瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » Trojan.DL.Delf.ent瑞星杀不掉
老粗在前进 - 2006-12-3 20:05:00
瑞星杀不掉,查杀病毒时也找不到病毒,但是每次打开文件夹或浏览网页时瑞星会提示:发现并删除病毒.
    中毒前系统发生过一次严重错误,计算机自动重起.重新启动后瑞星监控提示一个系统程序要求删除注册表中的一项,我点了同意.附图中就是关于这个的记录.
    发现病毒后,网络似乎也变的不稳定,掉线频繁.
    以下是发现病毒的路径:C:\Documents and Settings\ Users\Application Data\Microsoft\Windows\system 文件名是termsv.exe  另一个路径是C:\Documents and Settings\ Users\Templates\Microsoft\Windows\system 文件名还是tetmsv.exe
    以下是瑞星听诊器扫描的结果
未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
F:\新建文件夹\RISING\RFW\RFWMAIN.EXE
F:\新建文件夹\RISING\RFW\RSGUILIB.DLL
F:\新建文件夹\RISING\RFW\RSCOMMON.DLL
F:\新建文件夹\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\IE_BITSCLASS.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\HUAWEI TECHNOLOGIES\HUAWEI SMARTAX MT810\DSLMON.EXE
C:\PROGRAM FILES\HUAWEI TECHNOLOGIES\HUAWEI SMARTAX MT810\LANGUAGES\CHINESESIMP.DLL
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVWDDI.DLL

C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVWDDI.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
E:\解压工具\WINZIP\WZSHLSTB.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
E:\新建文件夹\SKE\CONTMENU.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
F:\新建文件夹\RISING\RAV\RSCOMMON.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\SHELLEX.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\SCRCHPG.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\SCRCH_AG.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\FSSYNC.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_RMT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\CCCLIENT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLIPC.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLUTIL.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\RPT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\CCIFACE.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRLOADER.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRKERNEL.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRSTRING.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_SRV.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_CLNT.PPL
C:\WINDOWS\SYSTEM32\MSCOREE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\SHFUSION.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\WINDOWS\SYSTEM\IE_HEL~1.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
F:\新建文件夹\RISING\RFW\RFWSRV.EXE
F:\新建文件夹\RISING\RFW\RFWRULE.DLL
F:\新建文件夹\RISING\RFW\RFWLOG.DLL
F:\新建文件夹\RISING\RFW\RFWDRV.DLL
F:\新建文件夹\RISING\RFW\PSAPI.DLL
F:\新建文件夹\RISING\RFW\MONDRV.DLL
F:\新建文件夹\RISING\RFW\PROCLIB.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVWDDI.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
E:\杂牌小软\瑞星听诊器\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVWDDI.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\NVIEW.DLL
C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL
C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\WINDOWS\SYSTEM\IE_HEL~1.DLL
C:\WINDOWS\SYSTEM32\NVWDDI.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\SCRCHPG.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\SCRCH_AG.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\FSSYNC.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_RMT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\CCCLIENT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLIPC.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\KLUTIL.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\RPT.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\CCIFACE.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRLOADER.DLL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRKERNEL.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PRSTRING.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_SRV.PPL
F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\PR_CLNT.PPL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MSCOREE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORIE.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSVCR71.DLL
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\MSCORLD.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
nwiz = NWIZ.EXE /INSTALL
SoundMan = SOUNDMAN.EXE
RavTask = "F:\新建文件夹\RISING\RAV\RAVTASK.EXE" -SYSTEM
(Default) = (NULL)
RfwMain = "F:\新建文件夹\RISING\RFW\RFWMAIN.EXE" -STARTUP
StormCodec_Helper = "E:\杂牌小软\播放器\STORM CODEC\STORMSET.EXE" /S /OPTI
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVMCTRAY.DLL,NVTASKBARINIT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub = "F:\新建文件夹\RISING\RAV\RAVSTUB.EXE" /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"


附件: 7615092006123195705.bmp
老粗在前进 - 2006-12-3 20:07:00
其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\system32\xunleibho_v7.dll
{077FD0C3-1291-4104-A356-41E36B252682} = C:\Program Files\Yayad\AdCore.dll
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} = C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
{37CADC46-CFC7-43E6-A539-D124882BD838} = C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL
{38928D50-8A48-44C2-945F-D2F23F771410} = C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} = C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
{62EED7C6-9F02-42f9-B634-98E2899E147B} = C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
{889D2FEB-5411-4565-8998-1DD2C5261283} = E:\杂牌小软\迅雷\ComDlls\XunLeiBHO_002.dll
{A9930D97-9CF0-42A0-A10D-4F28836579D5} = E:\杂牌小软\酷狗\KuGoo3\KuGoo3DownXControl.ocx


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD775C47-23D3-47EF-96F6-FFC29F088DBC}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD775C47-23D3-47EF-96F6-FFC29F088DBC}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C40BCEE8-4730-4D14-B311-A0FCE6C15879}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C40BCEE8-4730-4D14-B311-A0FCE6C15879}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD052A03-E43C-484E-9616-DF6293304435}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD052A03-E43C-484E-9616-DF6293304435}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{438CA73F-4E67-4F24-8863-A65046ED19B8}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{438CA73F-4E67-4F24-8863-A65046ED19B8}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2425A41-6993-4A14-B55F-43C78C36AFFA}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2425A41-6993-4A14-B55F-43C78C36AFFA}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89F2FFAB-8A12-4139-86E8-BFB6C0F5E6AA}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{89F2FFAB-8A12-4139-86E8-BFB6C0F5E6AA}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
aspnet_state = C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET_STATE.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipArt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
IDriverT = "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\1050\INTEL 32\IDRIVERT.EXE"
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
kavsvc = "F:\卡巴斯基\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE"
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
MSSQLSERVER = C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL\BINN\SQLSERVR.EXE -SMSSQLSERVER
MSSQLServerADHelper = C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLADHLP.EXE
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = F:\新建文件夹\RISING\RFW\RFWPROXY.EXE
RfwService = F:\新建文件夹\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "F:\新建文件夹\RISING\RAV\CCENTER.EXE"
RsRavMon = "F:\新建文件夹\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
SQLSERVERAGENT = C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL\BINN\SQLAGENT.EXE -I MSSQLSERVER
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{E01312C2-43A7-4DEF-9BB7-80F97A046933}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

老粗在前进 - 2006-12-3 20:07:00
文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
ADILOADER = C:\WINDOWS\SYSTEM32\DRIVERS\ADILDR.SYS
adiusbae = C:\WINDOWS\SYSTEM32\DRIVERS\ADIUSBAE.SYS
adiusbaw = C:\WINDOWS\SYSTEM32\DRIVERS\ADIUSBAW.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
ALCXSENS = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXSENS.SYS
ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS
AmdK8 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS
AnyDVD = C:\WINDOWS\SYSTEM32\DRIVERS\ANYDVD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
d347bus = C:\WINDOWS\SYSTEM32\DRIVERS\D347BUS.SYS
d347prt = C:\WINDOWS\SYSTEM32\DRIVERS\D347PRT.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
ElbyCDIO = C:\WINDOWS\SYSTEM32\DRIVERS\ELBYCDIO.SYS
ExpScaner = F:\新建文件夹\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HOOKAPI = F:\新建文件夹\RISING\RAV\HOOKAPI.SYS
HookCont = F:\新建文件夹\RISING\RAV\HOOKCONT.SYS
HookReg = F:\新建文件夹\RISING\RAV\HOOKREG.SYS
HookSys = F:\新建文件夹\RISING\RAV\HOOKSYS.SYS
HookUrl = F:\新建文件夹\RISING\RFW\HOOKURL.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
Kl1 = C:\WINDOWS\SYSTEM32\DRIVERS\KL1.SYS
Klif = C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Klmc = C:\WINDOWS\SYSTEM32\DRIVERS\KLMC.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
MEMSCAN = F:\新建文件夹\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mProcRs = F:\新建文件夹\RISING\RFW\MPROCRS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = C:\WINDOWS\SYSTEM32\QQEDIT\NPKCRYPT.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
nvatabus = C:\WINDOWS\SYSTEM32\DRIVERS\NVATABUS.SYS
NVENETFD = C:\WINDOWS\SYSTEM32\DRIVERS\NVENETFD.SYS
nvnetbus = C:\WINDOWS\SYSTEM32\DRIVERS\NVNETBUS.SYS
nv_agp = C:\WINDOWS\SYSTEM32\DRIVERS\NV_AGP.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RsFwDrv = F:\新建文件夹\RISING\RFW\RSFWDRV.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
Sense3 = C:\WINDOWS\SYSTEM32\DRIVERS\SENSE3.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TSP = C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
ZSMC301b = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS

老粗在前进 - 2006-12-3 20:42:00
顶上来在线等
老粗在前进 - 2006-12-3 21:04:00
顶上来在线等
老粗在前进 - 2006-12-3 21:38:00
顶上来在线等
一生①世 - 2006-12-3 22:08:00
建议用ewido杀!
老粗在前进 - 2006-12-3 22:26:00
ewido是杀毒软件么?
哪里可以得到?
6981313 - 2006-12-3 22:27:00
到http://free5.ys168.com/?jxsbb
下载HijackThis1[1].99.1.rar 0.2MB 系统扫描工具和sreng2.zip 0.4MB 系统扫描工具,解压,打开,运行,执行扫描,保存日志,将日志内容贴上来,注意不要改动,一次贴不完,分多次贴!扫描前关闭所有手工打开的软件和窗口!
老粗在前进 - 2006-12-3 22:45:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 17:18:52, 日期 2006-12-3
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
F:\新建文件夹\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\新建文件夹\Rising\Rav\Ravmond.exe
f:\新建文件夹\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
f:\新建文件夹\rising\rfw\RfwMain.exe
F:\新建文件夹\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\新建文件夹\Rising\Rav\RavTask.exe
F:\新建文件夹\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\新建文件夹\Rising\Rav\Rav.exe
E:\杂牌小软\扫描工具\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v7.dll (file missing)
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: (no name) - {37CADC46-CFC7-43E6-A539-D124882BD838} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\杂牌小软\迅雷\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\杂牌小软\酷狗\KuGoo3\KuGoo3DownXControl.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\杂优牌菩小∪软韁\翻译隲\IEBand.dll (file missing)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RavTask] "F:\新建文件夹\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "f:\新建文件夹\rising\rfw\rfwmain.exe" -startup
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "E:\杂牌小软\播放器\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\RunOnce: [RavStub] "F:\新建文件夹\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\杂牌小软\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\杂牌小软\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\杂牌小软\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\杂牌小软\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{89F2FFAB-8A12-4139-86E8-BFB6C0F5E6AA}: NameServer = 202.99.224.68 202.99.224.8
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\新建文件夹\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\新建文件夹\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\新建文件夹\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\新建文件夹\Rising\Rav\Ravmond.exe
老粗在前进 - 2006-12-3 22:46:00
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<RavTask><"F:\新建文件夹\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"f:\新建文件夹\rising\rfw\rfwmain.exe" -startup> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><"E:\杂牌小软\播放器\Storm Codec\StormSet.exe" /S /opti> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"F:\新建文件夹\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><H>
[DSLMON]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\DSLMON.lnk><N>

==================================
服务
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<"F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<f:\新建文件夹\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<f:\新建文件夹\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"F:\新建文件夹\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"F:\新建文件夹\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v7.dll, N/A>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[]
{37CADC46-CFC7-43E6-A539-D124882BD838} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\杂牌小软\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\杂牌小软\酷狗\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\杂牌小软\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <E:\杂优牌菩小∪软韁\翻译隲\IEBand.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v7.dll, N/A>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\MSDXM.OCX, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[]
{37CADC46-CFC7-43E6-A539-D124882BD838} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, Yahoo!>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, >
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <E:\杂优牌菩小∪软韁\翻译隲\IEBand.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>

老粗在前进 - 2006-12-3 22:46:00
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\杂牌小软\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[PlayerPlugin Class]
{991EB39C-C4B8-466E-99C1-ECCC44E2CED8} <C:\WINDOWS\system32\OsoonPlugin.dll, >
[Launch Control]
{A6616B31-4860-41E2-98E3-CA7649AF172F} <D:\launch.ocx, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\杂牌小软\酷狗\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo!>
[&使用迅雷下载]
<E:\杂牌小软\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<E:\杂牌小软\迅雷\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<E:\QQ\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\QQ\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\QQ\qq\SendMMS.htm, N/A>
[雅虎搜索]
<res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 568][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 580][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 728][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 844][F:\新建文件夹\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 868][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[c:\documents and settings\all users\application data\real\ie_bitsclass.dll] <N/A><N/A>
[PID: 1008][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.7777>
[C:\WINDOWS\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8198>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[E:\解压工具\WINZIP\WZSHLSTB.DLL] <WinZip Computing LP><4.1 (32-bit)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[E:\新建文件夹\ske\contmenu.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL] <N/A><N/A>
[PID: 1136][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][F:\新建文件夹\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[F:\新建文件夹\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[F:\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[F:\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[F:\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\新建文件夹\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[F:\新建文件夹\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[F:\新建文件夹\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[F:\新建文件夹\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[F:\新建文件夹\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[F:\新建文件夹\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[F:\新建文件夹\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[F:\新建文件夹\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[F:\新建文件夹\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\新建文件夹\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[F:\新建文件夹\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[F:\新建文件夹\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[F:\新建文件夹\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 35>
[F:\新建文件夹\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[F:\新建文件夹\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[F:\新建文件夹\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[F:\新建文件夹\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[F:\新建文件夹\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 21>
[F:\新建文件夹\Rising\Rav\ExtFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[F:\新建文件夹\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[F:\新建文件夹\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[F:\新建文件夹\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[F:\新建文件夹\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[F:\新建文件夹\Rising\Rav\RsStore.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[F:\新建文件夹\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[F:\新建文件夹\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1208][f:\新建文件夹\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
[f:\新建文件夹\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[f:\新建文件夹\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[f:\新建文件夹\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[f:\新建文件夹\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[f:\新建文件夹\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1316][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1512][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1892][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 312][f:\新建文件夹\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
老粗在前进 - 2006-12-3 22:47:00
[f:\新建文件夹\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[f:\新建文件夹\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[f:\新建文件夹\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[PID: 408][F:\新建文件夹\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[F:\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1092][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.28>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[PID: 1184][F:\新建文件夹\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[F:\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[F:\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[PID: 1488][F:\新建文件夹\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[F:\新建文件夹\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[F:\新建文件夹\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[F:\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[F:\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[F:\新建文件夹\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[PID: 1420][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1064][C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe] <><1, 0, 0, 1>
[C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\Languages\ChineseSimp.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[PID: 3980][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Windows\system\IE_HEL~1.DLL] <N/A><N/A>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[PID: 3788][F:\新建文件夹\Rising\Rav\Rav.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 75>
[F:\新建文件夹\Rising\Rav\PlugIn\RsPgScan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[F:\新建文件夹\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[F:\新建文件夹\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[F:\新建文件夹\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[F:\新建文件夹\Rising\Rav\RavUI.Dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 65>
[F:\新建文件夹\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
[F:\新建文件夹\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[F:\新建文件夹\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\新建文件夹\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[F:\新建文件夹\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[F:\新建文件夹\Rising\Rav\RavUIMsg.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 27>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[F:\卡巴斯基\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[f:\卡巴斯基\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>
[PID: 2156][E:\杂牌小软\系统调整修复\SREng\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\nview.dll] <N/A><N/A>
[C:\WINDOWS\system32\NVWRSZHC.DLL] <NVIDIA Corporation><6.14.10.11014>
[C:\WINDOWS\system32\nvwddi.dll] <NVIDIA Corporation><6.14.10.8198>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
战神︻┻┳═一 - 2006-12-3 22:47:00
用卡卡就可以了...扫描后删除该病毒项
老粗在前进 - 2006-12-3 22:50:00
谢谢 我试试
老粗在前进 - 2006-12-3 23:03:00
卡卡不错,帮我砍掉不少流氓.
呵呵 不过他惹了这么多流氓可要当心报复哦.
1
查看完整版本: Trojan.DL.Delf.ent瑞星杀不掉
© 2000 - 2026 Rising Corp. Ltd.