【求助】半个小时了都开不了机,各位高手赶紧帮帮忙吧,快急死了~ bbs.ikaka.com

luna903 - 2006-8-22 22:06:00

替别人弄电脑,结果弄成这这样，我都快郁闷死了,有两个兔子删不掉的流氓软软件:IE插件和MMSAssist。自己用System Repair Engineer删了点东西，不知道是那儿的问题，真的快急死了~ 开机开了半个小时，好不容易弄了份日志，大家赶紧帮我看看吧，要不都不知道还能不能再开机了.....
2006-08-22,22:11:54

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [Intel Corporation]
<High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe> [Windows (R) Server 2003 DDK provider]
<DetectorApp><C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe> []
<hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Development Company, L.P.]
<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<RecGuard><C:\Windows\SMINST\RecGuard.exe> []
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<HP Software Update><; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<QPService><; "C:\Program Files\HP\QuickPlay\QPService.exe"> [CyberLink Corp.]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
<SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [Synaptics, Inc.]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> []
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]
<stdup><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [Intel Corporation]

==================================
启动文件夹
[HP Photosmart Premier 快速启动 ]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Photosmart Premier 快速启动 .lnk><N>

luna903 - 2006-8-22 22:25:00

==================================
服务
[HP WMI Interface / hpqwmi]
<C:\Program Files\HPQ\Shared\hpqwmi.exe><Hewlett-Packard Development Company, L.P.>
[hpqwmiex / hpqwmiex]
<C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe><Hewlett-Packard Development Company, L.P.>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[LightScribeService Direct Disc Labeling Service / LightScribeService]
<"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Core LC / Symantec Core LC]
<"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[USBDeviceService / USBDeviceService]
<C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe><>

==================================
浏览器加载项
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 668][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1160][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1216][C:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1252][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1328][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1416][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1468][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1544][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\webwork\webwork.nls] <MSWebwork Cop.><1, 0, 0, 1>
[C:\PROGRA~1\MMSASS~1\albus.dll] <Albus><1, 0, 0, 2>
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 6>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4421>
[PID: 1592][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1704][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe] <Symantec Corporation><1.9.1.762>
[C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll] <Symantec Corporation><1.9.1.762>
[PID: 1772][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>

luna903 - 2006-8-22 22:25:00

[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1904][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1912][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 2024][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] <><1, 2, 0, 6>
[PID: 236][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] <Hewlett-Packard Company><1.4.52.1>
[PID: 364][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 388][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 448][C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe] <><1, 0, 0, 1>
[PID: 588][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe] <Hewlett-Packard Development Company, L.P.><2, 0, 1, 5>
[PID: 780][C:\WINDOWS\system32\igfxtray.exe] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.4421>
[PID: 740][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4421>
[PID: 820][C:\WINDOWS\system32\igfxpers.exe] <Intel Corporation><3.0.0.4421>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4421>
[PID: 904][C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe] <N/A><1, 0, 0, 6>
[C:\WINDOWS\system32\PX.dll] <Sonic Solutions><2.7.27.500>
[C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorRes_CHS.DLL] <N/A><1, 0, 0, 2>
[C:\WINDOWS\system32\PXDRV.DLL] <Sonic Solutions><1.01.67a>
[C:\WINDOWS\system32\PXMAS.DLL] <Sonic Solutions><2.7.27.500>
[C:\WINDOWS\system32\PXSFS.DLL] <Sonic Solutions><2.7.27.500>
[C:\WINDOWS\system32\PXWAVE.DLL] <Sonic Solutions><2.7.27.500>
[C:\WINDOWS\system32\VXBLOCK.DLL] <Sonic Solutions><1.00.64a>
[PID: 944][C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] <Hewlett-Packard Development Company, L.P.><2, 0, 2, 2>
[PID: 1364][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] <Hewlett-Packard ><5, 20, 7, 1>
[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] <Hewlett-Packard ><5, 20, 6, 2>
[PID: 1512][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2124][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2212][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 2256][C:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 2272][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2564][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fbcee968\mscorlib.dll] <N/A><N/A>
[c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_1d8e872a\system.windows.forms.dll] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ebbb1659\system.drawing.dll] <N/A><N/A>
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_86d30be9\system.dll] <N/A><N/A>
[c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>

luna903 - 2006-8-22 22:26:00

[c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\program files\hp\digital imaging\bin\zh-chs\hpqimzone.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] <Hewlett-Packard Development Company, L.P.><60.0.155.000>
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] <Hewlett-Packard Development Company, L.P.><60.0.155.000>
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b16660a7\system.xml.dll] <N/A><N/A>
[c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll] <LEAD Technologies, Inc.><13.0.0.113>
[c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll] <LEAD Technologies, Inc.><13.0.0.113>
[C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] <LEAD Technologies, Inc.><13.0.0.098>
[c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqtray.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll] <LEAD Technologies, Inc.><13.0.0.113>
[c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll] <LEAD Technologies, Inc.><13.0.0.113>
[c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] < ><4.0.0.0>
[C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\program files\hp\digital imaging\bin\hpqmirsc.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\program files\hp\digital imaging\bin\zh-chs\hpqmirsc.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] <LEAD Technologies, Inc.><13.0.0.113>
[c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] <LEAD Technologies, Inc.><13.0.0.113>
[c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqedit.resources.dll] < ><3.0.0.0>
[c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcc2.resources.dll] < ><3.0.0.0>
[c:\program files\hp\digital imaging\bin\zh-chs\hpqvideo.resources.dll] < ><3.0.0.0>
[c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll] < ><4.0.0.0>
[C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqprrsc.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] < ><3.0.0.0>
[c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcprsc.resources.dll] < ><60.0.83.0>
[c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] <Hewlett-Packard Development Company, L.P.><060.000.155.000>
[c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqisrtb.resources.dll] <Hewlett-Packard Development Company, L.P.><60.0.155.0>
[c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll] <Hewlett-Packard Development Company, L.P.><060.000.087.000>
[c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqbakup.resources.dll] < ><3.0.0.0>
[c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll] <LEAD Technologies, Inc.><13.0.0.113>
[C:\Program Files\HP\Digital Imaging\bin\ltfil13n.dll] <LEAD Technologies, Inc.><13.0.0.113>
[PID: 2692][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2948][C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE] <><1, 0, 0, 6>
[PID: 3240][C:\应用程序\日志扫描工具\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

我无邪 - 2006-8-22 22:55:00

你的兔子是不是最新版的，如果是，MMSASS~1应该可以卸载的
如果你不确定是不是最新版本，我建议你卸载兔子，再下载安装。
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
C:\WINDOWS\webwork\webwork.dll
重启后删除
C:\WINDOWS\webwork
你多试试吧，卸载不了，试着进安全模式
实在搞不定，用HP的系统还原吧。

luna903 - 2006-8-22 23:11:00

我这就去试,可是现在这样究竟是为什么呢?是因为这两个流氓软件还是我删错东西了? 现在的电脑重启真的好慢...

我无邪 - 2006-8-22 23:15:00

启动慢很可能是杀软间的冲突，我建议你到安全模式下删除诺顿。
流氓软件的问题，我建议你下载是新版的兔子

luna903 - 2006-8-22 23:23:00

可我已经卸了诺顿了阿，而且是用在这里：http://service1.symantec.com/SUPPORT/INTER/simplifiedchinesekb.nsf/863a019c303e610a85256b7b0065a58a/c43fd85e13172d8f88256fee00641498?OpenDocument下载的卸载工具卸的，难道还没删干净？那该怎么卸啊？

病毒初学者 - 2006-8-23 1:29:00

诺顿?好久没用了下载最新的兔子

Art - 2006-8-23 13:42:00

最好在安全模式下！

我无邪 - 2006-8-23 21:21:00

我建议你再次安装诺顿，然后再安全模式下卸载

smflash - 2006-8-23 21:42:00

【推荐】推荐一篇文章，很有看头，可惜是英文的，有原文链接

原文链接：http://www.hijackthis-forum.de/showthread.php?t=1760

welcome to HijackThis.de Support Board

Do you need some help and no helper is online?
You don't know what to do with this viruses on your computer and there is no one you can ask?

Well, just for you I have written this First-Help-Tutorial. Reading this, you will learn how to help yourself. We will come back soon and see that you already have done your best.

First of all, you should visit this page: English-Help. Have you already been here? Ok. So you know more about Hijack This. But you don't know anything about how to get rid of your problem, right? Well, you can read this: Security Tips. Are you afraid that your problem is so great that you will have to format your system? On this Board we try to do our best that no one must format a system. Sometimes it's not possible to avoid formatting. But in the most cases we succeed in giving help.

So let's find out, what we can do for you, dear Guest.

Please visit Know how - HijackThis to learn more about our Board, our Team and about the way we want you to post your logfiles.

Please post your HijackThis-Logfile to your own new thread on the English-Board. Now, come here and browse your HijackThis Logfile from your computer into the window of the Analysis. Well, now you will see some different symbols:

- - -

If you have red and yellow symbols in your HijackThis Logfile, you may already begin with the first steps, until someone of us comes back to help you.

STEP 1
Make sure you set windows to see the hidden files and folders.

Note: Using Windows XP or ME:
Having cleaned up your system you must do this: turn off System Restore. Right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Reboot. Turn System Restore Back On. Right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK.

The first thing you can do, as you have got some malware on your system, is: turn your system back to an earlier System Restore Point. It can help you to get rid off all the malware without doing anything else.

STEP 2
Please let us begin to clean up your system.
Create some new directories (folders) - Windows Tutorial)

C:\download
C:\bases
C:\badthings

STEP 3
Load down this security software for free to C:\download:

zipgenius (if you have no zip-tool)
Disk Cleaner
eScan
Spybot Search and Destroy (install and update it)
Ad-Aware SE and the Add-ons (VX2 Cleaner) (install and update it)
SpywareBlaster to protect your Browsers (install and update it)
Autostart Viewer
Winpooch
CWShredder (install and update it)
DElLATER.ZIP install it to your desktop!

STEP 4
Run now first the DElLATER.exe on your system.
Don't wonder. Nothing happens. You must only click "ok". That's all. That's ok.
DelLater is the ideal program to use when you can't delete a file, no matter how hard you try.

STEP 5
Close down all programs, all windows including the Internet Explorer.
Run CWShredder Put a Checkmark to Move CWS Files found .. ->Fix!

STEP 6
Run the Disk Cleaner
Have a look to the screenshot. Set a checkmark to every item you want to clean:
Temporary Internet Files and Temporary System Files, Cache, History and Prefetch (WindowsXP) must be cleaned up.
Clean up as much folders as you can clean.

Note: Every time you have finished your work on the Internet, please clean up your system with one of the Cleaning-Tools you can find here: Free Helper Tools

Don't shut your system down without having cleaned up the traces of the Internet. This will help you to avoid problems.

STEP 7
(MUST!)Turn to safe mode

STEP 8
a) Run Ad-Aware SE - Tutorial
All red Items must be green ones. Please use the VX2 Cleaner.
Take a Full System Scan. Let the program delete everything it finds.
It's finished? Well, then......

b) Run Spybot Search and Destroy - Tutorial
Put a checkmark into all boxes.
Let the program delete everything it finds. Get the immunication for your system.

Turn your system back to Normal Mode.

STEP 9
(Either STEP 9 or STEP 10 -> you don't need to do both STEPs, because the eScan works with the same signatures as KAV does)

Run the eScan. As you open this link you will learn all about how to work with the famous eScan and how to get rid off the malware found on your system without that you need to buy this program.

STEP 10
(Either STEP 10 or STEP 9 -> you don't need to do both STEPs, because the eScan works with the same signatures as KAV does)

As you have got some worms and trojans on your system, you may want to load down a free Trial version of www.kaspersky.com (KAV). Update the program online.

NOTE: you may not run two AV-Programs with On-Access-Scanners at the same time. Please disable your own AV-Program using KAV. Otherwise your system could crash.

Now turn off your computer and remove the network cable/phone line from your machine. Reboot your computer into Safe Mode Scan your system with Kaspersky in Safe Mode. Let the program delete everything it finds. Save the logfile or copy all information about everything what has been deleted by KAV and paste it to you thread.

STEP 11
Having done all of this, you have done a lot. And now you have lost a lot of your problems, don't you? Please don't leave us. Scan your system online for free: Free Online-Scans

You will find Online-Scans for all kinds of malware. Please use minimally three different Online Scans, because they all work with different signatures. May be one Online Scan finds something else than the other one. That's normal, that's ok. Take FullSystemScans and allow the Online-Scans to delete all malware they find. Save the logfiles.

May I give you the advice to scan your system at first with:

* http://housecall.trendmicro.com or housecall.trendmicro for NOT-IE
* Panda ActiveScan
* http://bitdefender.com/scan/licence.php

As you want to know which threats are still left on your system, please control it with the
Kaspersky Online Scanner

Please reboot your system everytime when one scan is finished. You will have to allow ActiveX and set your IE settings to Standard for scanning online. The Panda Scan needs about 2 hours to do his work. Post all the results to your thread. You may want to take the "edit" or "ändern" Button to edit your postings.

Don't forget to configure the IE with these Settings when the Online Scans are finished.

Do you want to scan only one file for free?

o virusscan.jotti.dhs.org
o Virustotal
o www.kaspersky.com
o www.virus112.nu
o IKARUS Free Online-Scanner
o Dr.Web® anti-virus-scan
o clamav online specimen scanner

Report all the results into your thread on Board.

Also if you belong to those ones who have got problems whith Pop-Ups and Promotion what means that you have some kinds of malware on your system, mostly ad- or spyware, you may want to have a look to this Thread because you will find there many different programs helping you to get rid off many Pests:

- Free Ad- and Spyware Protection Tools

Don't forget the Online-Scans against Ad- and Spyware:

- Free Online-Scans for Ad- and Spyware

Are you looking for a Remover for some kind of a very dangerous malware? You will find a list of different Removers here:

- Malware Removal-Tools.

Please click onto the links to get more information.

Can't you find these strange programs and processes of your system anywhere? Only if you are not able to find back these files anywhere else, because it is really new malware, please use:

Upload malicious software
.

Do you need a Scout on our Board? Find it here:

- Remover, AV, Ad-/Spyware.

STEP 12
Please visit Microsoft's windowsupdate site to load down the newest version of the service pack (Windows XP SP2): www.windowsupdate.com-SP2, please run the intern firewall of SP2. You can also visitwww.windowsupdate.com. Note: it's very important that Windows and the Internet Explorer are updated with all patches and with all Updates. Take once more a look here:Security Tips. Did you know that there are programs to make the Internet Explorer more safe? Did you know about alternative Browsers which avoid all these troubles you have? Please have a look to the Free Helper Tools where you can find alternative Browsers, secure Messenger Programs and even a secure MP3 Player. You can already begin to load down all these things which you must have to surf safely on the WorldWideWeb.

Do you want to know more about these strange files on your system? You can find some information here:

- ProcessLibrary
- I am not a geek
- Processes in Windows NT/2000/XP
- Google

Did you found out that you need an AntiVirus but you have no one? There are AntiVirus Programs for free, with On-Access-Scanners. You need one of these programs running in the background as you are working online. They can protect your work. But you need to configure these programs. Take the settings to delete malware. Don't forget to clean up the content of the Quarantine-Folders as Malware has been removed into these folders. Find all information about AntiVirus Programs, Freeware and Trial Versions here:

- Anti-Malware (free)

Do you know that you need a well configured Firewall running on your system?
You can get all information about Firewalls here:

- Firewalls & Information.

Please don't forget: You are the one who must protect his system. Programs can help you. But as you don't know anything about the risks on the Internet, your programs are not able to protect you. Please read:

Why did I get infected in the first place.
So how did I get infected in the first place?.

Well, by the moment I'm not able to do more for you.

瑞星卡卡安全论坛