【求助】不停有木马跳出来啊 bbs.ikaka.com

zhouyanshe - 2006-9-14 11:10:00

昨天下了个朗读器软件后，不停复制程序窗口，好象是SYSTERM32下面的
然后监控就出来杀毒，都是本机的病毒，都能杀掉
后来把那个软件删掉后，全面杀毒没病毒
然后就现在过一会跳出来说有木马，都可以杀掉
而且有时候IE或者TT开新页面的时候也会有病毒跳出来，到底是怎么回事啊
谁来帮我啊，先谢谢拉

就这些拉

病毒名称发现日期扫描方式路径文件
Dropper.Agent.bpa 2006-09-08 21:36文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\CTALYB43iTunesSetup[1].exe
Trojan.DL.Small.oaz 2006-09-13 12:10文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp10127_setup.exe
Trojan.DL.Small.nzw 2006-09-13 12:12文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp13672.exe
Dropper.Agent.ya 2006-09-13 12:12文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp5019.exe
Trojan.DL.Agent.lpu 2006-09-13 12:13文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Tempbind_40236.exe
Dropper.Agent.ya 2006-09-13 12:13文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\TempWIS280.exe
Trojan.DL.VB.cpo 2006-09-13 12:13文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Tempsoftbox.exe
Trojan.DL.Adload.nz 2006-09-13 12:13文件监控C:\Program Files\My application101178.exe
Trojan.DL.Agent.kif 2006-09-13 12:13文件监控C:\Program Files\pcast\PodcastbarMiniupdate.exe
Trojan.DL.Delf.ded 2006-09-13 18:34文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\SX67C1EV1000088[1].exe>>PECompact2.x
Trojan.DL.Delf.ded 2006-09-13 18:34文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp1000088.exe>>PECompact2.x
Dropper.Agent.ya 2006-09-13 18:36文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\CHYJKLUN5025[1].exe
Dropper.Agent.ya 2006-09-13 18:36文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp5025.exe
Trojan.DL.Agent.apb 2006-09-13 21:22文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4894.dll
Trojan.DL.Agent.htv 2006-09-13 23:34文件监控C:\Program Files\DeskAdTopMrup.exe
Dropper.QQHelper.a 2006-09-14 00:53文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\QN2ZMPERSetup2[1].exe
Dropper.QQHelper.a 2006-09-14 00:53文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\TempSetup2.exe
Trojan.DL.Small.oaz 2006-09-14 00:54文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\8PSLIR4X10086_setup[1].exe
Trojan.DL.Agent.lam 2006-09-14 01:01文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Tempxp16.tmp.exe
Trojan.DL.Agent.ldt 2006-09-14 01:02文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.Agent.lpx 2006-09-14 10:16文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\8PSLIR4XSetupCmd029[1].exe>>Unpack
Trojan.DL.Agent.lpx 2006-09-14 10:16文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\TempSetupCmd029.exe>>Unpack
Trojan.DL.Direct.bs 2006-09-14 10:30文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\CTALYB43Setup6008[1].exe
Trojan.DL.Direct.bs 2006-09-14 10:30文件监控C:\DOCUME~1\ZHOUYA~1\LOCALS~1\TempSetup6008.exe
Backdoor.Agent.dtt 2006-09-14 10:30文件监控C:\Documents and Settings\zhouyanshe\Local Settings\Temporary Internet Files\Content.IE5\MQE1XDCY51new[1].exe>>NsPack
Trojan.Agent.dwf 2006-09-14 10:30文件监控C:\WINDOWS\system32browsewmzero.dll
Trojan.Agent.egs 2006-09-14 10:36文件监控C:\WINDOWSuserinit.exe>>PECompact2.x

zhouyanshe - 2006-9-14 11:45:00

【回复“zhouyanshe”的帖子】
高手~~~~你在哪里啊~~~~~~我正在深情地呼唤你啊~~~~~~

zhouyanshe - 2006-9-14 15:23:00

还是老样子啊，这次开机浏览器打开一会后，
又出来个病毒，然后IE自动打开了一个什么破网站超多广告那种
虽然这些病毒一出来马上就能杀掉可是好烦啊
是不是我的浏览器已经中招了啊

westbeck - 2006-9-14 15:50:00

安全模式
清空IE临时文件
清空C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp
看看还报不报毒

zhouyanshe - 2006-9-14 16:11:00

引用:

【westbeck的贴子】安全模式
清空IE临时文件
清空C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp
看看还报不报毒
………………

哦，谢谢啊，可是这个文件夹在哪里啊，C盘下面没有啊
C:\DOCUME~1\ZHOUYA~1\LOCALS~1\Temp

westbeck - 2006-9-14 16:13:00

双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，在隐藏文件和文件夹选项里选择显示所有文件和文件夹清除“隐藏已知文件类型的扩展名
就能看到

zhouyanshe - 2006-9-14 16:42:00

引用:

【westbeck的贴子】双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，在隐藏文件和文件夹选项里选择显示所有文件和文件夹清除“隐藏已知文件类型的扩展名
就能看到
………………

照你说的删了，可是又出来这个病毒，是打开新页面之前就跳出来杀掉就没了
Dropper.Agent.dpq
也还是在TEMP文件夹里

westbeck - 2006-9-14 16:47:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

怪毒一个 - 2006-9-14 16:48:00

我也是出现这种情况哪个高手帮帮忙

怪毒一个 - 2006-9-14 16:51:00

日志扫描出来的

怪毒一个 - 2006-9-14 16:51:00

Trojan.DL.JS.Agent.kvv跳过脚本2006-09-14 12:14网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VBS.Agent.r跳过脚本2006-09-14 12:14网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VB.ckt删除成功2006-09-14 12:14文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\KVIPYLYP520[1].exe>>UPX
Trojan.DL.JS.Agent.kvv跳过脚本2006-09-14 12:14网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VB.ckt删除成功2006-09-14 12:14文件监控C:\DOCUME~1\yh\LOCALS~1\Tempsystemx.exe>>UPX
Trojan.DL.VBS.Agent.r跳过脚本2006-09-14 12:14网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.JS.Agent.kvv清除成功2006-09-14 12:14文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\KVIPYLYPie[1].htm
Trojan.DL.VB.ckt删除成功2006-09-14 12:14文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\UFATI1OF520[1].exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:14文件监控C:\DOCUME~1\yh\LOCALS~1\Tempsystemx.exe>>UPX
Trojan.DL.JS.Agent.kvv清除成功2006-09-14 12:16文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\UFATI1OFie[1].htm
Trojan.DL.JS.Agent.kvv跳过脚本2006-09-14 12:16网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VBS.Agent.r跳过脚本2006-09-14 12:16网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VB.ckt删除成功2006-09-14 12:16文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\7ZDBJH8W520[1].exe>>UPX
Trojan.DL.JS.Agent.kvv跳过脚本2006-09-14 12:16网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.VB.ckt删除成功2006-09-14 12:16文件监控C:\DOCUME~1\yh\LOCALS~1\Tempsystemx.exe>>UPX
Trojan.DL.VBS.Agent.r跳过脚本2006-09-14 12:16网页/脚本监控http://gameabc.sdo.com/newweb/default/news.asp?id=4652
Trojan.DL.JS.Agent.kvv清除成功2006-09-14 12:16文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\ER6RU5YNie[1].htm
Trojan.DL.VB.ckt删除成功2006-09-14 12:16文件监控C:\Documents and Settings\yh\Local Settings\Temporary Internet Files\Content.IE5\UFATI1OF520[1].exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:16文件监控C:\DOCUME~1\yh\LOCALS~1\Tempsystemx.exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:24文件监控C:\WINDOWS\system32520.exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:25文件监控C:\WINDOWS\system323721.exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:25文件监控C:\WINDOWS\system323721.exe>>UPX
Trojan.DL.VB.ckt删除成功2006-09-14 12:25文件监控C:\WINDOWS\system323721.exe>>UPX
Trojan.DL.Agent.apb删除成功2006-09-14 12:25文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Trojan.Multidrop.c删除成功2006-09-14 12:36文件监控C:\WINDOWSsetup.exe
Dropper.Agent.dqa删除成功2006-09-14 12:37文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Dropper.Agent.dmk删除成功2006-09-14 12:37文件监控C:\WINDOWSwd2_051117_WIS205_mini.exe
Trojan.DL.ADLoad.ei删除成功2006-09-14 12:37文件监控C:\WINDOWS101628.exe
Trojan.DL.Agent.lpx删除成功2006-09-14 12:37文件监控C:\WINDOWSSetupCmd.exe>>Unpack
Trojan.StartPage.sxz删除成功2006-09-14 12:37文件监控C:\DOCUME~1\yh\LOCALS~1\TempSetStartPage.exe
Trojan.DL.Agent.lpu删除成功2006-09-14 12:37文件监控C:\WINDOWSbind_40254.exe
Trojan.DL.Agent.apb删除成功2006-09-14 12:37文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 12:37文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.VB.ckt删除成功2006-09-14 12:37文件监控C:\WINDOWS\system32wdfmgr32.exe>>UPX
Trojan.DL.Agent.apb删除成功2006-09-14 12:37文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Trojan.DL.Agent.htv删除成功2006-09-14 12:37文件监控C:\Program Files\DeskAdTopMrup.exe
Trojan.DL.VB.ckt删除成功2006-09-14 13:10文件监控C:\WINDOWS\system323721.exe>>UPX
Dropper.Agent.dqa删除成功2006-09-14 13:59文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 13:59文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 13:59文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 13:59文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Dropper.Agent.dqa删除成功2006-09-14 14:59文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 14:59文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.apb删除成功2006-09-14 14:59文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 14:59文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.VB.ckt删除成功2006-09-14 15:01文件监控C:\WINDOWS\system32520.exe>>UPX
Dropper.Agent.dqa删除成功2006-09-14 15:16文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 15:16文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 15:16文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 15:16文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Dropper.Agent.dqa删除成功2006-09-14 15:29文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Trojan.StartPage.sxz删除成功2006-09-14 15:29文件监控C:\DOCUME~1\yh\LOCALS~1\TempSetStartPage.exe
Trojan.DL.Agent.apb删除成功2006-09-14 15:29文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.apb删除成功2006-09-14 15:29文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 15:29文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Dropper.Agent.dqa删除成功2006-09-14 15:41文件监控C:\DOCUME~1\yh\LOCALS~1\Tempduibuqidajia.exe>>Unpack
Trojan.DL.Agent.apb删除成功2006-09-14 15:41文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_5097.dll
Trojan.DL.Agent.apb删除成功2006-09-14 15:41文件监控C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelperIEHelper_4896.dll
Trojan.DL.Agent.ldt删除成功2006-09-14 15:41文件监控C:\WINDOWS\system32\0848\baisoawinampa.exe>>Unpack
Trojan.DL.VB.ckt删除成功2006-09-14 16:10文件监控C:\WINDOWS\system32520.exe>>UPX

怪毒一个 - 2006-9-14 16:55:00

全是今天的,真晕呀

zhouyanshe - 2006-9-14 17:18:00

引用:

【westbeck的贴子】请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

………………

谢谢你才对嘛；）我贴给你哦

2006-09-14,17:04:19

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<TrackPointSrv><tp4serv.exe> [Lenovo Group Limited]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray> [Analog Devices, Inc.]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor> [Lenovo Group Limited]
<BLOG><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog> []
<RavMon><C:\Program Files\rising\rav\RavMon.exe> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<BigDog305><C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)> []
<TPHOTKEY><C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe> []
<TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper> [Lenovo]
<TP4EX><tp4ex.exe> [Lenovo Group Limited]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<AGRSMMSG><AGRSMMSG.exe> [Agere Systems]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<RavMon><C:\Program Files\rising\rav\RavMon.exe /AUTO> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load> []
<DEFAULT><rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start> []
<CONFIGURATION><rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pansos.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
<WinlogonNotify: tpfnf2><notifyf2.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
<WinlogonNotify: tphotkey><tphklock.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ibmmessages><; C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe> [IBM]
<iTunesHelper><; "D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]

==================================

zhouyanshe - 2006-9-14 17:18:00

【回复“zhouyanshe”的帖子】
启动文件夹
服务
[ACU Configuration Service / ACS]
<C:\WINDOWS\system32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ThinkPad PM Service / IBMPMSVC]
<C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<C:\Program Files\rising\rav\CCenter.exe><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================
浏览器加载项
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINDOWS\ODBINT.dll, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo\KUGOO3~1.OCX, N/A>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\flash8.dll, MACROMEDlA>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[更新 ThinkPad 软件]
{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} <C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe, Lenovo Group Limited>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINDOWS\ODBINT.dll, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo\KUGOO3~1.OCX, N/A>
[Flash 8 ocx ]
{B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <C:\WINDOWS\system32\flash8.dll, MACROMEDlA>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\tencent\qq\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\Program Files\KuGoo\KuGoo3DownX.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
<res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[添加到QQ自定义面板]
<D:\tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\tencent\qq\SendMMS.htm, N/A>

==================================

zhouyanshe - 2006-9-14 17:21:00

正在运行的进程
[PID: 624][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4115>
[C:\WINDOWS\system32\tphklock.dll] <N/A><N/A>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 760][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 772][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 936][C:\WINDOWS\system32\ibmpmsvc.exe] <N/A><N/A>
[PID: 964][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4115>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 976][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1064][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1156][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1224][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1308][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1404][C:\Program Files\rising\rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1520][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
[c:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[c:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[c:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1556][C:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[C:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[C:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[C:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[C:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[C:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1744][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1832][C:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 548][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4115>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 648][C:\WINDOWS\system32\pansos.exe] <N/A><N/A>
[PID: 1008][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[C:\WINDOWS\system32\soundmix.dll] <><1, 4, 0, 0>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\system32\ext\dtdl.dll] <N/A><N/A>
[C:\WINDOWS\system32\ext\dtsm.dll] <N/A><N/A>
[C:\WINDOWS\ODBINT.dll] <N/A><N/A>
[D:\PROGRA~1\KuGoo\KUGOO3~1.OCX] <N/A><N/A>
[PID: 1344][c:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[c:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[c:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[c:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 220][C:\WINDOWS\system32\tp4serv.exe] <Lenovo Group Limited><3.55>
[C:\WINDOWS\system32\tp4uires.dll] <N/A><N/A>
[PID: 416][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] <Analog Devices, Inc.><5, 0, 2, 2>
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] <Analog Devices, Inc.><5, 0, 3, 001>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 1912][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL] <Lenovo Group Limited><1, 0, 0, 0>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL] <N/A><N/A>

zhouyanshe - 2006-9-14 17:23:00

【回复“zhouyanshe”的帖子】
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL] <N/A><N/A>
[C:\WINDOWS\system32\OEMDSPIF.DLL] <ATI Technologies, Inc.><6.14.0012>
[PID: 1944][C:\Program Files\rising\rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[C:\Program Files\rising\rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[C:\Program Files\rising\rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[C:\Program Files\rising\rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\rising\rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\rising\rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\rising\rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\Program Files\rising\rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 2008][C:\WINDOWS\VM305_STI.EXE] <Vimicro><4, 3, 625, 61>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 168][C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe] <N/A><N/A>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] <N/A><N/A>
[C:\WINDOWS\system32\Oemdspif.dll] <ATI Technologies, Inc.><6.14.0012>
[PID: 228][C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe] <N/A><N/A>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 532][C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe] <Lenovo Group Limited><1.16>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 392][C:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 836][C:\WINDOWS\AGRSMMSG.exe] <Agere Systems><2.1.31 2.1.31 06/27/2003 08:53:31>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 900][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 1112][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[PID: 500][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 776][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\TpKmpSVC.exe] <N/A><N/A>
[PID: 2744][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2456][D:\tencent\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\tencent\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQAPI.dll] <><1, 0, 0, 1>
[D:\tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\tencent\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\tencent\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[D:\tencent\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\tencent\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\tencent\qq\QQMainFrame.dll] <N/A><N/A>
[D:\tencent\qq\CQQApplication.dll] <N/A><N/A>
[D:\tencent\qq\NewSkin.dll] <><1, 0, 0, 1>
[D:\tencent\qq\HostingMgr.dll] <><1, 0, 0, 1>
[D:\tencent\qq\CameraDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\MailSummary.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\tencent\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\tencent\qq\GroupLive.dll] <N/A><N/A>
[D:\tencent\qq\QQSysMsgMng.dll] <N/A><N/A>
[D:\tencent\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQPlugin.dll] <N/A><N/A>
[D:\tencent\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QRingMng.dll] <N/A><N/A>
[D:\tencent\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\tencent\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\tencent\qq\VPortal.dll] <><1, 0, 0, 4>
[D:\tencent\qq\QQAvatar.dll] <N/A><N/A>
[D:\tencent\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\tencent\qq\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\tencent\qq\QQPet.dll] <><1, 0, 0, 1>
[D:\tencent\qq\BQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\tencent\qq\CommercesMng.dll] <><1, 0, 0, 1>
[D:\tencent\qq\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\tencent\qq\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[D:\tencent\qq\QQSceneMng.dll] <N/A><N/A>
[D:\tencent\qq\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[PID: 2712][D:\tencent\qq\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[D:\tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 576][D:\tencent\qq\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\tencent\qq\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>

zhouyanshe - 2006-9-14 17:24:00

【回复“zhouyanshe”的帖子】
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQAPI.dll] <><1, 0, 0, 1>
[D:\tencent\qq\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\tencent\qq\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\tencent\qq\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[D:\tencent\qq\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\tencent\qq\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\tencent\qq\QQMainFrame.dll] <N/A><N/A>
[D:\tencent\qq\CQQApplication.dll] <N/A><N/A>
[D:\tencent\qq\NewSkin.dll] <><1, 0, 0, 1>
[D:\tencent\qq\HostingMgr.dll] <><1, 0, 0, 1>
[D:\tencent\qq\CameraDll.dll] <><1, 0, 0, 1>
[D:\tencent\qq\MailSummary.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\tencent\qq\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\tencent\qq\GroupLive.dll] <N/A><N/A>
[D:\tencent\qq\QQSysMsgMng.dll] <N/A><N/A>
[D:\tencent\qq\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QQPlugin.dll] <N/A><N/A>
[D:\tencent\qq\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\tencent\qq\QRingMng.dll] <N/A><N/A>
[D:\tencent\qq\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\tencent\qq\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\tencent\qq\VPortal.dll] <><1, 0, 0, 4>
[D:\tencent\qq\QQAvatar.dll] <N/A><N/A>
[D:\tencent\qq\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\tencent\qq\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\tencent\qq\QQPet.dll] <><1, 0, 0, 1>
[D:\tencent\qq\BQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\tencent\qq\CommercesMng.dll] <><1, 0, 0, 1>
[D:\tencent\qq\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\tencent\qq\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[D:\tencent\qq\QQSceneMng.dll] <N/A><N/A>
[PID: 1612][D:\tencent\TT\TTraveler.exe] <腾讯公司><3.0.0.250>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[D:\tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 2044][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\DESKAD~1\deskipn.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 8>
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\WINDOWS\ODBINT.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\PROGRA~1\KuGoo\KUGOO3~1.OCX] <N/A><N/A>
[C:\WINDOWS\system32\flash8.dll] <MACROMEDlA><1, 4, 0, 0>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 3776][D:\down\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\SYSPOL~1.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\system32\tapidef.dll] <><1, 0, 0, 1>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

zhouyanshe - 2006-9-14 17:26:00

引用:

【westbeck的贴子】请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

………………

我贴好了，然后怎么办啊

怪毒一个 - 2006-9-14 17:39:00

【回复“westbeck”的帖子】
2006-09-14,17:23:14

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<msnnt><C:\WINDOWS\winampa.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<CameraFixer><C:\WINDOWS\CameraFixer.exe> []
<tsnpstd3><C:\WINDOWS\tsnpstd3.exe> []
<snpstd3><C:\WINDOWS\vsnpstd3.exe> []
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [ ]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\1.dLl> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> []

==================================
启动文件夹
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4896.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[XBTP03129 Class]
{B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL, IE Toolbar>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\winmsd.dll, Microsoft Corporation>
[FlashFXP Helper for Internet Explorer]
{E5A1691B-D188-4419-AD02-90002030B8EE} <F:\海燕个人文件包\新建文件夹\新建文件夹\FlashFXP\IEFlash.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[Micrsoft SearchBar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Micrsoft SearchBar\SearchBar.dll, IE Toolbar>
[GDInitCtrl Class]
{0F7C23A0-233A-4D9E-915B-E7EA2E0C873D} <C:\WINDOWS\system32\GDAdmin\GDAdmin.dll, >
[GDHidCtrl Class]
{220ED87A-CB03-45A8-A81E-1C5597E11186} <C:\WINDOWS\system32\GDHidUsr\GDHidUsr.dll, >
[ClientLogin.LoginPassEncrypt]
{39B3428A-7441-40AF-8F5B-BC2F8D35DC64} <C:\WINDOWS\Downloaded Program Files\ClientLogin.ocx, 星启天网络>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <F:\新建文~1\泡泡\popo2004\PHOTO_~1.OCX, N/A>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4896.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, >
[Micrsoft SearchBar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Micrsoft SearchBar\SearchBar.dll, IE Toolbar>
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[XBTP03129 Class]
{B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\MICRSO~1\SEARCH~1.DLL, IE Toolbar>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\winmsd.dll, Microsoft Corporation>
[FlashFXP Helper for Internet Explorer]
{E5A1691B-D188-4419-AD02-90002030B8EE} <F:\海燕个人文件包\新建文件夹\新建文件夹\FlashFXP\IEFlash.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo!>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================

westbeck - 2006-9-14 17:42:00

请照做：
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
断网，清空IE临时文件
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项
<DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load> []
<DEFAULT><rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start> []
<CONFIGURATION><rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start>
<WinlogonNotify: tpfnf2><notifyf2.dll>
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pansos.exe> （这项你要点编辑，把后面的C:\WINDOWS\system32\pansos.exe去掉）
运行System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Yahoo Bar]
{A697BC46-BC93-4833-93F5-1E365011E88A} <C:\WINDOWS\ODBINT.dll, N/A>
双击打开KillBox.exe，分别删除
C:\WINDOWS\system32\soundmix.dll
C:\WINDOWS\system32\SYSPOL~1.DLL
C:\WINDOWS\system32\tapidef.dll
notifyf2.dll
C:\WINDOWS\system32\pansos.exe
C:\PROGRA~1\DESKAD~1\deskipn.dll
C:\WINDOWS\system32\YHBO.dll
C:\WINDOWS\ODBINT.dll
（删除时勾选“删除前先结束Explorer.EXE进程”)
注:后缀为.dll的文件如果无法删除,请勾选"反注册""再删除
运行超级兔子,打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载

zhouyanshe - 2006-9-14 18:57:00

找你说的都做好了，貌似好象好了，
你好厉害，嘿嘿，
再有问题再来问你啊，谢谢了

zhouyanshe - 2006-9-15 11:09:00

引用:

【westbeck的贴子】请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

………………

之前那个问题已经好了
可是刚我心血来潮，想下模拟度假村来玩
结果用讯雷刚下完，就有病毒了，杀掉后我又下了两个，还是有病毒
那我想肯定是讯雷有毒了，因为之前也是因为讯雷下了软件才开始不停有毒的
于是我又把讯雷卸载了，
然后我多试了几个其他的下载地址，还是度假村，用目标另存为，
全部有毒啊，NND，气死我了，
那肯定是我电脑里又中甚么毒拉，是不是要重装啊，我可是上礼拜刚一键恢复过啊
还请赐教，

zhouyanshe - 2006-9-15 20:39:00

自己顶一记

瑞星卡卡安全论坛