瑞星卡卡安全论坛
yan121 - 2006-10-6 23:47:00
我中了Trojan.PSW.QQPass.pxx,想按照论坛的解决方法删除,可是System Repair Engineer无论是扫描还是启动,都会发送错误报告(详情附图),然后System Repair Engineer就不能运行,要关闭了!
我已经尝试过下载很多不同版本的System Repair Engineer,可是结果都是一样!
谁可以帮帮我消除病毒或者解决System Repair Engineer的问题啊!
麻烦各位了!谢谢!
附件:
7628812006106233853.jpg
网络一兵 - 2006-10-7 0:10:00
这问题最近比较普遍,干脆完全格式化后重装系统最省心。这样都解决了。
蓝色孔雀花 - 2006-10-7 0:40:00
你应该是中了木马病毒了吧,橙色八月中的一种,你可以注意看看有关八月的言论,也许会有解决的办法的.
yan121 - 2006-10-7 1:04:00
| 引用: |
【网络一兵的贴子】这问题最近比较普遍,干脆完全格式化后重装系统最省心。这样都解决了。
……………… |
谢谢您!除了重装,还有别的办法吗?因为我电脑装了很多东西,重装真的很痛苦啊!!
xp123 - 2006-10-7 1:22:00
看http://forum.ikaka.com/topic.asp?board=28&artid=8182259
yan121 - 2006-10-7 3:00:00
| 引用: |
【xp123的贴子】看http://forum.ikaka.com/topic.asp?board=28&artid=8182259
……………… |
谢谢!可是这个方法是不行的,因为我看到论坛有也有中Trojan.PSW.QQPass.pxx的人已经试过!这个带"pxx"的已属于变种了!我看到这个:http://forum.ikaka.com/topic.asp?board=28&artid=8185040&page=1
44楼的无邪哥哥已经给了解法,可是每个人的具体情况是不一样的,现在最惨的的关键是我用不了System Repair Engineer,所以连试一下去解决也不行!!!可怜啊!!!!!
yan121 - 2006-10-7 10:32:00
【回复“yan121”的帖子】
顶一下,哪位高手能帮帮忙啊!!!不胜感激!!!
风雪蓝天 - 2006-10-7 10:58:00
试试在安全模式能否运行sreng
我无邪 - 2006-10-7 11:51:00
同意楼上的看法
如果连安全模式也不行,我觉得你重装系统会来得更快
如果真的重装了系统,我建议你立即备份下系统干净的状态
看以下的帖子
http://forum.ikaka.com/topic.asp?board=3&artid=8124643
yan121 - 2006-10-7 12:38:00
【回复“我无邪”的帖子】
刚刚试了,还是一样!
真的一定要重装吗?可是我又太多东西,例如扫描仪,打印机之类,重装真的很痛苦啊!
刚刚用扫了日志:
Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 12:21:12, on 2006-10-07
Platform: Microsoft Windows XP Professional Service Pack 1 (Build 2600)
MSIE: Internet Explorer v6.00 SP1;Q837009;Q832894;Q831167;Q823353;Q867801; (6.00.2800.1106 (xpsp1.020828-1920))
Running processes:
[smss.exe]
CommandLine =
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[winlogon.exe]
CommandLine = winlogon.exe
[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe
[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe
[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[CCenter.exe]
CommandLine = "C:\Program Files\Rising\Rav\CCenter.exe"
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k NetworkService
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k LocalService
[rfwsrv.exe]
CommandLine = "c:\program files\rising\rfw\rfwsrv.exe"
[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE
[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe
[rfwmain.exe]
CommandLine = -StartUp
[RavStub.exe]
CommandLine = "C:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND
[rundll32.exe]
CommandLine = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe
[HPConfig.exe]
CommandLine = C:\WINDOWS\system32\HPConfig.exe
[HPWirelessMgr.exe]
CommandLine = "C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe"
[mdm.exe]
CommandLine = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
[sqlservr.exe]
CommandLine = "C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
[realsched.exe]
CommandLine = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[RavTask.exe]
CommandLine = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
[update.exe]
CommandLine = "C:\Program Files\Common Files\UPDATE2\Update.exe"
[RavMon.exe]
CommandLine = "C:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM
[rundll32.exe]
CommandLine = "C:\WINDOWS\Intel\rundll32.exe"
[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k imgsvc
[wdfmgr.exe]
CommandLine = C:\WINDOWS\System32\wdfmgr.exe
[wdfmgr32.exe]
CommandLine = "C:\WINDOWS\System32\wdfmgr32.exe"
[rundll32.exe]
CommandLine = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
[WebThunder.exe]
CommandLine = "C:\Program Files\Thunder Network\WebThunder\WebThunder.exe"
[ctfmon.exe]
CommandLine = "C:\WINDOWS\System32\ctfmon.exe"
[wuauclt.exe]
CommandLine = "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[45c]SUSDSe0a026c274ae8240a5c78e5d0ae055d6
[wuauclt.exe]
CommandLine = "C:\WINDOWS\System32\wuauclt.exe"
[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"
[KkScan.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\KkScan.exe"
[svchost.exe]
CommandLine = "C:\WINDOWS\System32\svchost.exe"
[Rsaupd.exe]
CommandLine = "C:\Program Files\Rising\KakaToolBar\Rsaupd.exe"
yan121 - 2006-10-7 12:39:00
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://seek.3721.com/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://toolsbar.kuaiso.com/index.htm
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_013.dll
O2 - BHO: IExpress - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINDOWS\System32\iexpress.dll (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KuGoo3] rem "D:\KuGoo3\KuGoo.exe"
O4 - HKCU\..\Run: [Realplayer.exe] rem C:\WINDOWS\System32\Realplayer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] rem C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] rem C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] rem C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] rem Ati2mdxx.exe
O4 - HKLM\..\Run: [MMTray] rem C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cpqset] rem C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] rem "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QT4HPOT] rem C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [NMGameX_AutoRun] rem C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [Microsoft Update] rem snlogsvc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] rem C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"
O4 - HKLM\..\Run: [KuGoo3] rem D:\KuGoo3\KuGoo.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\System32\wdfmgr32.exe
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O9 - Extra Button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra Button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O11 - Options group: [!CNS] 中文上网
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D} (WebDownLoad Control) - http://61.172.200.234:8000/mp444/WebDownLoadProj1.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-A8D2-7522B732519E} (WebActivater Control) - http://game.qq.com/QQGame.cab
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_46.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2486869e78f024c3f804/netzip/RdxIE601_cn.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{200CA515-49E5-4E50-A149-8A087DA7C069}: NameServer = 202.96.128.86 202.96.128.166
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\hpconfig.exe
O23 - Service: HPWirelessMgr (HPWirelessMgr) - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Network Logon (NetWorkLogon) - - rundll32.exe KB896495.log,start
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: telnets (telnets) - - C:\WINDOWS\wondowws.exe
我无邪 - 2006-10-7 13:02:00
开始→运行→输入services.msc,打开“服务”→查找Network Logon ,telnets →双击→启动类型→禁止→停止→应用→确定。禁止Network Logon ,telnets这2个服务 (每一个逗号隔开的就是一个病毒的服务,请逐一禁用)
下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后,打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件,卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载不了,到安全模式再卸载
重启后删除
C:\WINDOWS\wondowws.exe
KB896495.log搜索一下
请到www.27814939.ys168.com,点“我的软件”下载autoruns.exe,运行后,点“选项”选择“隐藏微软选项”退出,再重新运行。点“文件”“保存”把日志粘上帖子来。
yan121 - 2006-10-7 14:33:00
【回复“我无邪”的帖子】
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AdaptecDirectCD找不到文件:rem
+ ATIModeChange找不到文件:rem
+ ATIPTA找不到文件:rem
+ Cpqset找不到文件:rem
+ Display Settings找不到文件:rem
+ Easy-PrintToolBox找不到文件:rem
+ IMJPMIG8.1找不到文件:rem
+ KuGoo3找不到文件:rem
+ QT4HPOT找不到文件:rem
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe
+ SynTPEnh找不到文件:rem
+ SynTPLpr找不到文件:rem
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
+ WebThunderWeb 迅雷深圳市迅雷网络技术有限公司c:\program files\thunder network\webthunder\webthunder.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
+ RavStubRising RavStubBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravstub.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ KuGoo3找不到文件:rem
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0找不到文件:About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a找不到文件:C:\Program Files\Messenger\msgsc.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ DVDBurn找不到文件:CLSID\{790448C3-4239-45AF-C98B-367991A8B103}\InprocServer32
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ cnshook.dll3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
+ InprocServer32找不到文件:CLSID\{06A48AD9-FF57-4E73-937B-B493E72F4226}\InprocServer32
+ InprocServer32找不到文件:CLSID\{08315C1A-9BA9-4B7C-A432-26885F78DF28}\InprocServer32
+ InprocServer32找不到文件:CLSID\{E568441B-9EF3-49F8-9A67-4141AC41ADD4}\InprocServer32
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ sysldr.dllc:\windows\system32\sysldr.dll
+ yclickon.dllClickOn ModuleYAHOO Corporation Limitedc:\program files\yahoo!\assistant\yclickon.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Adaptec DirectCD Shell ExtensionDirectCD Shell Extention DLLRoxioc:\program files\roxio\easy cd creator 5\directcd\shellex.dll
+ Display Panning CPL Extension找不到文件:deskpan.dll
+ HyperTerminal Icon Ext找不到文件:CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}\InprocServer32
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Modulec:\program files\acd systems\roboenhancer\scriptdropshellext.dll
+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realone player\rpshell.dll
+ WinRAR shell extensionc:\program files\winrar\rarext.dll
+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll
+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll
+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll
+ WinZipWinZip Shell Extension DLLWinZip Computing, Inc.c:\program files\winzip\wzshlstb.dll
+ 粉碎文件找不到文件:CLSID\{C14F7681-33D8-11D3-A09B-00500402F30B}\InprocServer32
+ 我的手机File Manager interfaceTeleca Software Solutions ABc:\program files\sony ericsson\mobile\file manager\fmgrgui.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CnsHook Class3721 CNS Module北京三七二一科技有限公司c:\windows\downloaded program files\cnshook.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ @shdoclc.dll,-864c:\windows\web\related.htm
+ 访问卡卡社区找不到文件:http://www.ikaka.com/?u=RSTB
+ 访问瑞星网站找不到文件:http://www.rising.com.cn/?u=RSTB
+ 启动Web迅雷找不到文件:http://my.xunlei.com
+ 启动迅雷Thunder Networking Technologies,LTDc:\program files\thunder network\thunder\thunder.exe
计划任务
+ Symantec NetDetect.jobSymantec NetDetectSymantec Corporationc:\program files\symantec\liveupdate\ndetect.exe
HKLM\System\CurrentControlSet\Services
+ HPConfigHPConfig ModuleHewlett-Packardc:\windows\system32\hpconfig.exe
+ HPWirelessMgrHPWirelessMgr ModuleHewlett-Packard Co.c:\program files\hpq\notebook utilities\hpwirelessmgr.exe
+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ aliadwdmALi Audio Accelerator WDM DriverAcer Laboratories Inc.c:\windows\system32\drivers\ac97ali.sys
+ AliIdeALi mini IDE DriverAcer Laboratories Inc.c:\windows\system32\drivers\aliide.sys
+ ALiIRDAALi Fast Infrared DriverAcer Laboratories Inc.c:\windows\system32\drivers\aliirda.sys
+ ati2mtagATI Radeon Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ caboagpATI AGP driverATI Technologies Inc.c:\windows\system32\drivers\atisgkaf.sys
+ CALIAUDConexant WDM AC97 Audio DriverConexant Systems Inc.c:\windows\system32\drivers\caliaud.sys
+ CALIHALAConexant AmcHal DriverConexant Systems Inc.c:\windows\system32\drivers\calihal.sys
+ DKbFltrDritek Keyboard Filter DriverDritek System Inc.c:\windows\system32\drivers\dkbfltr.sys
+ DP83815National Semiconductor Corp. DP83815/816 10/100 MacPhyter NDIS 5.0 Miniport DriverNational Semiconductor Corp.c:\windows\system32\drivers\dp83815.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ FA312NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport DriverNETGEAR Corp.c:\windows\system32\drivers\fa312nd5.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys
+ HPCIHP Configuration Interface DriverHewlett-Packardc:\windows\system32\drivers\hpci.sys
+ kmsinputc:\windows\system32\drivers\kmsinput.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys
+ New0c:\windows\system32\new.sys
+ npkcrypt找不到文件:D:\qq\npkcrypt.sys
+ npkcusbnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\qq\npkcusb.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ Sense3SENSE3 Driver for NTBeijing Senselockc:\windows\system32\drivers\sense3.sys
+ SVKPSVKP driver for NTAntiCrackingc:\windows\system32\svkp.sys
+ SymEventSymantec Event LibrarySymantec Corporationc:\program files\symantec\symevent.sys
+ SynTPSynaptics Touchpad DriverSynaptics, Inc.c:\windows\system32\drivers\syntp.sys
+ vcddevVirtual Native Network DriverVNN B.J.c:\windows\system32\drivers\vcdvnic.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ ckc:\windows\system32\ck.exe
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\卡通动~1.SCRc:\windows\卡通动物 屏幕保护程序.scr
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Canon BJ Language Monitor PIXMA iP1000BJ Language MonitorCANON INC.c:\windows\system32\cnmlm6e.dll
yan121 - 2006-10-7 14:35:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 14:19:31, 日期 2006-10-7
操作系统: Windows XP SP1 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\zh\桌面\HijackThis1[1].99.1\HijackThis1991zww.exe
yan121 - 2006-10-7 14:35:00
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [Display Settings] rem C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - 启动项HKLM\\Run: [SynTPLpr] rem C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] rem C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [ATIModeChange] rem Ati2mdxx.exe
O4 - 启动项HKLM\\Run: [Cpqset] rem C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - 启动项HKLM\\Run: [AdaptecDirectCD] rem "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - 启动项HKLM\\Run: [QT4HPOT] rem C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Easy-PrintToolBox] rem C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [KuGoo3] rem D:\KuGoo3\KuGoo.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KuGoo3] rem "D:\KuGoo3\KuGoo.exe"
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq\AddEmotion.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O11 - Options group: [!CNS] 中文上网
O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D} (WebDownLoad Control) - http://61.172.200.234:8000/mp444/WebDownLoadProj1.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-A8D2-7522B732519E} (WebActivater Control) - http://game.qq.com/QQGame.cab
O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_46.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2486869e78f024c3f804/netzip/RdxIE601_cn.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{200CA515-49E5-4E50-A149-8A087DA7C069}: NameServer = 202.96.128.86 202.96.128.166
O17 - HKLM\System\CS1\Services\Tcpip\..\{200CA515-49E5-4E50-A149-8A087DA7C069}: NameServer = 202.96.128.86 202.96.128.166
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - (no file)
O23 - NT 服务: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - NT 服务: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
yan121 - 2006-10-7 14:49:00
看到:
HijackThis_zww汉化版扫描日志 V1.99.1:R3 - 默认的URLSearchHook丢失。用HijackThis修复
HijackThis_zww可能修复了SREng,SREng好像也可以用了!
这样有没有帮助啊?
补充一点,现在重启后用瑞星18.47.40扫内存,已经不会像之前那样会有二十多个Trojan.PSW.QQPass.pxx,现在扫内存,瑞星是显示没有病毒的!
yan121 - 2006-10-8 0:02:00
2006-10-07,23:47:57
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KuGoo3><rem "D:\KuGoo3\KuGoo.exe"> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<ATIPTA><rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [N/A]
<Display Settings><rem C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s> [N/A]
<SynTPLpr><rem C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [N/A]
<SynTPEnh><rem C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [N/A]
<ATIModeChange><rem Ati2mdxx.exe> [N/A]
<Cpqset><rem C:\Program Files\HPQ\Default Settings\cpqset.exe> [N/A]
<AdaptecDirectCD><rem "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [N/A]
<QT4HPOT><rem C:\Program Files\HPQ\One-Touch\OneTouch.EXE> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Easy-PrintToolBox><rem C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KuGoo3><rem D:\KuGoo3\KuGoo.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll> [北京三七二一科技有限公司]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\sysldr.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<DVDBurn><> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\卡通动~1.SCR> [N/A]
yan121 - 2006-10-8 0:03:00
==================================
启动文件夹
N/A
==================================
服务
[HP Configuration Interface Service / HPConfig]
<C:\WINDOWS\system32\HPConfig.exe><Hewlett-Packard>
[HPWirelessMgr / HPWirelessMgr]
<C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe><Hewlett-Packard Co.>
[Machine Debug Manager / MDM]
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
[telnets / telnets]
<><N/A>
==================================
驱动程序
[aec6710D / aec6710D]
<\SystemRoot\System32\DRIVERS\aec6710d.sys><Microsoft Corporation>
[ALi Audio Accelerator WDM driver / aliadwdm]
<system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ALi Infrared Device Driver / ALiIRDA]
<System32\DRIVERS\aliirda.sys><Acer Laboratories Inc.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ATI Cabo AGP Filter / caboagp]
<\SystemRoot\System32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[Conexant AMC 3D ENVIRONMENTAL AUDIO / CALIAUD]
<system32\drivers\caliaud.sys><Conexant Systems Inc.>
[CALIHALA / CALIHALA]
<system32\drivers\calihal.sys><Conexant Systems Inc.>
[Cdr4_xp / Cdr4_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[CnsMinKP / CnsMinKP]
<\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[Dritek HotKey Keyboard Filter Driver / DKbFltr]
<System32\Drivers\DKbFltr.SYS><Dritek System Inc.>
[National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver / DP83815]
<System32\DRIVERS\DP83815.SYS><National Semiconductor Corp.>
[dvd_2K / dvd_2K]
<C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver / FA312]
<System32\DRIVERS\FA312nd5.sys><NETGEAR Corp.>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HP Configuration Interface / HPCI]
<System32\DRIVERS\hpci.sys><Hewlett-Packard>
[jdy#hook / jdy#hook]
<\??\D:\游戏软件\wg999_down72187396\hknm.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mmc_2K / mmc_2K]
<C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[MxlW2k / MxlW2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.SYS><MusicMatch, Inc.>
[Ndis259 / Ndis259]
<\SystemRoot\System32\Drivers\ms258.sys><Copyright (C) 3721 Corporation.>
[New0 / New0]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
<\??\D:\qq\npkcrypt.sys><N/A>
[npkcusb / npkcusb]
<\??\D:\qq\npkcusb.sys><INCA Internet Co., Ltd.>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\System32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sense3 / Sense3]
<System32\Drivers\sense3.sys><Beijing Senselock>
[Superk53 / Superk53]
<\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[SVKP / SVKP]
<\??\C:\WINDOWS\System32\SVKP.sys><AntiCracking>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP]
<System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[UdfReadr_xp / UdfReadr_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
yan121 - 2006-10-8 0:05:00
==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[WebDownLoad Control]
{36CB6B28-FC08-4373-8F54-1A02E3C15B7D} <, N/A>
[WebActivater Control]
{3D8F74EE-8692-4F8F-A8D2-7522B732519E} <C:\WINDOWS\DOWNLO~1\WEBACT~1.OCX, QQ>
[WEBChatRoomOCX Control]
{448A5F6B-8C03-4B54-A338-F00237C508AD} <C:\PROGRA~1\LONGMA~1\UCWEBC~1\UCWEBC~1.OCX, >
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[RdxIE Class]
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINDOWS\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用网际快车下载]
<, N/A>
[使用网际快车下载全部链接]
<, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
yan121 - 2006-10-8 0:07:00
==================================
正在运行的进程
[PID: 664][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 788][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1072][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1240][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1280][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1296][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1536][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
yan121 - 2006-10-8 0:07:00
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1544][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\downlo~1\CnsHook.dll] [北京三七二一科技有限公司, 1, 0, 3, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\HEROSOFT\HEROVCVT\VCvtShell.dll] [N/A, N/A]
[C:\HEROSOFT\HEROVCVT\VCvtS936.dll] [N/A, N/A]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
[PID: 1868][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\CNMLM6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL] [CANON INC., 1.80.2.50]
[PID: 2040][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 648][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 916][C:\WINDOWS\System32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1196][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1924][C:\WINDOWS\system32\HPConfig.exe] [Hewlett-Packard, 3, 0, 1, 8]
[PID: 292][C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe] [Hewlett-Packard Co., 1, 0, 0, 7]
[PID: 472][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9064.9150]
[PID: 536][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 620][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1024][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1436][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1252][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1248][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 3200][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1960][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1304][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\WINDOWS\downlo~1\CnsHook.dll] [北京三七二一科技有限公司, 1, 0, 3, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[C:\Program Files\Super Rabbit\MagicSet\xFoCtrl.dll] [, 8, 0, 22, 0]
[PID: 1044][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\downlo~1\CnsHook.dll] [北京三七二一科技有限公司, 1, 0, 3, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[PID: 1932][C:\DOCUME~1\zh\LOCALS~1\Temp\Rar$EX01.920\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\downlo~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
yan121 - 2006-10-8 0:08:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
我无邪 - 2006-10-8 23:24:00
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务telnets,选择“删除服务”点“设置”选择“否”
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“驱动程序”勾选“隐藏以认证的微软服务”选中病毒服务SVKP ,New0,选择“删除服务”点“设置”选择“否”最后重启。(每一个逗号隔开的就是一个病毒的服务,请逐一删除)
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe,分别删除
C:\WINDOWS\System32\sysldr.dll
C:\WINDOWS\System32\new.sys
C:\WINDOWS\System32\SVKP.sys
(删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“启动项目,注册表”来删除以下选项。
C:\WINDOWS\System32\sysldr.dll
完后重启,再扫个日志粘上来。
yan121 - 2006-10-13 21:42:00
按照你的方法全做了,这是新的日志!
PS.(另外有个问题就是,我在删Trojan.PSW.QQPass.pxx的过程中,看到很久以前删过的3721,无论怎么删,还是有残留。于是我用了个好狠的软件彻底删了它,不过狠到好像把一些其他有用的东西也删了,例如ACDsee的一些插件。还有不知删了什么,一开始还上不了网,现在我弄好了能上网,可是不知道还有没有丢失了其他一些有用的东西是我还没发现的!麻烦你能通过日志帮我看看吗?谢谢了!
2006-10-13,21:20:37
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KuGoo3><rem "D:\KuGoo3\KuGoo.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><rem "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<ATIPTA><rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [N/A]
<Display Settings><rem C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s> [N/A]
<SynTPLpr><rem C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [N/A]
<SynTPEnh><rem C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [N/A]
<ATIModeChange><rem Ati2mdxx.exe> [N/A]
<Cpqset><rem C:\Program Files\HPQ\Default Settings\cpqset.exe> [N/A]
<AdaptecDirectCD><rem "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [N/A]
<QT4HPOT><rem C:\Program Files\HPQ\One-Touch\OneTouch.EXE> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Easy-PrintToolBox><rem C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KuGoo3><rem D:\KuGoo3\KuGoo.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [N/A]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<DVDBurn><> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\卡通动~1.SCR> [N/A]
yan121 - 2006-10-13 21:43:00
==================================
启动文件夹
N/A
==================================
服务
[HP Configuration Interface Service / HPConfig]
<C:\WINDOWS\system32\HPConfig.exe><Hewlett-Packard>
[HPWirelessMgr / HPWirelessMgr]
<C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe><Hewlett-Packard Co.>
[Machine Debug Manager / MDM]
<"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
==================================
驱动程序
[aec6710D / aec6710D]
<\SystemRoot\System32\DRIVERS\aec6710d.sys><Microsoft Corporation>
[ALi Audio Accelerator WDM driver / aliadwdm]
<system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ALi Infrared Device Driver / ALiIRDA]
<System32\DRIVERS\aliirda.sys><Acer Laboratories Inc.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ATI Cabo AGP Filter / caboagp]
<\SystemRoot\System32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[Conexant AMC 3D ENVIRONMENTAL AUDIO / CALIAUD]
<system32\drivers\caliaud.sys><Conexant Systems Inc.>
[CALIHALA / CALIHALA]
<system32\drivers\calihal.sys><Conexant Systems Inc.>
[Cdr4_xp / Cdr4_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[Dritek HotKey Keyboard Filter Driver / DKbFltr]
<System32\Drivers\DKbFltr.SYS><Dritek System Inc.>
[National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver / DP83815]
<System32\DRIVERS\DP83815.SYS><National Semiconductor Corp.>
[dvd_2K / dvd_2K]
<C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver / FA312]
<System32\DRIVERS\FA312nd5.sys><NETGEAR Corp.>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HP Configuration Interface / HPCI]
<System32\DRIVERS\hpci.sys><Hewlett-Packard>
[jdy#hook / jdy#hook]
<\??\D:\游戏软件\wg999_down72187396\hknm.sys><N/A>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mmc_2K / mmc_2K]
<C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[MxlW2k / MxlW2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.SYS><MusicMatch, Inc.>
[Ndis259 / Ndis259]
<\SystemRoot\System32\Drivers\ms258.sys><Copyright (C) 3721 Corporation.>
[npkcrypt / npkcrypt]
<\??\D:\qq\npkcrypt.sys><N/A>
[npkcusb / npkcusb]
<\??\D:\qq\npkcusb.sys><INCA Internet Co., Ltd.>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\System32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sense3 / Sense3]
<System32\Drivers\sense3.sys><Beijing Senselock>
[Superk53 / Superk53]
<\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP]
<System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[UdfReadr_xp / UdfReadr_xp]
<C:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <, N/A>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[WebDownLoad Control]
{36CB6B28-FC08-4373-8F54-1A02E3C15B7D} <, N/A>
[WebActivater Control]
{3D8F74EE-8692-4F8F-A8D2-7522B732519E} <C:\WINDOWS\DOWNLO~1\WEBACT~1.OCX, QQ>
[WEBChatRoomOCX Control]
{448A5F6B-8C03-4B54-A338-F00237C508AD} <C:\PROGRA~1\LONGMA~1\UCWEBC~1\UCWEBC~1.OCX, >
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[RdxIE Class]
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINDOWS\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan
Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[iSee 保存所有图片]
<C:\Program Files\iSee\iSeeSavePicAll.htm, N/A>
[iSee保存Flash]
<C:\Program Files\iSee\iSeeSaveFlash.htm, N/A>
[iSee保存所有图片]
<C:\Program Files\iSee\iSeeSavePicAll.htm, N/A>
[iSee读取Exif]
<C:\Program Files\iSee\iSeeReadExif.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用网际快车下载]
<, N/A>
[使用网际快车下载全部链接]
<, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
yan121 - 2006-10-13 21:45:00
==================================
正在运行的进程
[PID: 724][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 780][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 804][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 848][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 860][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1100][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1120][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1400][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1444][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1472][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1532][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1848][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\CNMLM6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL] [CANON INC., 1.80.2.50]
[PID: 2032][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 280][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 608][C:\WINDOWS\system32\HPConfig.exe] [Hewlett-Packard, 3, 0, 1, 8]
[PID: 392][C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe] [Hewlett-Packard Co., 1, 0, 0, 7]
[PID: 668][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9064.9150]
[PID: 1040][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 952][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1780][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll] [Teleca Software Solutions AB, 1, 1, 1, 0]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\HEROSOFT\HEROVCVT\VCvtShell.dll] [N/A, N/A]
[C:\HEROSOFT\HEROVCVT\VCvtS936.dll] [N/A, N/A]
[PID: 356][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 260][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[PID: 1564][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 480][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 488][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2812][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4084][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 3676][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[PID: 3660][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\WINDOWS\System32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.0.1r4]
[PID: 2656][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[PID: 624][C:\DOCUME~1\zh\LOCALS~1\Temp\Rar$EX00.989\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
猪知山 - 2006-10-13 21:52:00
大侠就是这么累死滴
无邪大大加油~
泡面ING~~~
1
© 2000 - 2026 Rising Corp. Ltd.