绿伞变红伞，瑞星一启动就被强制关闭、紧急求助！附日志【求助】 bbs.ikaka.com

honeyxu - 2006-9-8 18:36:00

绿伞变红伞，瑞星一启动就被强制关闭、优化大师、IE修复专家打不开，紧急求助！附日志
大虾们，救救我！
在线等！
Logfile of HijackThis v1.99.1
Scan saved at 18:00:32, on 2006-9-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\rising\Rav\RavTask.exe
C:\WINDOWS\system\realsched.exe
D:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R3 - Default URLSearchHook is missing
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5048.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: google bar - {607E95A1-8F89-4343-B9BC-2EFC2B291BB4} - C:\WINDOWS\system32\googlebar.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC32.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\DBINT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll
O2 - BHO: 51导航 - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯qq.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: tbs - {3E4CEC51-CD44-4C57-8C52-B9597836C866} - E:\DOWNLO~1\光馀盘蘚\房康地夭产鷡~1\TbsPlug.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ClipBook (ClipSrv) - SMSoft - C:\WINDOWS\system32\SVCH0ST.EXE
O23 - Service: IPSEC Manager - Unknown owner - C:\WINDOWS\vcdplay
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\Ravmond.exe

honeyxu - 2006-9-8 18:38:00

还有只要打开IE的话,就会弹出网页,我现在都不敢打开IE了,都是用FIREFOX的!

lichen2651 - 2006-9-8 18:39:00

全全模式下修复瑞星，然后重启，再进安全模式下在添加删除程序中完全卸载瑞星，重启后进正常模式安装瑞星。

如果操作正常的话，通常绿伞都会重现。但破坏瑞星监控的病毒就请高手来解决吧！

honeyxu - 2006-9-8 18:44:00

谢谢，那为什么还有那么多网页会弹出来呀！

westbeck - 2006-9-8 19:00:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．
有些问题，配合这个日志一起解决吧

honeyxu - 2006-9-8 19:07:00

引用:

【westbeck的贴子】请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．
有些问题，配合这个日志一起解决吧
………………

好的,我现在就去

zzq11211 - 2006-9-8 19:11:00

O2 - BHO: 51导航 - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll 病毒

honeyxu - 2006-9-8 19:12:00

2006-09-08,18:59:13

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RavTask><"D:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<MSService_v1.0><C:\WINDOWS\system\realsched.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<{1A404685-7563-4d02-B0F6-58B308A406A9}><d:\program files\rising\rav\giaqibls.dll> []
<{5ABC9058-B89D-4DE8-A060-A586EA168798}><C:\WINDOWS\System32\mslkcjn.dll> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\ACDSee.scr> [ACD Systems]

honeyxu - 2006-9-8 19:15:00

==================================
启动文件夹
[腾讯qq]
<C:\Documents and Settings\LHSW-1104\「开始」菜单\程序\启动\腾讯qq.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ClipBook / ClipSrv]
<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>
[IPSEC Manager / IPSEC Manager]
<C:\WINDOWS\vcdplay><N/A>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

honeyxu - 2006-9-8 19:15:00

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5048.dll, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[google bar]
{607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINDOWS\DBINT.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Sun Java2]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\COMBoHEvent.dll, N/A>
[51导航]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5048.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[google bar]
{607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINDOWS\DBINT.dll, N/A>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Sun Java2]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <c:\WINDOWS\system32\COMBoHEvent.dll, N/A>
[51导航]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[&使用迅雷下载]
<, N/A>
[&使用迅雷下载全部链接]
<, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

honeyxu - 2006-9-8 19:16:00

==================================
正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 548][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 692][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][D:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 896][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1060][D:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[PID: 1200][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1248][D:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1352][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1448][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1780][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0>
[PID: 1964][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\icm32.dll] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\WinSC32.dll] <N/A><N/A>
[PID: 984][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1672][D:\Program Files\rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1692][C:\WINDOWS\system\realsched.exe] <N/A><N/A>
[PID: 1708][D:\Program Files\rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
[D:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1724][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1764][C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe] <N/A><N/A>
[C:\WINDOWS\system32\astavoip.dll] <N/A><N/A>
[PID: 1824][D:\Program Files\Mozilla Firefox\firefox.exe] <Mozilla Corporation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\js3250.dll] <Netscape Communications Corporation><4.0>
[D:\Program Files\Mozilla Firefox\nspr4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\xpcom_core.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\plc4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\plds4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\smime3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\nss3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\softokn3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\ssl3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\xpcom_compat.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\components\DSMozilla1_5.dll] <Baidu><2, 1, 0, 0>
[D:\Program Files\Mozilla Firefox\xpcom.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\components\jar50.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[C:\Documents and Settings\LHSW-1104\Application Data\Mozilla\Firefox\Profiles\t81eutqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] <N/A><N/A>
[D:\Program Files\Mozilla Firefox\nssckbi.dll] <Netscape Communications Corporation><1.53>
[C:\Documents and Settings\LHSW-1104\Application Data\Mozilla\Firefox\Profiles\t81eutqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] <N/A><N/A>
[D:\Program Files\Mozilla Firefox\components\ThunderComponent.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 7>
[D:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] <N/A><N/A>

honeyxu - 2006-9-8 19:17:00

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

发完了,谢谢大虾们!

honeyxu - 2006-9-8 19:35:00

没有人帮帮偶吗?

有毒必问 - 2006-9-8 19:40:00

在安全模式下

取消启动
MSService_v1.0><C:\WINDOWS\system\realsched.exe> []

删除文件

C:\Program Files\Internet Explorer\PLUGINS\new123.sys
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\system32\WinSC32.dll
C:\WINDOWS\system\realsched.exe
C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe

文件关联
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]

停止服务
[IPSEC Manager / IPSEC Manager]
<C:\WINDOWS\vcdplay><N/A>

[ClipBook / ClipSrv]
<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>(不肯定,很可疑)

westbeck - 2006-9-8 19:59:00

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
ALT+CTRL+DELETE调出任务管理器,终止realsched.exe进程
用HJ修复：
R3 - Default URLSearchHook is missing
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5048.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC32.dll
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:\WINDOWS\DBINT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll
O2 - BHO: 51导航 - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll
O2 - BHO: Subconscious Intruder - {E2218499-2FD4-4EED-A94A-7F0B9C6E300E} - C:\WINDOWS\system32\Inte32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
运行System Repair Engineer，使用“系统修复，文件关联“修复所有文件关联
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务IPSEC Manager / IPSEC Manager选择“删除服务”点“设置”选择“否”
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项
<MSService_v1.0><C:\WINDOWS\system\realsched.exe>
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<{1A404685-7563-4d02-B0F6-58B308A406A9}><d:\program files\rising\rav\giaqibls.dll> []
<{5ABC9058-B89D-4DE8-A060-A586EA168798}><C:\WINDOWS\System32\mslkcjn.dll>
显示隐藏文件删除：
C:\WINDOWS\system32\WinSC32.dll
c:\WINDOWS\system32\COMBoHEvent.dll
C:\WINDOWS\system32\browsewmzero.dll
C:\WINDOWS\system\realsched.exe
C:\Program Files\Internet Explorer\PLUGINS\new123.sys
d:\program files\rising\rav\giaqibls.dll
C:\WINDOWS\System32\mslkcjn.dll
C:\WINDOWS\vcdplay
运行超级兔子,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载

westbeck - 2006-9-8 20:00:00

请问楼主知道这些是什么吗：
C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe
[ClipBook / ClipSrv]
<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>

起死回生 - 2006-9-8 20:28:00

瑞星杀毒软件监控程序（任务栏中图标是“绿色雨伞”）包括如下几个监控模块：实时监控包括：文件监控、内存监控、邮件发送监控、邮件接收监控、网页监控、注册表监控、引导区监控、漏洞攻击监控。

监控模块没有成功加载或者计算机监控图标呈现黄色打开状态或者红色收起状态，请您首先尝试手动启动监控程序，方法：鼠标右键单击瑞星实时监控图标（桌面右下角任务栏中的小雨伞），在弹出的菜单中选择【开启所有监控】

若问题依旧，可能由以下几种情况引起，请您根据本人计算机情况，参考如下操作:

一.计算机病毒:请您手动启动实时监控,使用最新版本杀毒软件全盘杀毒;

二.软件冲突:
如果您安装桌面主题修改软件(StyXp,变脸王等),请您卸载,并恢复Windows默认登陆设置.
如果您安装'超级解霸V8',请您及时安装该软件的sp2补丁;

三.实时监控程序文件丢失:
请您修复瑞星杀毒软件:
1.在显示器屏幕左下方点击'开始'-'程序'-'瑞星杀毒软件'-'添加删除组件';
2.选择'修复';
3.点击“下一步”...'完成'.

四.服务没有成功加载:这项最容易发生！！！！！
重新加载服务方法:
1.右键点击'我的电脑'选择'管理';
2.选择'服务与应用程序'-'服务';
3.查找服务'Rising Process Communication Center'和'RsRavMon Service';
4.右键点击服务,选择'启动'或者'重新启动'.
鼠标右键点〔我的电脑〕→管理→服务和应用程序→服务→

调整以下服务：

Rising Personal Firewall Service
Rising Process Communication Center
Rising Proxy Service
RsRavMon Service

调整以下设置：

〔常规〕选项卡：
启动类型：自动　服务状态：启动

〔恢复〕选项卡：
第一次失败：重新启动服务
第一次失败：重新启动服务
后续失败：　重新启动服务

应用→确定

五.实时监控安装异常:
请卸载后重新安装,方法如下:
1.在显示器屏幕左下方点击'开始'-'程序'-'瑞星杀毒软件'-'添加删除组件';
2.默认选择'添加/删除';
3.去掉勾选'瑞星监控中心',按照提示点击'下一步'...'完成'.
4.重复1.2步;
5.选中所有程序,按照提示点击'下一步'...'完成'.

六.启动项冲突:
参考解决方法:
1 打开瑞星杀毒软件主界面
2 选择主界面左下方的标签『瑞星工具』－『注册表修复工具』－『注册表启动项』；
3 去掉启动程序的勾选，仅保留“Ravmon”“Ravtimer”的程序；
4 重新启动计算机（建议此方法在安全模式下操作）；
在安全模式下，您只能访问基本文件和驱动程序（鼠标、监视器、键盘、大容量存储器、基本视频、默认系统服务，并且不连接网络）。
安全模式登陆方法：
1.依次单击“开始”、“关机”，然后在下拉列表中，单击“关机”。
2.在“关闭 Windows”对话框中，单击“重新启动”，然后单击“确定”。
3.在看到消息“选择启动操作系统”后，请按 F8。
4.使用箭头键高亮显示适当的安全模式选项，然后按 ENTER。
5.如果有双启动或多启动系统，请利用箭头键选择需要访问的安装，然后按 Enter。
注：此操作不会影响系统的正常使用，如果您需要重新加载启动项，可以按照以上步骤对启动程序进行勾选。

honeyxu - 2006-9-9 19:37:00

引用:

【westbeck的贴子】请问楼主知道这些是什么吗：
C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe
[ClipBook / ClipSrv]
<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>
………………

C:\Documents and Settings\LHSW-1104\桌面\快捷方式\EIM~.exe：这个是我们单位局域网的一个即时通讯软件

<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>
这个我不知道，不过好像一直是有的

我现在就按照你说的方法去修复一下！
非常感谢大家的帮助！谢谢！

westbeck - 2006-9-9 19:42:00

嗯,去吧,记得反馈结果

honeyxu - 2006-9-10 13:13:00

问题好象没有完全得到解决诶
在安全模式下,ALT+CTRL+DELETE调出任务管理器,终止realsched.exe进程???? 我没有找到有realsched.exe......
也没有找到以下系统文件
C:\WINDOWS\system\realsched.exe
C:\Program Files\Internet Explorer\PLUGINS\new123.sys
C:\WINDOWS\vcdplay

westbeck - 2006-9-10 13:17:00

请再贴日志

honeyxu - 2006-9-10 13:38:00

引用:

【westbeck的贴子】请再贴日志
………………

好的!,谢谢,是两种都要帖吗?

westbeck - 2006-9-10 13:40:00

贴SRENG的就行了

honeyxu - 2006-9-10 13:40:00

Logfile of HijackThis v1.99.1
Scan saved at 13:28:26, on 2006-9-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\rising\Rav\Ravmond.exe
D:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\csrss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\rising\Rav\RavMon.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\LHSW-1~1\LOCALS~1\Temp\Rar$EX00.872\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IMEKRMIG6.1] ; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] ; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [MSPY2002] ; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RavTask] ; "D:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; C:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave
O4 - HKLM\..\Run: [UserFaultCheck] ; %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯qq.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: tbs - {3E4CEC51-CD44-4C57-8C52-B9597836C866} - E:\DOWNLO~1\光馀盘蘚\房康地夭产鷡~1\TbsPlug.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ClipBook (ClipSrv) - SMSoft - C:\WINDOWS\system32\SVCH0ST.EXE
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\rising\Rav\Ravmond.exe

honeyxu - 2006-9-10 13:43:00

2006-09-10,13:30:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RavTask><; "D:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<Super Rabbit SRRestore><; C:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave> [Super Rabbit Soft]
<UserFaultCheck><; %systemroot%\system32\dumprep 0 -u> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\ACDSee.scr> [ACD Systems]

==================================
启动文件夹
[腾讯qq]
<C:\Documents and Settings\LHSW-1104\「开始」菜单\程序\启动\腾讯qq.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ClipBook / ClipSrv]
<C:\WINDOWS\system32\SVCH0ST.EXE><SMSoft>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[google bar]
{607E95A1-8F89-4343-B9BC-2EFC2B291BB4} <C:\WINDOWS\system32\googlebar.dll, Google Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<, N/A>
[&使用迅雷下载全部链接]
<, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

honeyxu - 2006-9-10 13:43:00

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 572][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 852][D:\Program Files\rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 880][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1060][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][D:\Program Files\rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[PID: 1260][D:\Program Files\rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1356][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1540][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1860][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1972][c:\windows\system32\inetsrv\csrss.exe] <Microsoft><1.0.0.0>
[PID: 932][C:\WINDOWS\system32\wscntfy.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1932][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 224][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1188][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>

honeyxu - 2006-9-10 13:44:00

[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\ShareFiles.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[D:\Program Files\Tencent\QQ\qqgroupdisk.dll] <深圳腾讯科技><2, 7, 0, 1022>
[D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[D:\Program Files\Tencent\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[PID: 1488][D:\Program Files\Tencent\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2612][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2760][D:\Program Files\rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
[D:\Program Files\rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[D:\Program Files\rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 2108][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[D:\Program Files\rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 2312][D:\Program Files\Mozilla Firefox\firefox.exe] <Mozilla Corporation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\js3250.dll] <Netscape Communications Corporation><4.0>
[D:\Program Files\Mozilla Firefox\nspr4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\xpcom_core.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\plc4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\plds4.dll] <Netscape Communications Corporation><4.6.1>
[D:\Program Files\Mozilla Firefox\smime3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\nss3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\softokn3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\ssl3.dll] <Netscape Communications Corporation><3.10.2>
[D:\Program Files\Mozilla Firefox\xpcom_compat.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\components\DSMozilla1_5.dll] <Baidu><2, 1, 0, 0>
[D:\Program Files\Mozilla Firefox\xpcom.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[D:\Program Files\Mozilla Firefox\components\jar50.dll] <Mozilla Foundation><1.8.0.6: 2006072814>
[C:\Documents and Settings\LHSW-1104\Application Data\Mozilla\Firefox\Profiles\t81eutqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] <N/A><N/A>
[D:\Program Files\Mozilla Firefox\nssckbi.dll] <Netscape Communications Corporation><1.53>
[C:\Documents and Settings\LHSW-1104\Application Data\Mozilla\Firefox\Profiles\t81eutqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] <N/A><N/A>
[D:\Program Files\Mozilla Firefox\components\ThunderComponent.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 7>
[D:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] <N/A><N/A>
[PID: 1388][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 3212][D:\Program Files\Tencent\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>

honeyxu - 2006-9-10 13:44:00

[D:\Program Files\Tencent\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[D:\Program Files\Tencent\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\CQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\GroupLive.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\Program Files\Tencent\QQ\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\ShareFiles.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\SCCore.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\Tencent\QQ\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\qqgroupdisk.dll] <深圳腾讯科技><2, 7, 0, 1022>
[D:\Program Files\Tencent\QQ\BQQApplication.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[D:\Program Files\Tencent\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\Program Files\Tencent\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[D:\Program Files\Tencent\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[PID: 3680][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 3516][C:\DOCUME~1\LHSW-1~1\LOCALS~1\Temp\Rar$EX00.096\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

瑞星卡卡安全论坛