【原创】dwin.exe是什么？ bbs.ikaka.com

风吹吹吹吹 - 2006-8-19 12:47:00

这是我的日志
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 12:29:48, on 2006-08-19
Platform: Microsoft Windows XP Professional (Build 2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000 (xpclient.010817-1148))

Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = D:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = D:\WINDOWS\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = D:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "D:\Program Files\Rising\Rav\CCenter.exe"

[SVCHOST.EXE]
CommandLine = D:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = D:\WINDOWS\System32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = D:\WINDOWS\System32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmond.exe"

[RFWSRV.EXE]
CommandLine = "d:\program files\rising\rfw\rfwsrv.exe"

[SPOOLSV.EXE]
CommandLine = D:\WINDOWS\system32\spoolsv.exe

[NVSVC32.EXE]
CommandLine = D:\WINDOWS\System32\nvsvc32.exe

[SVCHOST.EXE]
CommandLine = D:\WINDOWS\System32\svchost.exe -k imgsvc

[SCVHOST.EXE]
CommandLine = "D:\WINDOWS\system32\scvhost.exe"

[RavStub.exe]
CommandLine = "D:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[Explorer.EXE]
CommandLine = D:\WINDOWS\Explorer.EXE

[conime.exe]
CommandLine = D:\WINDOWS\System32\conime.exe

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RfwMain.exe]
CommandLine = "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup

[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[ctfmon.exe]
CommandLine = "D:\WINDOWS\System32\ctfmon.exe"

[Vm_sti.exe]
CommandLine = "D:\WINDOWS\VM_STI.EXE" BigDogPath

[QQ.exe]
CommandLine = "E:\Tencent\qq20050610\2\QQ.exe"

[TIMPlatform.exe]
CommandLine = E:\Tencent\qq20050610\2\TIMPlatform.exe -Embedding

[BitComet.exe]
CommandLine = "E:\BitComet2\BitComet.exe"

风吹吹吹吹 - 2006-8-19 12:47:00

继续：

[realsched.exe]
CommandLine = "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -startedByApp

[Rav.exe]
CommandLine = "D:\Program Files\Rising\Rav\Rav.exe"

[TTraveler.exe]
CommandLine = "E:\Tencent\tt1\TTraveler.exe"

[dwin.exe]
CommandLine = c:\dwin.exe

[dwin.exe]
CommandLine = c:\dwin.exe

[KkScan.exe]
CommandLine = "H:\kaka上网助手\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=D:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\KuGoo3\KuGoo3DownXControl.ocx
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\System32\KakaTool.dll
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [NMGameX_AutoRun] D:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\qq20050610\2\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - F:\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\qq20050610\2\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\qq20050610\2\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\qq20050610\2\SendMMS.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A78A2F0-FE76-476A-8832-47860B83AD88}: NameServer = 202.99.160.68 202.99.166.4
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - D:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - D:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\System32\wiascr.dll
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Human Interface Device Access (HidServ) - - D:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: Window Remote Process (Window Remote Process) - - D:\WINDOWS\System32\scvhost.exe"

风吹吹吹吹 - 2006-8-19 15:01:00

郁闷了~~~自己再顶一下~~~~

westbeck - 2006-8-19 15:12:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．
不是要卡卡的日志...

风吹吹吹吹 - 2006-8-20 0:18:00

对不起，麻烦了，我发你说的那个，麻烦再看一次呵呵
2006-08-20,00:06:25

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<NMGameX_AutoRun><D:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa> [NMGameX]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><APIHookDll.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><; RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SoundMan><; SOUNDMAN.EXE> [Avance Logic, Inc.]

==================================
启动文件夹
服务
[IMAPI CD-Burning COM Service / ImapiService]
<D:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc]
<D:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Window Remote Process / Window Remote Process]
<"D:\WINDOWS\system32\scvhost.exe"><N/A>

==================================
浏览器加载项
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <F:\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<E:\Tencent\qq20050610\2\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<F:\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<E:\Tencent\qq20050610\2\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Tencent\qq20050610\2\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Tencent\qq20050610\2\SendMMS.htm, N/A>

风吹吹吹吹 - 2006-8-20 0:20:00

正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 492][\??\D:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 516][\??\D:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 560][D:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 572][D:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 736][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 788][D:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 804][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 884][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 940][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 960][D:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[D:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[D:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[D:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
[D:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[D:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1072][d:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[d:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[d:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[d:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[d:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[d:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1192][D:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1316][D:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5656>
[PID: 1352][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1376][D:\WINDOWS\system32\scvhost.exe] <N/A><N/A>
[PID: 1532][D:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
还有一部分

风吹吹吹吹 - 2006-8-20 0:21:00

最后一部分：
[PID: 1904][D:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[D:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[h:\bak\WinRAR\rarext.dll] <N/A><N/A>
[F:\KuGoo3\KuGoo3DownXControl.ocx] <N/A><N/A>
[PID: 244][d:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
[d:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 328][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 692][D:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 828][D:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[PID: 840][D:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1000][D:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[D:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[D:\WINDOWS\System32\VM31bPrp.Ax] <VM><4.2.815.31>
[PID: 776][E:\Tencent\qq20050610\2\QQ.exe] <TENCENT><0, 0, 0, 0>
[E:\Tencent\qq20050610\2\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQHelperDll.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[E:\Tencent\qq20050610\2\QQAPI.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\TIMProxy.dll] <tencent><0, 3, 2, 4>
[E:\Tencent\qq20050610\2\LoginCtrl.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[E:\Tencent\qq20050610\2\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[E:\Tencent\qq20050610\2\QQRes.dll] <tencent><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQMainFrame.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\CQQApplication.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\NewSkin.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\HostingMgr.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\CameraDll.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\MailSummary.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQSpace.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQAllInOne.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\SCCore.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QQConfigPlugin.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\PhoneAPI.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[E:\Tencent\qq20050610\2\QQAvatar.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\FlashAvatarDll.dll] <><1, 4, 0, 1>
[E:\Tencent\qq20050610\2\BQQApplication.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QQPlugin.dll] <N/A><N/A>
[D:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[E:\Tencent\qq20050610\2\CommercesMng.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[E:\Tencent\qq20050610\2\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[E:\Tencent\qq20050610\2\QQSceneMng.dll] <N/A><N/A>
[D:\WINDOWS\System32\msdmo.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QRingMng.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QQGroupMng.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\LongConnection.dll] <tencent><0, 3, 3, 8>
[E:\Tencent\qq20050610\2\UserDefinedHead.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQSysMsgMng.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QQCustomFace.dll] <N/A><N/A>
[E:\Tencent\qq20050610\2\QQPet.dll] <><1, 0, 0, 1>
[E:\Tencent\qq20050610\2\QQFileTransfer.dll] <Tencent><5, 0, 202, 40>
[D:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[E:\Tencent\qq20050610\2\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[PID: 968][E:\Tencent\qq20050610\2\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[E:\Tencent\qq20050610\2\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3324][E:\Tencent\tt1\TTraveler.exe] <腾讯公司><3.1.0.256>
[E:\Tencent\tt1\Plugins\QQFloatBar\QQFloatBar4TT2.dll] <腾讯公司><1, 1, 0, 5>
[E:\Tencent\tt1\Plugins\TWeather\TWeather.dll] <><1, 0, 0, 3>
[E:\Tencent\tt1\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[D:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 2508][H:\bak\扫描日志\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

yanmings - 2006-8-20 0:22:00

在SRE中删除这个服务[Window Remote Process / Window Remote Process]

风吹吹吹吹 - 2006-8-20 2:03:00

老大~~~能不能告诉我 SER 是个什么东东啊？？？
我真不知道，不要笑话俺啊嘿嘿

羽当以化 - 2006-8-20 2:09:00

希望楼主可以找到那个文件
压缩加密（密码123）发到yuhua1987@126.com
谢谢

SER
就是你扫日志的工具
SERng

风吹吹吹吹 - 2006-8-20 12:09:00

我最近每次启动机器，瑞星都会提示有病毒，名字是：Trojan.DL.VB.cfw，存在于D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EERJ4FHC。我的XP是装在D盘里的，可是我找不到这个路径。在瑞星提示中我选择的删除，而不是杀毒，杀完以后就不出现dwin.exe这个进程了。另外还有一些别的病毒，我给您复制过来麻烦帮看下：
病毒名称
Trojan.DL.ConHook.am
Trojan.DL.DrSmart.m
Trojan.DL.ConHook.am
Trojan.JS.Psyme.e
Trojan.JS.Psyme.e
Trojan.PSW.ZhengTu.bx
Trojan.DL.DrSmart.m
Dropper.Misc.al
Dropper.Agent.bsq
Backdoor.BlackHole.ax
Adware.Dinkum.a
Adware.Dinkum.a
Trojan.DL.ConHook.am
Backdoor.BlackHole.ax
Trojan.DL.ConHook.am
Trojan.DL.DrSmart.m
Backdoor.Gpigeon.zzj
Trojan.PSW.LMir.kgy
Trojan.DL.Agent.izx
Trojan.DL.Tiny.fzf
Backdoor.AgoBot.hgj
Trojan.Clicker.VB.ur
Trojan.DL.VB.ccu
Trojan.DL.VB.ccv
Trojan.DL.VB.cfw
Trojan.DL.VB.cct
Trojan.DL.VB.cct
Trojan.Clicker.VB.ur
Trojan.DL.Adload.ms
Trojan.DL.VB.ccu
Trojan.DL.VB.ccv
Trojan.DL.VB.cfw
Trojan.DL.VB.cfw
Trojan.DL.VB.cfw
Trojan.DL.VB.cfw
Trojan.DL.Adload.ms
谢谢~~~这是我从杀毒历史中找到的。每次杀基本都有。呵呵~~

瑞星卡卡安全论坛