microsoft Corporation><5.00.2134.1>
[C:\WINNT\Downloaded Program Files\NProtect.dll] <N/A><N/A>
[PID: 1216][C:\WINNT\system32\internat.exe] <Microsoft Corporation><5.00.2920.0000>
[PID: 976][C:\Program Files\河南铁通宽带拨号软件\HNMainUI.exe] <N/A><2, 3, 0, 1>
[C:\Program Files\河南铁通宽带拨号软件\HNKernel.dll] <HelloNet><2.2.0.1>
[C:\Program Files\河南铁通宽带拨号软件\HNUtils.dll] <N/A><2, 2, 0, 1>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\河南铁通宽带拨号软件\HNRes_0804.dll] <N/A><2, 2, 0, 1>
[C:\Program Files\河南铁通宽带拨号软件\plugins\Diagnose.dll] <HelloNet><2.2.0.1>
[PID: 924][D:\download\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\download\QQ\CoralAssist.DLL] <Coral Team><4.5.0 build 20060515>
[D:\download\QQ\CoralQQ.DLL] <Coral Team><4.5.1 Build 20060620>
[D:\download\QQ\ipsearcher.dll] <N/A><1.0.0.4>
[D:\download\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[C:\WINNT\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[D:\download\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\download\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\download\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\download\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\download\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\download\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\download\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\download\QQ\CQQApplication.dll] <N/A><N/A>
[D:\download\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\download\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\download\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\download\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINNT\system32\msdmo.dll] <N/A><N/A>
[D:\download\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\download\QQ\GroupLive.dll] <N/A><N/A>
[D:\download\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\download\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQPlugin.dll] <N/A><N/A>
[D:\download\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\download\QQ\QRingMng.dll] <N/A><N/A>
[D:\download\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\download\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\download\QQ\QQAvatar.dll] <N/A><N/A>
[D:\download\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\download\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\download\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\download\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\download\QQ\SCCore.dll] <N/A><N/A>
[D:\download\QQ\QQCustomFace.dll] <N/A><N/A>
[C:\WINNT\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[D:\download\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\download\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\download\QQ\BQQApplication.dll] <N/A><N/A>
[D:\download\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\download\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\download\QQ\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\download\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[D:\download\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 5, 50>
[D:\download\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[PID: 332][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[D:\download\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1152][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 1552][C:\DOCUME~1\Iralewes\LOCALS~1\Temp\Rar$EX01.937\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛