瑞星卡卡安全论坛
长风飘飘 - 2006-10-11 12:03:00
桌面自己创建东西了,是一个叫音乐在线的网,下面是日志,帮我看看,我今天用瑞星刚杀出了16个毒
coffeecoffee - 2006-10-11 14:30:00
郁闷啊~~~~~
跟楼主一样的状况......而且上网超慢,用大一点的应用程序也很慢.
求助啊..........
长风飘飘 - 2006-10-11 20:20:00
2006-10-11,20:07:18
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Avance Logic, Inc.]
<IgfxTray><C:\WINDOWS\System32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Intel Corporation]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<RavTask><"D:\瑞星2006\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<R><C:\WINDOWS\System32\rundll32.exe ctfmon.dll s> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"D:\瑞星2006\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> [北京三七二一科技有限公司]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [Yahoo! China]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]
长风飘飘 - 2006-10-11 20:20:00
==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Program Files\QQ\QQ.exe [N/A]><N>
==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\shadu\KPfwSvc.EXE"><N/A>
[VeriSign Updater / navi]
<C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate><VeriSign, Inc.>
[Rising Proxy Service / RfwProxySrv]
<d:\瑞星2006\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\瑞星2006\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\瑞星2006\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\瑞星2006\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoftEther Virtual LAN Card / SoftEther]
<"D:\游戏王-城之内\SoftEther\SoftEther.exe" service><N/A>
[SoftEther Virtual HUB / SoftHUB]
<"D:\游戏王-城之内\SoftEther\SoftHUB.exe" service><N/A>
长风飘飘 - 2006-10-11 20:21:00
==================================
驱动程序
[ajurpg0 / ajurpg05]
<\SystemRoot\System32\DRIVERS\ajurpg05.sys><Microsoft Corporation>
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
<\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[EagleNT / EagleNT]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner]
<\??\D:\瑞星2006\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\D:\瑞星2006\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\瑞星2006\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\瑞星2006\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\D:\瑞星2006\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\瑞星2006\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\d:\瑞星2006\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfsafe / rfsafe]
<\SystemRoot\system32\drivers\rfsafe.sys><N/A>
[RGWatch / RGWatch]
<\SystemRoot\system32\DRIVERS\RGWatch.sys><Windows (R) Server 2003 DDK provider>
[RsFwDrv / RsFwDrv]
<\??\D:\瑞星2006\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[rzkylj5 / rzkylj59]
<\SystemRoot\System32\DRIVERS\rzkylj59.sys><Microsoft Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[SoftEther Device Driver / SoftLAN]
<System32\DRIVERS\SoftLAN.sys><SoftEther.com>
[vrvfilemon / VRVSYS]
<\??\c:\bxy_vrv\filemon.sys><BXY>
[World Standard Teletext Codec / WSTCODEC]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b]
<System32\Drivers\usbVM31b.sys><VM>
长风飘飘 - 2006-10-11 20:21:00
==================================
浏览器加载项
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
{974AD624-EA50-4831-A6C0-3040F6665396} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
{F0646DC8-58CD-4C64-8F6B-525043914685} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\WINDOWS\DOWNLO~1\imcv1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.lotuspond.com.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[!搜一搜]
<res://C:\Program Files\yisou\yisou.dll/232, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>
长风飘飘 - 2006-10-11 20:21:00
==================================
正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 580][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 748][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 824][D:\瑞星2006\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1056][D:\瑞星2006\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[D:\瑞星2006\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\瑞星2006\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[D:\瑞星2006\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[D:\瑞星2006\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\瑞星2006\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\瑞星2006\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\瑞星2006\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\瑞星2006\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\瑞星2006\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[D:\瑞星2006\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[D:\瑞星2006\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
[D:\瑞星2006\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[D:\瑞星2006\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[D:\瑞星2006\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\瑞星2006\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1196][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 1, 0, 3, 7]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 2, 0, 0, 1001]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [, 2, 0, 4, 1030]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [ , 2, 0, 1, 1007]
[C:\PROGRA~1\baidu\bar\BaiduBar.dll] [Baidu.com, Inc., 2, 0, 2, 49]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 1, 1, 3, 1035]
[D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] [N/A, N/A]
[D:\Program Files\QQ\qdshm.dll] [, 1, 0, 1, 2]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] [N/A, 1, 0, 1, 1014]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
长风飘飘 - 2006-10-11 20:22:00
[PID: 1240][d:\瑞星2006\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[d:\瑞星2006\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\瑞星2006\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\瑞星2006\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\瑞星2006\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\瑞星2006\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1408][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[C:\WINDOWS\system32\OLFMNT40.DLL] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll] [Microsoft Corporation, 9.0.98.0105]
[PID: 1412][C:\WINDOWS\System32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 1, 0, 3, 6]
[C:\WINDOWS\DOWNLO~1\cnsio.dll] [北京三七二一科技有限公司, 1, 0, 2, 7]
[PID: 1488][D:\瑞星2006\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1648][d:\瑞星2006\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[d:\瑞星2006\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[d:\瑞星2006\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\瑞星2006\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1744][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1804][C:\Program Files\VeriSign\NAVI\naviagent.exe] [VeriSign, Inc., 2.0.0.14]
[PID: 1872][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1600][C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE] [VeriSign, Inc., 2.0.1.0]
[C:\Program Files\VeriSign\NAVI\naviservice.dll] [VeriSign, Inc., 2.0.2.0]
[PID: 1784][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5, 0, 0, 0]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1768][C:\WINDOWS\System32\igfxtray.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxress.dll] [Intel Corporation, 3,0,0,2082]
[PID: 1720][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[PID: 1896][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [, 2, 0, 4, 1030]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [ , 2, 0, 1, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll] [, 1, 0, 0, 5]
[PID: 1840][D:\瑞星2006\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2040][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 172][D:\瑞星2006\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[D:\瑞星2006\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\瑞星2006\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2968][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\103826.exe] [N/A, N/A]
[PID: 3256][D:\新建文件夹\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
长风飘飘 - 2006-10-11 20:22:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSTCPChain Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
MSTCP Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
219.139.58.97 www.hao123.com
219.139.58.97 hao123.com
219.139.58.97 www.7b.com.cn
219.139.58.97 7b.com.cn
219.139.58.97 www.7939.com
219.139.58.97 www.maohehe.com
219.139.58.97 www.sina-baidu.com
219.139.58.97 sina-baidu.com
219.139.58.97 www.maipao.com
219.139.58.97 update.virussky.com
219.139.58.97 down.virussky.com
219.139.58.97 www.ycdy.com
219.139.58.97 ycdy.com
219.139.58.97 www.2tu.cn
219.139.58.97 2tu.cn
219.139.58.97 www.91tu.cn
219.139.58.97 91tu.cn
219.139.58.97 www.haotop.com
219.139.58.97 news01.virussky.com
219.139.58.97 news02.virussky.com
219.139.58.97 news03.virussky.com
219.139.58.97 news04.virussky.com
219.139.58.97 news40.virussky.com
219.139.58.97 news41.virussky.com
219.139.58.97 news42.virussky.com
219.139.58.97 www.an85.com
219.139.58.97 an85.com
219.139.58.97 www.360safe.com
219.139.58.97 360safe.com
219.139.58.97 dl.360safe.com
219.139.58.97 bbs.360safe.com
219.139.58.97 www.gao58.com
219.139.58.97 count18.51yes.com
219.139.58.97 www.ok538.com
219.139.58.97 www.3000sss.com
219.139.58.97 3000sss.com
219.139.58.97 www.qq658.com
219.139.58.97 www.53679.com
219.139.58.97 www.17587.net
219.139.58.97 www.17587.com
219.139.58.97 www.an188.com
219.139.58.97 cwzwxm.3322.org
219.139.58.97 www.onediy.net
219.139.58.97 sohu.fswan.com
219.139.58.97 www.hewdq.com
219.139.58.97 go.ipcenter.cn
219.139.58.97 www.32666.com
219.139.58.97 show.googleadsenseagent.com
219.139.58.97 www.2yin.cn
219.139.58.97 2yin.cn
219.139.58.97 www.84442.com
219.139.58.97 www.898333.com
219.139.58.97 hewdq.com
219.139.58.97 84442.com
219.139.58.97 wwww.systeel.com.cn
219.139.58.97 go.baibaoxiang.cn
219.139.58.97 www.btbaicai.com
219.139.58.97 btbaicai.com
219.139.58.97 www.2t2t.cn
219.139.58.97 2t2t.cn
219.139.58.97 3.a.kal.cn
219.139.58.97 www.222978.com
219.139.58.97 www.5yaowan.com
219.139.58.97 show.roogoo.com
219.139.58.97 ip.alexaanywhere.com
219.139.58.97 www.znmq.com
219.139.58.97 www.pctutu.com
==================================
snliuxun - 2006-10-11 20:31:00
用sreng2修复以下项
打开sereng2点 启动项目 注册表
删除以下项
C:\WINDOWS\System32\rundll32.exe ctfmon.dll
重启安全模式
搜索ctfmon.dll 删除
删除以下文件,如不能删除.你用killbox删除.
C:\WINDOWS\System32\quartz32.dll
用超级兔子.清理所有提示垃圾软件
修复后如有问题.描述一下,扫最新日志贴上.谢谢
我无邪 - 2006-10-11 21:30:00
不明朗,你这样试试。
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“系统修复,HOSTS 文件
219.139.58.97 www.hao123.com
219.139.58.97 hao123.com
219.139.58.97 www.7b.com.cn
219.139.58.97 7b.com.cn
219.139.58.97 www.7939.com
219.139.58.97 www.maohehe.com
219.139.58.97 www.sina-baidu.com
219.139.58.97 sina-baidu.com
219.139.58.97 www.maipao.com
219.139.58.97 update.virussky.com
219.139.58.97 down.virussky.com
219.139.58.97 www.ycdy.com
219.139.58.97 ycdy.com
219.139.58.97 www.2tu.cn
219.139.58.97 2tu.cn
219.139.58.97 www.91tu.cn
219.139.58.97 91tu.cn
219.139.58.97 www.haotop.com
219.139.58.97 news01.virussky.com
219.139.58.97 news02.virussky.com
219.139.58.97 news03.virussky.com
219.139.58.97 news04.virussky.com
219.139.58.97 news40.virussky.com
219.139.58.97 news41.virussky.com
219.139.58.97 news42.virussky.com
219.139.58.97 www.an85.com
219.139.58.97 an85.com
219.139.58.97 www.360safe.com
219.139.58.97 360safe.com
219.139.58.97 dl.360safe.com
219.139.58.97 bbs.360safe.com
219.139.58.97 www.gao58.com
219.139.58.97 count18.51yes.com
219.139.58.97 www.ok538.com
219.139.58.97 www.3000sss.com
219.139.58.97 3000sss.com
219.139.58.97 www.qq658.com
219.139.58.97 www.53679.com
219.139.58.97 www.17587.net
219.139.58.97 www.17587.com
219.139.58.97 www.an188.com
219.139.58.97 cwzwxm.3322.org
219.139.58.97 www.onediy.net
219.139.58.97 sohu.fswan.com
219.139.58.97 www.hewdq.com
219.139.58.97 go.ipcenter.cn
219.139.58.97 www.32666.com
219.139.58.97 show.googleadsenseagent.com
219.139.58.97 www.2yin.cn
219.139.58.97 2yin.cn
219.139.58.97 www.84442.com
219.139.58.97 www.898333.com
219.139.58.97 hewdq.com
219.139.58.97 84442.com
219.139.58.97 wwww.systeel.com.cn
219.139.58.97 go.baibaoxiang.cn
219.139.58.97 www.btbaicai.com
219.139.58.97 btbaicai.com
219.139.58.97 www.2t2t.cn
219.139.58.97 2t2t.cn
219.139.58.97 3.a.kal.cn
219.139.58.97 www.222978.com
219.139.58.97 www.5yaowan.com
219.139.58.97 show.roogoo.com
219.139.58.97 ip.alexaanywhere.com
219.139.58.97 www.znmq.com
219.139.58.97 www.pctutu.com
请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931,下载,LSPFix.exe,WinsockXPFix这两个软件
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),使用“启动项目,注册表”来删除以下选项。
C:\WINDOWS\System32\rundll32.exe ctfmon.dll
运行LSPFix.exe
删除
quartz32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时,请关闭所有IE界面和文件夹界面后运行LSPFix,运行后,把要修复的那一个O10项从左边转到右边,点“Finish”即可。(不过这之前,需要在“I know what I`m doing”前面打勾。)
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件(推荐)"复选框。在提示确定更改时,单击“是”,清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\System32\quartz32.dll
修复后重启,如果无法上网,请运行WinsockXPFix,让它修复一下。
回到正常模式,请再扫日志粘上来。
长风飘飘 - 2006-10-12 12:33:00
【回复“我无邪”的帖子】219.139.58.97 www.hao123.com
219.139.58.97 hao123.com
219.139.58.97 www.7b.com.cn
219.139.58.97 7b.com.cn
219.139.58.97 www.7939.com
219.139.58.97 www.maohehe.com
219.139.58.97 www.sina-baidu.com
219.139.58.97 sina-baidu.com
219.139.58.97 www.maipao.com
219.139.58.97 update.virussky.com
219.139.58.97 down.virussky.com
219.139.58.97 www.ycdy.com
219.139.58.97 ycdy.com
219.139.58.97 www.2tu.cn
219.139.58.97 2tu.cn
219.139.58.97 www.91tu.cn
219.139.58.97 91tu.cn
219.139.58.97 www.haotop.com
219.139.58.97 news01.virussky.com
219.139.58.97 news02.virussky.com
219.139.58.97 news03.virussky.com
219.139.58.97 news04.virussky.com
219.139.58.97 news40.virussky.com
219.139.58.97 news41.virussky.com
219.139.58.97 news42.virussky.com
219.139.58.97 www.an85.com
219.139.58.97 an85.com
219.139.58.97 www.360safe.com
219.139.58.97 360safe.com
219.139.58.97 dl.360safe.com
219.139.58.97 bbs.360safe.com
219.139.58.97 www.gao58.com
219.139.58.97 count18.51yes.com
219.139.58.97 www.ok538.com
219.139.58.97 www.3000sss.com
219.139.58.97 3000sss.com
219.139.58.97 www.qq658.com
219.139.58.97 www.53679.com
219.139.58.97 www.17587.net
219.139.58.97 www.17587.com
219.139.58.97 www.an188.com
219.139.58.97 cwzwxm.3322.org
219.139.58.97 www.onediy.net
219.139.58.97 sohu.fswan.com
219.139.58.97 www.hewdq.com
219.139.58.97 go.ipcenter.cn
219.139.58.97 www.32666.com
219.139.58.97 show.googleadsenseagent.com
219.139.58.97 www.2yin.cn
219.139.58.97 2yin.cn
219.139.58.97 www.84442.com
219.139.58.97 www.898333.com
219.139.58.97 hewdq.com
219.139.58.97 84442.com
219.139.58.97 wwww.systeel.com.cn
219.139.58.97 go.baibaoxiang.cn
219.139.58.97 www.btbaicai.com
219.139.58.97 btbaicai.com
219.139.58.97 www.2t2t.cn
219.139.58.97 2t2t.cn
219.139.58.97 3.a.kal.cn
219.139.58.97 www.222978.com
219.139.58.97 www.5yaowan.com
219.139.58.97 show.roogoo.com
219.139.58.97 ip.alexaanywhere.com
219.139.58.97 www.znmq.com
219.139.58.97 www.pctutu.com
这些都要删除吗
长风飘飘 - 2006-10-12 13:02:00
【回复“我无邪”的帖子】C:\WINDOWS\System32\quartz32.dll这个删除不了
长风飘飘 - 2006-10-12 13:46:00
这是新的日志,帮我看看
长风飘飘 - 2006-10-12 13:46:00
2006-10-12,13:35:00
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Avance Logic, Inc.]
<IgfxTray><C:\WINDOWS\System32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Intel Corporation]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<RavTask><"D:\瑞星2006\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"D:\瑞星2006\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> [北京三七二一科技有限公司]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [Yahoo! China]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]
长风飘飘 - 2006-10-12 13:47:00
==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Program Files\QQ\QQ.exe [N/A]><N>
==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\shadu\KPfwSvc.EXE"><N/A>
[VeriSign Updater / navi]
<C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate><VeriSign, Inc.>
[Rising Proxy Service / RfwProxySrv]
<d:\瑞星2006\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\瑞星2006\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\瑞星2006\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\瑞星2006\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoftEther Virtual LAN Card / SoftEther]
<"D:\游戏王-城之内\SoftEther\SoftEther.exe" service><N/A>
[SoftEther Virtual HUB / SoftHUB]
<"D:\游戏王-城之内\SoftEther\SoftHUB.exe" service><N/A>
长风飘飘 - 2006-10-12 13:47:00
==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Program Files\QQ\QQ.exe [N/A]><N>
==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
<"D:\shadu\KPfwSvc.EXE"><N/A>
[VeriSign Updater / navi]
<C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate><VeriSign, Inc.>
[Rising Proxy Service / RfwProxySrv]
<d:\瑞星2006\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\瑞星2006\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\瑞星2006\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\瑞星2006\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoftEther Virtual LAN Card / SoftEther]
<"D:\游戏王-城之内\SoftEther\SoftEther.exe" service><N/A>
[SoftEther Virtual HUB / SoftHUB]
<"D:\游戏王-城之内\SoftEther\SoftHUB.exe" service><N/A>
长风飘飘 - 2006-10-12 13:47:00
==================================
驱动程序
[ajurpg0 / ajurpg05]
<\SystemRoot\System32\DRIVERS\ajurpg05.sys><Microsoft Corporation>
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
<\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[dump_wmimmc / dump_wmimmc]
<\??\C:\WINDOWS\System32\drivers\dump_wmimmc.sys><N/A>
[EagleNT / EagleNT]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner]
<\??\D:\瑞星2006\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\D:\瑞星2006\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\瑞星2006\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\瑞星2006\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\D:\瑞星2006\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\瑞星2006\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\d:\瑞星2006\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2]
<\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfsafe / rfsafe]
<\SystemRoot\system32\drivers\rfsafe.sys><N/A>
[RGWatch / RGWatch]
<\SystemRoot\system32\DRIVERS\RGWatch.sys><Windows (R) Server 2003 DDK provider>
[RsFwDrv / RsFwDrv]
<\??\D:\瑞星2006\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[rzkylj5 / rzkylj59]
<\SystemRoot\System32\DRIVERS\rzkylj59.sys><Microsoft Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[SoftEther Device Driver / SoftLAN]
<System32\DRIVERS\SoftLAN.sys><SoftEther.com>
[vrvfilemon / VRVSYS]
<\??\c:\bxy_vrv\filemon.sys><BXY>
[World Standard Teletext Codec / WSTCODEC]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b]
<System32\Drivers\usbVM31b.sys><VM>
长风飘飘 - 2006-10-12 13:48:00
==================================
浏览器加载项
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
{974AD624-EA50-4831-A6C0-3040F6665396} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
{F0646DC8-58CD-4C64-8F6B-525043914685} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\WINDOWS\DOWNLO~1\imcv1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.lotuspond.com.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[!搜一搜]
<res://C:\Program Files\yisou\yisou.dll/232, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
<res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>
长风飘飘 - 2006-10-12 13:48:00
==================================
正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 580][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 848][D:\瑞星2006\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 864][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1000][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1048][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1068][D:\瑞星2006\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[D:\瑞星2006\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\瑞星2006\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[D:\瑞星2006\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[D:\瑞星2006\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\瑞星2006\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\瑞星2006\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\瑞星2006\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\瑞星2006\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\瑞星2006\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[D:\瑞星2006\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[D:\瑞星2006\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
[D:\瑞星2006\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[D:\瑞星2006\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[D:\瑞星2006\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\瑞星2006\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\瑞星2006\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 1, 0, 3, 7]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 2, 0, 0, 1001]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [, 2, 0, 4, 1030]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [ , 2, 0, 1, 1007]
[C:\PROGRA~1\baidu\bar\BaiduBar.dll] [Baidu.com, Inc., 2, 0, 2, 49]
[C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1244][d:\瑞星2006\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[d:\瑞星2006\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\瑞星2006\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\瑞星2006\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\瑞星2006\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\瑞星2006\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[d:\瑞星2006\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
长风飘飘 - 2006-10-12 13:49:00
[PID: 1412][D:\瑞星2006\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1500][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[C:\WINDOWS\system32\OLFMNT40.DLL] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll] [Microsoft Corporation, 9.0.98.0105]
[PID: 1552][C:\WINDOWS\System32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 1, 0, 3, 6]
[C:\WINDOWS\DOWNLO~1\cnsio.dll] [北京三七二一科技有限公司, 1, 0, 2, 7]
[PID: 1572][d:\瑞星2006\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[d:\瑞星2006\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[d:\瑞星2006\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\瑞星2006\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[PID: 1800][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1912][C:\Program Files\VeriSign\NAVI\naviagent.exe] [VeriSign, Inc., 2.0.0.14]
[PID: 1988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1604][C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE] [VeriSign, Inc., 2.0.1.0]
[C:\Program Files\VeriSign\NAVI\naviservice.dll] [VeriSign, Inc., 2.0.2.0]
[PID: 1532][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5, 0, 0, 0]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1740][C:\WINDOWS\System32\igfxtray.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxress.dll] [Intel Corporation, 3,0,0,2082]
[PID: 1640][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2082]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,2082]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2082]
[PID: 1772][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [, 2, 0, 4, 1030]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [ , 2, 0, 1, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll] [, 1, 0, 0, 5]
[PID: 1832][D:\瑞星2006\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1944][D:\瑞星2006\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[D:\瑞星2006\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\瑞星2006\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\瑞星2006\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\瑞星2006\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\瑞星2006\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\瑞星2006\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2064][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2292][D:\新建文件夹\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [, 2, 0, 9, 1027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 2, 0, 4, 1007]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 8]
长风飘飘 - 2006-10-12 13:49:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSTCPChain Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
MSTCP Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
不言放弃 - 2006-10-12 14:01:00
【回复“长风飘飘”的帖子】
http://cexx.org/lspfix.htm
下载LSPFix.exe
修复C:\WINDOWS\System32\quartz32.dll
修复方法参考图片
注意这次应该选中quartz32.dll
若用LSPFix.exe修复后还是不能上网
建议用WinsockFix修复注册表
WinsockFix下载:
http://www.winsockfix.nl/
注意:此次操作应该在断网或安全模式下操作
附件:
36405220061012135342.jpg
长风飘飘 - 2006-10-12 20:36:00
【回复“不言放弃”的帖子】我的是汉化版的,大概也是一样吧,我先在那删了,之后就去C盘里找,找到却删不了
1
© 2000 - 2026 Rising Corp. Ltd.