请高手帮助看看中的是什么病毒（第三次求助，有日志） bbs.ikaka.com

乐天2005 - 2006-11-14 9:47:00

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<SetDefaultMIDI><MIDIDef.exe> [Creative Technology Ltd]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<SigmatelSysTrayApp><stsystra.exe> [SigmaTel, Inc.]
<IAAnotif><C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe> [Intel Corporation]
<DMXLauncher><C:\Program Files\Dell\Media Experience\DMXLauncher.exe> [N/A]
<CTSysVol><C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r> [Creative Technology Ltd]
<MBMon><Rundll32 CTMBHA.DLL,MBMon> [N/A]
<VoiceCenter><"C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray> [Andrea Electronics Corporation]
<DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<RemoteControl><e:\tools\CyberLink\PowerDVD\PDVDServ.exe> [Cyberlink Corp.]
<LanguageShortcut><e:\tools\CyberLink\PowerDVD\Language\Language.exe> [N/A]
<StormCodec_Helper><"E:\Tools\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<RavTask><"e:\tools\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"e:\tools\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<cFosSpeed><E:\Tools\cFosSpeed\cFosSpeed.exe> [cFos Software GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<360Safe><Rundll32.exe E:\Tools\360safe\AntiAdwa.dll,KillAdware> [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

6981313 - 2006-11-14 9:52:00

请贴全日志!

乐天2005 - 2006-11-14 9:52:00

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> E:\Tools\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Digital Line Detect]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Digital Line Detect.lnk --> C:\PROGRA~1\DIGITA~1\DLG.exe [BVRP Software]><N>
[KODAK Software Updater]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\KODAK Software Updater.lnk --> C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [N/A]><N>

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[cFosSpeed System Service / cFosSpeedS]
<"E:\Tools\cFosSpeed\spd.exe" -service><cFos Software GmbH>
[Creative Labs Licensing Service / Creative Labs Licensing Service]
<"C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe"><Creative Labs>
[Creative Service for CDROM Access / Creative Service for CDROM Access]
<C:\WINDOWS\system32\CTsvcCDA.exe><Creative Technology Ltd>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel(R) Matrix Storage Event Monitor / IAANTMON]
<C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe><Intel Corporation>
[Kodak Camera Connection Software / KodakCCS]
<C:\WINDOWS\system32\drivers\KodakCCS.exe><Eastman Kodak Company>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<e:\tools\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<e:\tools\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Cyberlink RichVideo Service(CRVS) / RichVideo]
<"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>
[Rising Process Communication Center / RsCCenter]
<"e:\tools\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"e:\tools\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService]
<e:\tools\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[WinFax PRO / wfxsvc]
<C:\WINDOWS\system32\WFXSVC.EXE><Symantec Corporation>

乐天2005 - 2006-11-14 9:53:00

驱动程序
[abp480n5 / abp480n5]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cd20xrnt / cd20xrnt]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[cFosSpeed Miniport / cFosSpeed]
<system32\DRIVERS\cfosspeed.sys><cFos Software GmbH>
[CmdIde / CmdIde]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Creative SoundFont Management Device Driver / ctsfm2k]
<system32\DRIVERS\ctsfm2k.sys><Creative Technology Ltd>
[Creative SoundFont Synthesizer / CTUSFSYN]
<system32\drivers\ctusfsyn.sys><Creative Technology Ltd.>
[dac2w2k / dac2w2k]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Kodak Camera Proxy / DcCam]
<system32\DRIVERS\DcCam.sys><Eastman Kodak Company>
[DcFpoint / DcFpoint]
<system32\DRIVERS\DcFpoint.sys><Eastman Kodak Company>
[Kodak DCFS2K Driver / DCFS2K]
<system32\drivers\dcfs2k.sys><Eastman Kodak Company>
[Legacy Polling Service / DcLps]
<system32\DRIVERS\DcLps.sys><Eastman Kodak Company>
[DcPTP / DcPTP]
<system32\DRIVERS\DcPTP.sys><Eastman Kodak Company>
[DLABOIOM / DLABOIOM]
<System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM]
<System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN]
<System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M]
<System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM]
<System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM]
<System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N]
<System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM]
<System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M]
<System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[dpti2o / dpti2o]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[DRVMCDB / DRVMCDB]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM]
<System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express]
<system32\DRIVERS\e1e5132.sys><Intel Corporation>
[Exportit / Exportit]
<system32\DRIVERS\exportit.sys><Eastman Kodak Company>
[ExpScaner / ExpScaner]
<\??\e:\tools\Rising\Rav\ExpScan.sys><>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont]
<\??\e:\tools\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\e:\tools\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\e:\tools\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\e:\tools\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSFHWBS2 / HSFHWBS2]
<system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[Intel RAID Controller / iastor]
<\SystemRoot\system32\drivers\iastor.sys><Intel Corporation>
[ini910u / ini910u]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[Microsoft Kernel Wave Audio Mixer / kmixer]

乐天2005 - 2006-11-14 9:53:00

<2 - 系统找不到指定的文件。
><N/A>
[mdmxsdk / mdmxsdk]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN]
<\??\e:\tools\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[monfilt / monfilt]
<system32\drivers\monfilt.sys><Creative Technology Ltd.>
[mProcRs / mProcRs]
<\??\e:\tools\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Nal Service / NAL]
<\??\C:\WINDOWS\system32\Drivers\iqvw32.sys><Intel Corporation>
[npkcrypt / npkcrypt]
<\??\E:\Tools\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
<\??\E:\Tools\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv]
<system32\DRIVERS\ctoss2k.sys><Creative Technology Ltd.>
[PfModNT / PfModNT]
<\??\C:\WINDOWS\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Pnpnt / Pnpnt]
<\SystemRoot\System32\Drivers\pnpnt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv]
<\??\e:\tools\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\E:\TOOLS\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SigmaTel High Definition Audio CODEC / STHDA]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[symc810 / symc810]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TosIde / TosIde]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>

乐天2005 - 2006-11-14 9:54:00

浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <E:\Tools\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\Tools\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tools\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Tools\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <e:\tools\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <E:\Tools\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[BitComet工具栏]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <e:\tools\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <E:\Tools\MICROS~1\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <E:\Tools\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[IEHlprObj Class]
{DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNT.DLL, >
[使用BitComet下载(&B)]
<res://E:\Tools\BitComet\BitComet.exe/AddLink.htm, N/A>
[使用BitComet下载全部链接]
<res://E:\Tools\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用迅雷下载]
<E:\Tools\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<E:\Tools\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://E:\Tools\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<E:\Tools\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Tools\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Tools\Tencent\QQ\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
<E:\Tools\BitSpirit\bsurl.htm, N/A>
[设为 Messenger Live 头像]
<C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>

乐天2005 - 2006-11-14 9:54:00

==================================
正在运行的进程
[PID: 1084][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Ligos Corporation, 2.05.54]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[PID: 1152][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1452][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1580][e:\tools\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1616][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1740][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1836][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1864][e:\tools\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
[e:\tools\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[e:\tools\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[e:\tools\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[e:\tools\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[e:\tools\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[e:\tools\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[e:\tools\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[e:\tools\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
[e:\tools\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
[e:\tools\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[e:\tools\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[e:\tools\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[e:\tools\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[e:\tools\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[e:\tools\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[e:\tools\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[e:\tools\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[e:\tools\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[e:\tools\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
[e:\tools\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
[e:\tools\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[e:\tools\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[e:\tools\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[e:\tools\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[e:\tools\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
[e:\tools\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[e:\tools\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[e:\tools\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[e:\tools\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[e:\tools\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[e:\tools\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[e:\tools\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[e:\tools\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 2040][e:\tools\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[e:\tools\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[e:\tools\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[e:\tools\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[e:\tools\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[e:\tools\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 500][e:\tools\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[e:\tools\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[e:\tools\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 824][E:\Tools\cFosSpeed\spd.exe] [cFos Software GmbH, 3.11.1181]
[PID: 888][C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe] [Creative Labs, 2.65.010]
[PID: 952][C:\WINDOWS\system32\CTsvcCDA.exe] [Creative Technology Ltd, 1.0.1.0]
[PID: 1168][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe] [Intel Corporation, 6.0.1.1002]
[PID: 1392][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1536][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8268]
[PID: 1640][e:\tools\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[e:\tools\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[e:\tools\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[e:\tools\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Ligos Corporation, 2.05.54]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6

乐天2005 - 2006-11-14 9:55:00

[PID: 1712][C:\Program Files\Cyberlink\Shared files\RichVideo.exe] [, 1.1.0808 ]
[PID: 1600][C:\WINDOWS\system32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1212][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 696][C:\WINDOWS\system32\WFXSVC.EXE] [Symantec Corporation, 10.00.2000.0214]
[PID: 844][E:\Tools\Symantec\WinFax\WFXMOD32.EXE] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\DCCDA32I.dll] [N/A, N/A]
[E:\Tools\Symantec\WinFax\dccutili.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\WFXUT32I.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\rtfctl32.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\WFXIIF32.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\Wfxvw32i.dll] [N/A, N/A]
[E:\Tools\Symantec\WinFax\SEngine.dll] [N/A, N/A]
[E:\Tools\Symantec\WinFax\WfxUtilU.DLL] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\dccutilc.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\WFXUT32C.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\DCCTBP32.dll] [N/A, N/A]
[E:\Tools\Symantec\WinFax\sctrl.dll] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\DCCRES32.DLL] [Symantec Corporation, 10.00.2000.0214]
[E:\Tools\Symantec\WinFax\WFXRES32.DLL] [Symantec Corporation, 10.00.2000.0214]
[PID: 2200][C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 2212][C:\WINDOWS\stsystra.exe] [SigmaTel, Inc., 1.0.4991.0 nd444 cp1]
[C:\WINDOWS\system32\STLang.dll] [SigmaTel, Inc., 1.6.4947.0 nd229 cp1]
[C:\WINDOWS\system32\stacapi.dll] [SigmaTel, Inc., 1.0.4991.0 nd444 cp1]
[PID: 2296][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] [Intel Corporation, 6.0.1.1002]
[C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll] [Intel Corporation, 6.0.1.1002]
[C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_CHS.dll] [Intel Corporation, 6.0.1.1002]
[PID: 2456][C:\Program Files\Dell\Media Experience\DMXLauncher.exe] [N/A, N/A]
[PID: 2468][C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe] [Creative Technology Ltd, 1.4.8.0]
[C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.crl] [Creative Technology Ltd, 1.4.2.0]
[C:\Program Files\Creative\Shared Files\CTTheme.dll] [Creative Technology Ltd, 3.1.3.0]
[C:\Program Files\Creative\Shared Files\CtrlSrc.dll] [Creative Technology Ltd, 2.0.12.0]
[C:\Program Files\Creative\Shared Files\CTIniF.dll] [Creative Technology Ltd, 1.1.0.0]
[C:\Program Files\Creative\Shared Files\GDICtrl.skc] [Creative Technology Ltd, 3.1.23.0]
[C:\Program Files\Creative\Shared Files\GDICtrl2.skc] [Creative Technology Ltd, 3.0.14.0]
[C:\Program Files\Creative\Shared Files\GDICtrl3.skc] [Creative Technology Ltd, 3.1.4.0]
[C:\Program Files\Creative\Shared Files\RtxCtrl.skc] [Creative Technology Ltd, 3.1.9.0]
[C:\Program Files\Creative\Shared Files\mxlib.dll] [Creative Technology Ltd., 2.0.1.0]
[PID: 2716][C:\Program Files\Creative\VoiceCenter\AndreaVC.exe] [Andrea Electronics Corporation, 2, 1, 6, 0]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\Creative\VoiceCenter\AEWave.ax] [N/A, N/A]
[PID: 2720][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2732][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.08a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.08a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.08a]
[C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.64a]
[PID: 2980][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1155]
[PID: 3044][E:\tools\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0910]
[e:\tools\CyberLink\PowerDVD\CLRCEngine3.dll] [CyberLink Corp., 4, 5, 0, 1711]
[PID: 3240][E:\tools\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[E:\tools\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[E:\tools\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[E:\tools\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[E:\tools\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 3264][E:\tools\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
[E:\tools\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[E:\tools\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[E:\tools\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[E:\tools\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[E:\tools\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[E:\tools\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[E:\tools\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[PID: 3296][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[PID: 3384][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3672][C:\Program Files\Digital Line Detect\DLG.exe] [BVRP Software, 1, 0, 0, 1]
[C:\Program Files\Digital Line Detect\BVRPDIAG.dll] [BVRP Software, 1.0]
[C:\WINDOWS\system32\MdmXSdk.dll] [Conexant, 1.0.2.002]
[PID: 3760][C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe] [N/A, N/A]
[C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\backWeb.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 62R)]
[C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\bwsec.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll] [N/A, N/A]
[C:\PROGRA~1\Kodak\KODAKS~1\7288971\632~1.62-\program\EN\ClientRC.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 62R)]
[C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll] [N/A, N/A]
[C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\BWfiles.dll] [, Version 6.3.2 (Build 62R)]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll] [N/A, N/A]
[C:\Program Files\Kodak\Kodak Software Updater\7288971\6.3.2.62-7288971L\Program\frext.dll] [, Version 6.3.2 (Build 62R)]
[C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\bwclext.dll] [Eastman Kodak Company, 1.0.0.5]
[C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll] [, 1, 0, 0, 1]
[PID: 1328][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[PID: 2656][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[e:\tools\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.53.37.0]
[E:\tools\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[E:\Tools\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\WINDOWS\system32\contmenu.dll] [N/A, N/A]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Ligos Corporation, 2.05.54]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[E:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[PID: 1476][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\WFXMNT40.DLL] [Microsoft Corporation, 7.00 (Build 019)]
[C:\WINDOWS\system32\WFXMNTHQ.DLL] [Microsoft Corporation, 7.00 (Build 019)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\wfxpnt40.dll] [N/A, N/A]
[PID: 568][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]
[PID: 4000][E:\Tools\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\DOCUME~1\WH\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 6.3.2 (Build 62R)]

乐天2005 - 2006-11-14 9:55:00

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM
127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM

==================================

乐天2005 - 2006-11-14 9:56:00

请高手给看看，到底是什么病毒。我是瑞星的正版用户，查杀不到病毒，但总是在windows\temp下有一些文件试图连接网络，有时候试图装一些流氓软件。

6981313 - 2006-11-14 10:09:00

打开SRENG-启动项目-启动文件夹-删除以下：
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> E:\Tools\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[KODAK Software Updater]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\KODAK Software Updater.lnk --> C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [N/A]><N>
打开SRENG-系统修复-HOSTS文件，删除以下：
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM
127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM
打开SRENG-系统修复-INTERNET EXPLORER-修复两个设置为开头的项(设置主页和设置INTERNET EXPLORER标题项)和还原默认搜索设.
安全模式下删除：
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE
E:\Tools\Adobe\ACROBA~1.0\Reader\READER~1.EXE
%Systemroot%(系统盘)\System32\Drivers\Etc下有hosts文件,用记事本打开,清空一下!

红夜鬼1 - 2006-11-14 10:31:00

追加一项
127.0.0.1不要删除

红夜鬼1 - 2006-11-14 10:34:00

【回复“6981313”的帖子】
请先看下这段文字
首先,我们先了解一下HOSTS文件:我们知道在网络上访问网站，要首先通过DNS服务器把网络域名（www.XXXX.com）解析成它主机的IP地址后，我们的计算机才能访问。要是对于每个域名请求我们都要等待域名服务器解析后返回IP信息，这样访问网络的效率就会降低，而Hosts文件就能提高解析效率。根据Windows系统规定，在进行DNS请求以前，Windows系统会先检查自己的Hosts文件中是否有这个地址映射关系，如果有则调用这个IP地址映射，如果没有再向已知的DNS服务器提出域名解析。也就是说Hosts的请求级别比DNS高。所以我们可以利用这一点来手动在HOSTS文件中加一些我们已经知道的网站地址,再在网站地址前面手动加上一个安全网站的IP地址,从而就好比在网站地址前面加了一个"虚假"的映射关系,因而当您在打开一个恶意网站时,HOSTS通过里面"虚假"的映射关系,让我们登陆到了我们自己指定的安全IP地址,所以就不会再进行DNS解析了,也就是说,它不会登陆到那个恶意网站的真实IP地址,从而达到屏蔽的目的.
我通过网上的查询,查找了一些广告,恶意网站的网址.并做了一个HOSTS文件.这里记录了有200个恶意,广告网址可以屏蔽.如果您远离这些恶意,广告网站,有意者可以免费下载使用此文件。
使用方法：

1，下载此文件的压缩包.

2，右击下载所得的的压缩文件，----解压文件-----按照您所使用的windows类型，把hosts的文件路径填写(建议复制/粘贴)到目标路径里：

注:在一般情况下:
在windows 98里，HOSTS文件的文件路径为: %SystemRoot%
在windows 2000/xp里，HOSTS文件的文件路径为: %SystemRoot%\system32\drivers\etc

点击[确定]按钮。如果你的系统里原来有hosts文件，它会询问您是否替换原文件，点“是”就可以了。当然,如果您计算机内有原HOSTS文件,您可以先备份此文件。

3，如果您以上步骤已经完毕.好了，一切OK,如果您在登陆这里记录的网站网址时,它就会完全的屏蔽了.

文件说明：它可以通过记事本等程序来启动此程序查看文件内容,从而您可以自行修改前面的IP地址,来选择屏蔽时连接到的网址.您也可以自行添加这里没有收集到的恶意,广告网址.方法见（见附录）

声明:本文件在您浏览器打开恶意,广告网站时,屏蔽的默认地址一律为127.0.0.1.并且该文件在WINDOWS XP下测试通过.如果您没有备份原文件，或认为操作失误造成的损失本人概不负责.谢谢大家.

另外,同时推荐您使用IE分级审查功能来屏蔽掉一些不良的内容,从而使您浏览的内容更加完善.
IE分级审查是用分级系统来帮助用户控制在该计算机上看到的Internet内容，它可以过滤掉一部分不健康的东西，即根据用户的要求，由系统自动对那些包含暴力、性、裸体、语言等不良信息的网页进行过滤，仅仅只留下健康的内容浏览，从而起到了去其糟粕、取其精华的目的。打开“分级审查”功能后，只有满足或超过标准的已分级的内容才能显示出来。详情见http://it.rising.com.cn/newSite/Channels/Anti_Virus/Virus_Alert/TopicDatabasePackage/06-131000162.htm

============================================================================================

（附录）用记事本程序打开此文件,先看见的是微软对这个文件的说明。这个文件是根据TCP/IP for Windows的标准来工作的，规定要求每段只能包括一个映射关系，IP地址要放在每段的最前面，空格后再写上映射的Host name(主机名)，如：

　　127.0.0.1 www.xxx.com

.这就是说www.xxx.com为恶意的网站,127.0.0.1为在登陆www.xxx.com时所连接的安全IP地址.您可以按照这种样式和文件中的整体样式继续添加一些恶意网站.
我会对这里所记录的网站会不断更新的.
谢谢大家.

瑞星卡卡安全论坛