中毒9505，日志附上，救我！ bbs.ikaka.com

looye2004 - 2006-10-8 20:14:00

怎么没人理我呀？自己顶一下了

秋日里的蓝天 - 2006-10-8 20:51:00

下载超级兔子最新版。
下载地址：http://free5.ys168.com/?ufwihgu168
安装好后，打开“超级兔子清理王”“专业卸载,卸载所有提示的垃圾软件，
卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。

looye2004 - 2006-10-8 22:23:00

用“超级兔子清理王”卸载了所有提示的垃圾软件n遍，又重启了n遍，还是老样子，没办法，只好用超级兔子IE修复专家生成检测报告如下：
[Main]
Program=超级兔子IE修复专家
Version=V7.78
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\user
Admin=1
Detail=1
Date=2006-10-08
Time=21:39:05
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=Microsoft Internet Explorer
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=about:blank
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=http://www.7322.com/
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=about:blank
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.microsoft.com/windows/ie_intl/cn/start/
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=about:blank
Max=12

looye2004 - 2006-10-8 22:23:00

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-9-30 2:48:08
1_FileVersion=6.0.2900.2518
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2004-8-23 16:00:00
2_FileVersion=6.0.2900.2180
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
3_Name={2318C2B1-4965-11D4-9B18-009027A5CD4F}
3_FileName=c:\program files\google\googletoolbar2.dll
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
4_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
4_FileName=%SystemRoot%\system32\browseui.dll
4_FileSize=1016832
4_FileDate=2004-9-30 2:48:08
4_FileVersion=6.0.2900.2518
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
5_Name={E0E899AB-F487-11D5-8D29-0050BA6940E3}
5_FileName=C:\PROGRA~1\FLASHGET\fgiebar.dll
5_FileSize=86016
5_FileDate=2002-5-27 3:17:56
5_FileVersion=1.2.0.0
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
6_Name={2318C2B1-4965-11d4-9B18-009027A5CD4F}
6_FileName=c:\program files\google\googletoolbar2.dll
6_FileVersion=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
7_Name={3F1ABCDB-A875-46c1-8345-B72A4567E486}
7_FileName=C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
7_FileSize=172032
7_FileDate=2006-5-9 14:28:42
7_FileVersion=0.6.5.9
Max=7

looye2004 - 2006-10-8 22:24:00

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\Google 搜索(&G)
1_FileName=res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
2_FileName=C:\Program Files\Tencent\qq\AddToNetDisk.htm
2_FileSize=534
2_FileDate=2006-3-2 8:52:20
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\使用网际快车下载
3_FileName=C:\PROGRA~1\FLASHGET\jc_link.htm
3_FileSize=1898
3_FileDate=2000-2-6 11:06:34
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\使用网际快车下载全部链接
4_FileName=C:\PROGRA~1\FLASHGET\jc_all.htm
4_FileSize=575
4_FileDate=2000-2-6 11:06:06
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
5_FileName=C:\Program Files\Tencent\qq\AddPanel.htm
5_FileSize=1815
5_FileDate=2006-3-2 8:52:20
5_FileVersion=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
6_FileName=C:\Program Files\Tencent\qq\AddEmotion.htm
6_FileSize=534
6_FileDate=2006-3-2 8:52:20
6_FileVersion=
7_HKey=HKEY_CURRENT_USER
7_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
7_FileName=C:\Program Files\Tencent\qq\SendMMS.htm
7_FileSize=519
7_FileDate=2006-3-2 8:52:48
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157b}
8_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
8_ButtonText=QQ
8_MenuText=腾讯QQ
8_FileName=
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}
9_Clsid={1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
9_ButtonText=
9_MenuText=QQ炫彩工具条设置
9_FileName=
9_FileVersion=
10_HKey=HKEY_CURRENT_USER
10_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
10_Clsid=
10_ButtonText=
10_MenuText=
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java
11_Download=file://C:\WINDOWS\Java\classes\xmldso.cab
11_FileName=
11_FileVersion=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2354A44B-3CEB-4829-9940-545B03103538}
12_Download=http://vod.wx.js.cn/plugin/PowerPlr.ocx
12_FileName=
12_FileVersion=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D8F74EE-8692-4F8F-B8D2-7522E732519E}
13_Download=http://game.qq.com/QQGame2.cab
13_FileName=C:\WINDOWS\Downloaded Program Files\WebActivater.inf
13_FileSize=654
13_FileDate=2005-2-4 18:06:24
13_FileVersion=
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{488A4255-3236-44B3-8F27-FA1AECAA8844}
14_Download=https://img.alipay.com/download/1007/aliedit.cab
14_FileName=C:\WINDOWS\Downloaded Program Files\AliEdit.inf
14_FileSize=780
14_FileDate=2006-2-17 9:43:10
14_FileVersion=
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
15_Download=http://looye2004.spaces.live.com//PhotoUpload/MsnPUpld.cab
15_FileName=C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
15_FileSize=393
15_FileDate=2006-6-19 14:40:54
15_FileVersion=
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA984A6D-508E-11D6-AA49-0050FF3C628D}
16_Download=http://download.rising.com.cn/ravkill/rsonline.cab
16_FileName=C:\WINDOWS\Downloaded Program Files\RsOnline.inf
16_FileSize=203
16_FileDate=2004-5-14 11:15:16
16_FileVersion=
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
17_Download=http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
17_FileName=C:\WINDOWS\Downloaded Program Files\OL2005.inf
17_FileSize=205
17_FileDate=2006-2-14 9:58:16
17_FileVersion=
18_HKey=HKEY_LOCAL_MACHINE
18_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2968F0B1-B090-478C-BF38-7D231846B91D}
18_NameServer=221.228.255.1
18_Clsid=
18_FileName=
18_FileVersion=
19_HKey=HKEY_LOCAL_MACHINE
19_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C5B3249-2A9F-48A2-B319-2478F020FC4C}
19_NameServer=
19_Clsid=
19_FileName=
19_FileVersion=
20_HKey=HKEY_LOCAL_MACHINE
20_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4DAFA87D-7ED3-4416-99F7-F0CA25413912}
20_NameServer=
20_Clsid=
20_FileName=
20_FileVersion=
21_HKey=HKEY_LOCAL_MACHINE
21_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F72B432-44AC-43D5-AF19-E84F608D66BD}
21_NameServer=
21_Clsid=
21_FileName=
21_FileVersion=
22_HKey=HKEY_LOCAL_MACHINE
22_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}
22_NameServer=
22_Clsid=
22_FileName=
22_FileVersion=
23_HKey=HKEY_LOCAL_MACHINE
23_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A939BF0C-E452-4981-AD92-F079E82B69D1}
23_NameServer=
23_Clsid=
23_FileName=
23_FileVersion=
24_HKey=HKEY_LOCAL_MACHINE
24_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA2F8BEE-176A-4BDE-82D6-42469B61CED4}
24_NameServer=221.228.255.1 218.2.135.1
24_Clsid=
24_FileName=
24_FileVersion=
Max=24

looye2004 - 2006-10-8 22:24:00

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2004-8-23 16:00:00
4_FileVersionLink=5.1.2600.2180
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
5_FileSizeLink=93184
5_FileDateLink=2004-8-24
5_FileVersionLink=6.0.2900.2180
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
6_FileSizeLink=93184
6_FileDateLink=2004-8-24
6_FileVersionLink=6.0.2900.2180
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink="C:\Program Files\Maxthon\maxthon.exe" "%1"
7_FileSizeLink=881664
7_FileDateLink=2006-9-28 16:44:52
7_FileVersionLink=1.5.7.82
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

looye2004 - 2006-10-8 22:25:00

[Shdoclc]
1_FileSize=498176
1_FileDate=2004-8-23 16:00:00
1_FileVersion=6.0.2900.2180
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\Userinit.exe,
2_FileSize=23552
2_FileDate=2004-8-23 16:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2004-8-23 16:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2004-8-23 16:00:00
Max=3

looye2004 - 2006-10-8 22:28:00

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll F
1_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??f ?诧?谑￡往?? MSAFD Tcpip [TCP/IP]
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll F
2_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?诧?谑￡往?? ? ?匀????吀挀瀀椀瀀?嬀唀?倀??倀崀
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll F
3_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?诧?谑￡往?? ? ? ?匀????吀挀瀀椀瀀?嬀刀?圀??倀崀
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
4_Value=? ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??☉ ?鵠????? ???蠂??嚤聵?畕聆? ? 刀匀嘀倀?唀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀 ā ?? 退? ?粒? ??粒?粒 ??鋻??????鋮硼鋻??燿鋻??具??畕? ? ??耀?@ 唿屵?攀瘀椀挀攀尀笀?????????　??????????????????????????紀 ??????????紀 ?琂????粓錿塼??? ?垊幵?? ???粓錿? 堀? ??錿?粓 ??粓錿| 堀 ?粓 ?? ? 倀??? ????? ??尀?甀爀爀攀? ? ? ā ?粓
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
5_Value=? ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?鵠????? ? ?? 谀?専錍|?? ? ? ? ā ? 刀匀嘀倀?吀?倀?匀攀爀瘀椀挀攀?倀爀漀瘀椀搀攀爀 ? ??婄u 怀?簀??? ?専錍|? 全尿錍|??粓??粓埀? ? ? 兰? ? ?????瀿???? ? 瀀?? ? ?粓? ?? ?@ 鴰?? 浏ā埜怿 ? ????錏? ????? ?専錍|??粓??粓?? ? ? 耀 ?? ? ???? @ ?栁???倂?ī嘼畕 ??? ?????粒?粒?? ??
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll F
6_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡А ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C5B3249-2A9F-48A2-B319-2478F020FC4C}] SEQPACKET 4
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll F
7_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Б ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C5B3249-2A9F-48A2-B319-2478F020FC4C}] DATAGRAM 4
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll F
8_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡В ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F72B432-44AC-43D5-AF19-E84F608D66BD}] SEQPACKET 3
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll F
9_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Г ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F72B432-44AC-43D5-AF19-E84F608D66BD}] DATAGRAM 3

looye2004 - 2006-10-8 22:29:00

10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll F
10_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡Д 耀 ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????　????　?　???????????????????????紀崀?匀?儀倀????吀?　
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll F
11_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Е 耀 ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀?????　????　?　???????????????????????紀崀???吀??刀???　
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
12_Name=PackedCatalogItem
12_FileName=%SystemRoot%\system32\mswsock.dll F
12_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡Ж ?? ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀??????　???????????????????　　????????紀崀?匀?儀倀????吀??
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
13_Name=PackedCatalogItem
13_FileName=%SystemRoot%\system32\mswsock.dll F
13_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡З ?? ?匀????一攀琀??伀匀?嬀尀?攀瘀椀挀攀尀一攀琀?吀开吀挀瀀椀瀀开笀??????　???????????????????　　????????紀崀???吀??刀????
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
14_Name=PackedCatalogItem
14_FileName=%SystemRoot%\system32\mswsock.dll F
14_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡И ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] SEQPACKET 2
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
15_Name=PackedCatalogItem
15_FileName=%SystemRoot%\system32\mswsock.dll F
15_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Й ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] DATAGRAM 2
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
16_Name=PackedCatalogItem
16_FileName=%SystemRoot%\system32\mswsock.dll F
16_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡К ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{A939BF0C-E452-4981-AD92-F079E82B69D1}] SEQPACKET 5
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
17_Name=PackedCatalogItem
17_FileName=%SystemRoot%\system32\mswsock.dll F
17_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Л ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{A939BF0C-E452-4981-AD92-F079E82B69D1}] DATAGRAM 5
18_HKey=HKEY_LOCAL_MACHINE
18_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
18_Name=PackedCatalogItem
18_FileName=%SystemRoot%\system32\mswsock.dll F
18_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ?? ?赟???耀?銡М ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA2F8BEE-176A-4BDE-82D6-42469B61CED4}] SEQPACKET 6
19_HKey=HKEY_LOCAL_MACHINE
19_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
19_Name=PackedCatalogItem
19_FileName=%SystemRoot%\system32\mswsock.dll F
19_Value= ?? ?? 最?? ? ?? ? ?? ?? ?? ?? ?? ? ?? ? ?? ?? ?? 攀? ?? ? ?? ?? ?? ?? ?? ?? ? ??? ?赟???耀?銡Н ＿? MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA2F8BEE-176A-4BDE-82D6-42469B61CED4}] DATAGRAM 6
Max=19

looye2004 - 2006-10-8 22:30:00

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-23 16:00:00
Max=2

looye2004 - 2006-10-8 22:30:00

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8241664
1_FileDate=2004-8-23 16:00:00
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8241664
1_FileDate=2004-8-23 16:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8241664
2_FileDate=2004-8-23 16:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-23 16:00:00
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-23 16:00:00
Max=4

looye2004 - 2006-10-8 22:31:00

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1016832
1_FileDate=2004-9-30 2:48:08
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1016832
2_FileDate=2004-9-30 2:48:08
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

looye2004 - 2006-10-8 22:31:00

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=RavTask
1_Value="c:\program files\rising\rav\ravtask.exe" -system
1_FileSize=114688
1_FileDate=2005-12-28 20:51:50
1_FileVersion=18.0.0.22
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=ControlCenter2.0
2_Value=; c:\program files\brother\controlcenter2\brctrcen.exe /autorun
2_FileSize=864256
2_FileDate=2005-1-7 17:30:56
2_FileVersion=2.0.15.7
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=IMJPMIG8.1
3_Value=; "c:\windows\ime\imjp8_1\imjpmig.exe" /spoil /remadvdef /migration32
3_FileSize=208952
3_FileDate=2004-8-24
3_FileVersion=8.1.4202.0
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=PHIME2002A
4_Value=; c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename
4_FileSize=455168
4_FileDate=2004-8-24
4_FileVersion=5.2.0.2801
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\Run
5_Name=PHIME2002ASync
5_Value=; c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync
5_FileSize=455168
5_FileDate=2004-8-24
5_FileVersion=5.2.0.2801
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\Run
6_Name=POPO2004
6_Value=;
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows\CurrentVersion\Run
7_Name=RfwMain
7_Value=; c:\program files\rising\rfw\rfwmain.exe
7_FileSize=163840
7_FileDate=2006-9-23 21:08:28
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Windows\CurrentVersion\Run
8_Name=SetDefPrt
8_Value=; c:\program files\brother\brmfl04g\brstdvpt.exe
8_FileSize=49152
8_FileDate=2004-11-11 17:14:38
8_FileVersion=1.0.1.1
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Windows\CurrentVersion\Run
9_Name=SysExplr
9_Value=; c:\herosoft\herov8\sysexplr.exe
9_FileSize=172032
9_FileDate=2005-3-14 10:33:24
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Windows\CurrentVersion\Run
10_Name=TkBellExe
10_Value=; "c:\program files\common files\real\update_ob\realsched.exe" -osboot
10_FileSize=180269
10_FileDate=2005-7-16 0:14:20
10_FileVersion=0.1.0.3292
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Windows\CurrentVersion\Run
11_Name=VTTimer
11_Value=; vttimer.exe
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
12_Name=RavStub
12_Value="c:\program files\rising\rav\ravstub.exe" /runonce
12_FileSize=90112
12_FileDate=2006-6-22 14:29:00
12_FileVersion=18.0.0.16
13_HKey=HKEY_LOCAL_MACHINE
13_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
13_Name=load
13_Value=
14_HKey=HKEY_CURRENT_USER
14_Key=Software\Microsoft\Windows\CurrentVersion\Run
14_Name=ctfmon.exe
14_Value=c:\windows\system32\ctfmon.exe
14_FileSize=15360
14_FileDate=2004-8-23 16:00:00
14_FileVersion=5.1.2600.2180
15_HKey=HKEY_CURRENT_USER
15_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
15_Name=load
15_Value=
16_HKey=HKEY_CURRENT_USER
16_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
16_Name=run
16_Value=
Max=16

looye2004 - 2006-10-8 22:32:00

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Tencent/qq/mfc42.dll
1_Name=.Owner
1_Value=Unknown Owner
1_Clsid=
1_FileName=C:\Program Files\Tencent\qq\mfc42.dll
1_FileSize=995383
1_FileDate=2005-6-14 10:21:40
1_FileVersion=6.0.8665.0
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll
2_Name=.Owner
2_Value={4F1E5B1A-2A80-42CA-8532-2D05CB959537}
2_Clsid=MSN Photo Upload Tool
2_FileName=C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
2_FileSize=379704
2_FileDate=2006-6-20 15:44:04
2_FileVersion=10.0.913.0
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/OL2005.dll
3_Name=.Owner
3_Value={E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}
3_Clsid=Rising Web Scan Object
3_FileName=C:\WINDOWS\Downloaded Program Files\OL2005.dll
3_FileSize=278528
3_FileDate=2006-2-13 15:57:38
3_FileVersion=18.0.0.6
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PowerPlr.ocx
4_Name=.Owner
4_Value={2354A44B-3CEB-4829-9940-545B03103538}
4_Clsid=PowerPlr Control
4_FileName=C:\WINDOWS\Downloaded Program Files\PowerPlr.ocx
4_FileSize=207080
4_FileDate=2005-6-22 21:36:34
4_FileVersion=3.2.0.0
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll
5_Name=.Owner
5_Value={4F1E5B1A-2A80-42CA-8532-2D05CB959537}
5_Clsid=MSN Photo Upload Tool
5_FileName=C:\WINDOWS\Downloaded Program Files\PURen-us.dll
5_FileSize=117560
5_FileDate=2006-6-20 15:44:02
5_FileVersion=10.0.913.0
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RsOnline.dll
6_Name=.Owner
6_Value={DA984A6D-508E-11D6-AA49-0050FF3C628D}
6_Clsid=Ravonline
6_FileName=C:\WINDOWS\Downloaded Program Files\RsOnline.dll
6_FileSize=389120
6_FileDate=2004-5-12 16:53:20
6_FileVersion=2.0.3.56
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll
7_Name=.Owner
7_Value=Unknown Owner
7_Clsid=
7_FileName=C:\WINDOWS\system32\msvcrt.dll
7_FileSize=343040
7_FileDate=2004-8-23 16:00:00
7_FileVersion=7.0.2600.2180
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll
8_Name=.Owner
8_Value=Unknown Owner
8_Clsid=
8_FileName=C:\WINDOWS\system32\olepro32.dll
8_FileSize=83456
8_FileDate=2004-8-23 16:00:00
8_FileVersion=5.1.2600.2180
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/WebActivater.ocx
9_Name=.Owner
9_Value={3D8F74EE-8692-4F8F-B8D2-7522E732519E}
9_Clsid=WebActivater Control
9_FileName=C:\WINDOWS\system32\WebActivater.ocx
9_FileSize=266240
9_FileDate=2004-7-23 17:00:20
9_FileVersion=1.0.0.1
Max=9

looye2004 - 2006-10-8 22:32:00

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-23 16:00:00
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2004-8-23 16:00:00
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2004-8-23 16:00:00
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2004-8-23 16:00:00
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2004-8-23 16:00:00
5_FileVersion=5.1.2600.2180
6_FileName=C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
6_FileSize=110592
6_FileDate=2005-12-28 20:51:48
6_FileVersion=18.0.0.3
7_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
7_FileSize=14336
7_FileDate=2004-8-23 16:00:00
7_FileVersion=5.1.2600.2180
8_FileName=C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
8_FileSize=233472
8_FileDate=2006-8-28 14:29:42
8_FileVersion=18.0.1.35
9_FileName=C:\WINDOWS\EXPLORER.EXE
9_FileSize=976896
9_FileDate=2004-8-23 16:00:00
9_FileVersion=6.0.2900.2180
10_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
10_FileSize=57856
10_FileDate=2004-8-23 16:00:00
10_FileVersion=5.1.2600.2180
11_FileName=C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
11_FileSize=90112
11_FileDate=2006-6-22 14:29:00
11_FileVersion=18.0.0.16
12_FileName=C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
12_FileSize=114688
12_FileDate=2005-12-28 20:51:50
12_FileVersion=18.0.0.22
13_FileName=C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
13_FileSize=610304
13_FileDate=2006-8-28 14:29:42
13_FileVersion=18.0.1.33
14_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
14_FileSize=15360
14_FileDate=2004-8-23 16:00:00
14_FileVersion=5.1.2600.2180
15_FileName=C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
15_FileSize=54784
15_FileDate=2006-9-3 20:27:16
15_FileVersion=4.20.20.0
16_FileName=C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
16_FileSize=49152
16_FileDate=2006-9-25 9:25:00
16_FileVersion=3.0.0.85
17_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
17_FileSize=14336
17_FileDate=2004-8-23 16:00:00
17_FileVersion=5.1.2600.2180
18_FileName=C:\WINDOWS\SYSTEM32\CONIME.EXE
18_FileSize=27648
18_FileDate=2004-8-23 16:00:00
18_FileVersion=5.1.2600.2180
19_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
19_FileSize=14336
19_FileDate=2004-8-23 16:00:00
19_FileVersion=5.1.2600.2180
20_FileName=C:\DOCUMENTS AND SETTINGS\USER\桌面\WINSPEED778BETA\IEHELP.EXE
20_FileSize=737792
20_FileDate=2006-8-31 12:39:22
20_FileVersion=7.78.0.0
21_FileName=C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
21_FileSize=66560
21_FileDate=2004-8-23 16:00:00
21_FileVersion=5.1.2600.2180
22_FileName=C:\WINDOWS\REGEDIT.EXE
22_FileSize=132608
22_FileDate=2004-8-23 16:00:00
22_FileVersion=5.1.2600.2180
23_FileName=[SYSTEM PROCESS]
24_FileName=C:\WINDOWS\system32\CSRSS.EXE
24_FileSize=6144
24_FileDate=2004-8-23 16:00:00
24_FileVersion=5.1.2600.2180
25_FileName=C:\WINDOWS\system32\WDFMGR.EXE
25_FileSize=38912
25_FileDate=2004-8-10 22:05:14
25_FileVersion=5.2.3790.1230
26_FileName=C:\WINDOWS\system32\ALG.EXE
26_FileSize=44544
26_FileDate=2004-8-23 16:00:00
26_FileVersion=5.1.2600.2180
Max=26

looye2004 - 2006-10-8 22:33:00

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1 localhost
Max=1

[Service]
1_ServiceName=C-DillaCdaC11BA
1_DisplayName=C-DillaCdaC11BA
1_Description=
1_Status=已启动
1_StartType=自动
1_ServiceDll=
1_ImagePath=C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE

2_ServiceName=DcomLaunch
2_DisplayName=DCOM Server Process Launcher
2_Description=为 DCOM 服务提供加载功能。
2_Status=已启动
2_StartType=自动
2_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

3_ServiceName=HTTPFilter
3_DisplayName=HTTP SSL
3_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用，任何依赖它的服务将无法启动。
3_Status=已启动
3_StartType=手动
3_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
3_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

4_ServiceName=NetDDEdsdm
4_DisplayName=Network DDE DSDM
4_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止，DDE 网络共享将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。
4_Status=停止
4_StartType=已禁用
4_ServiceDll=
4_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

5_ServiceName=RfwService
5_DisplayName=Rising Personal Firewall Service
5_Description=Rising Personal Firewall Service
5_Status=已启动
5_StartType=自动
5_ServiceDll=
5_ImagePath=C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE

6_ServiceName=RsCCenter
6_DisplayName=Rising Process Communication Center
6_Description=
6_Status=已启动
6_StartType=自动
6_ServiceDll=
6_ImagePath="C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

7_ServiceName=RsRavMon
7_DisplayName=RsRavMon Service
7_Description=
7_Status=已启动
7_StartType=自动
7_ServiceDll=
7_ImagePath="C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"

8_ServiceName=UMWdf
8_DisplayName=Windows User Mode Driver Framework
8_Description=启用 Windows 用户模式驱动程序。
8_Status=已启动
8_StartType=自动
8_ServiceDll=
8_ImagePath=C:\WINDOWS\SYSTEM32\WDFMGR.EXE

9_ServiceName=usnsvc
9_DisplayName=共享 USN 杂志阅读器服务
9_Description=Messenger 上安装的启用共享情况的服务
9_Status=停止
9_StartType=手动
9_ServiceDll=C:\PROGRAM FILES\MSN MESSENGER\USNSVC.DLL
9_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K USNSVC

10_ServiceName=WmdmPmSN
10_DisplayName=Portable Media Serial Number Service
10_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
10_Status=停止
10_StartType=手动
10_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

11_ServiceName=wscsvc
11_DisplayName=Security Center
11_Description=监视系统安全设置和配置。
11_Status=已启动
11_StartType=自动
11_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
11_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

12_ServiceName=xmlprov
12_DisplayName=Network Provisioning Service
12_Description=为自动网络提供管理基于域的 XML 配置文件。
12_Status=停止
12_StartType=手动
12_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
12_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=12

[END]
Max=1

looye2004 - 2006-10-8 22:36:00

发完了，好长呀！
是不是只能重装IE了？
为什么IE主页总是会被绑定呢？有没有什么办法阻止主页被绑定？

looye2004 - 2006-10-8 23:44:00

再用SRENG扫了日志贴上：
2006-10-08,23:31:58

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<ControlCenter2.0><; C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun> [Brother Industries, Ltd.]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<POPO2004><; > [N/A]
<RfwMain><; C:\Program Files\Rising\Rfw\rfwmain.exe> [N/A]
<SetDefPrt><; C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe> [Brother Industories, Ltd.]
<SysExplr><; C:\Herosoft\HeroV8\SysExplr.EXE> [N/A]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<VTTimer><; VTTimer.exe> [(Verified)S3 Graphics, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><Logonui.exe> [(Verified)Microsoft Corporation]

==================================

looye2004 - 2006-10-8 23:45:00

启动文件夹
N/A

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Brother USB Still Image driver / BrScnUsb]
<System32\Drivers\BrScnUsb.sys><Brother Industries Ltd.>
[Brother MFC Serial Port Interface WDM Driver / BrSerIf]
<System32\Drivers\BrSerIf.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer]
<System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[CdaC15BA / CdaC15BA]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[CmdIde / CmdIde]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[fsprot / fsprot]
<system32\drivers\fsprot.sys><Microsoft Corporation>
[FwDrv / FwDrv]
<\??\c:\program files\rising\rfw\FwDrv.sys><Rising>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MegaIDE / MegaIDE]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[moprot / moprot]
<system32\drivers\moprot.sys><Windows System Internal>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
<\??\C:\Program Files\Tencent\qq\npkycryp.sys><N/A>
[NTSIM / NTSIM]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029]
<system32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Prolific2 Serial port driver / Ser2pl]
<system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================

looye2004 - 2006-10-8 23:45:00

浏览器加载项
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, N/A>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================

looye2004 - 2006-10-8 23:45:00

正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 944][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1380][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[PID: 1476][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1600][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1752][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1772][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1812][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1912][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1980][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Corporation Limited, 3, 0, 0, 85]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Corporation Limited, 3, 0, 1, 0]
[c:\program files\rising\rfw\rfwrule.dll] [Beijing Rising Technology Corporation Limited, 3, 0, 0, 80]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Corporation Limited, 3, 0, 0, 81]
[PID: 360][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 388][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 812][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2028][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2216][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\Program Files\Maxthon\maxthon.exe] [Maxthon International Ltd., 1, 5, 7, 82]
[C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] [Macromedia, Inc., 7,0,19,0]
[PID: 3212][C:\Documents and Settings\user\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================

looye2004 - 2006-10-8 23:46:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

looye2004 - 2006-10-8 23:47:00

等待解决办法！

我无邪 - 2006-10-9 0:26:00

日志看不出问题
如果还有异常，你再立个帖子，再扫个日志粘上来。

瑞星卡卡安全论坛