鼠标一动，explorer就会占用100%的资源。请教原因！谢谢！ bbs.ikaka.com

自由边缘 - 2007-1-16 23:30:00

删除之后还会出现怎么办啊！

以下是进程
帮忙看一下又没有问题，谢谢！
当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\TDDOWNLOAD\HijackThis1991zww.exe

O2 - BHO: ThunderBHO - {0055C088-8582-441B-A0BF-17B458C2A3A8} - d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - 启动项HKLM\\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - 启动项HKLM\\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - 启动项HKLM\\Run: [AtiPTA] atiptaxx.exe
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 启动项HKLM\\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 启动项HKLM\\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载 - D:\Internet Download Manager\IEExt.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载所有链接 - D:\Internet Download Manager\IEGetAll.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E0C5CB-22E1-4527-97DB-2DB5B166143C}: NameServer = 202.102.134.68,202.102.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{6391BDE4-5BE2-4614-B5D2-BD2CAC8A9A11}: NameServer = 202.102.134.68,202.102.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{13E0C5CB-22E1-4527-97DB-2DB5B166143C}: NameServer = 202.102.134.68,202.102.128.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{13E0C5CB-22E1-4527-97DB-2DB5B166143C}: NameServer = 202.102.134.68,202.102.128.68
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - NT 服务: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

鸟儿天上飞 - 2007-1-16 23:42:00

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

自由边缘 - 2007-1-16 23:46:00

先谢谢啦！以下是新扫描！
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
<DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON.S HOME]
<ChkAdmin><C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE> [Hewlett-Packard Company]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> [N/A]
<AtiPTA><atiptaxx.exe> [ATI Technologies, Inc.]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Synaptics, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Synaptics, Inc.]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Insight Local Alerter / CPQALERT][Running/Auto Start]
<C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe><Hewlett-Packard Company>
[cpqdmi / cpqdmi][Running/Auto Start]
<C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe><Compaq Computer Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[WIN32SL / WIN32SL][Running/Auto Start]
<C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe><Intel>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[AMON / AMON][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atitray / atitray][Running/System Start]
<\??\C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[HP Client Management Driver / ClntMgmt][Running/System Start]
<System32\Drivers\ClntMgmt.sys><Hewlett-Packard>
[CONAN / CONAN][Running/Manual Start]
<system32\drivers\o2mmb.sys><O2 Micro>
[Diagnostics Driver / cpqdfw][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\cpqdfw.sys><N/A>
[Diagnostics CPU Driver / cqcpu][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\cqcpu.sys><Microsoft Corporation>
[Diagnostics Memory Driver / cq_mem][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\cq_mem.sys><Microsoft Corporation>
[MbxStby / MbxStby][Running/Manual Start]
<system32\drivers\MbxStby.sys><O2 Micro>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[st3bus28 / st3bus28][Running/Manual Start]
<system32\DRIVERS\st3bus28.sys><Generic>
[st3mp28 / st3mp28][Running/Manual Start]
<system32\DRIVERS\st3mp28.sys><Generic>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[HP WLAN W400/W500 Wireless Network Adapter Service / WLAN_400_500_SERVICE][Running/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>

自由边缘 - 2007-1-16 23:47:00

浏览器加载项
[Thunder Browser Helper]
{0055C088-8582-441B-A0BF-17B458C2A3A8} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[IDMIEHlprObj Class]
{0055C089-8582-441B-A0BF-17B458C2A3A8} <D:\Internet Download Manager\IDMIECC.dll, Internet Download Manager Corp., Tonec Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Thunder Browser Helper]
{0055C088-8582-441B-A0BF-17B458C2A3A8} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[IDMIEHlprObj Class]
{0055C089-8582-441B-A0BF-17B458C2A3A8} <D:\Internet Download Manager\IDMIECC.dll, Internet Download Manager Corp., Tonec Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[使用 IDM 下载]
<D:\Internet Download Manager\IEExt.htm, N/A>
[使用 IDM 下载所有链接]
<D:\Internet Download Manager\IEGetAll.htm, N/A>

自由边缘 - 2007-1-16 23:47:00

正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4142]
[PID: 860][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 1016][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4142]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
[PID: 1028][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 1176][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 1216][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 1404][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 1452][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4142]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
[C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4142]
[PID: 1884][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1908][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\system32\RhinoShExt.dll] [Robert McNeel & Associates, 3, 0, 0, 1]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
[C:\Program Files\Eset\nodshex.dll] [N/A, N/A]
[C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\attext.dll] [Ray Adams, 1, 0, 0, 1]
[D:\Internet Download Manager\IDMIECC.dll] [Internet Download Manager Corp., Tonec Inc., 1, 0, 2, 1]
[D:\Internet Download Manager\idmmkb.dll] [Internet Download Manager, Tonec Inc., 3, 0, 0, 1]
[PID: 276][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 280][C:\Program Files\D-Tools\daemon.exe] [DAEMON.S HOME, 3.29.0.0]
[C:\WINDOWS\daemon.dll] [Generic, 3.29.0.0]
[C:\Program Files\D-Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 288][C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE] [Hewlett-Packard Company, 5.01.0.3]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 324][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 380][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[PID: 396][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1976][C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe] [Hewlett-Packard Company, 5.01.0.3]
[C:\Program Files\Compaq\Compaq Management Agents\CPQHCI.DLL] [Hewlett-Packard Company, 5.01.0.3]
[C:\Program Files\Compaq\Compaq Management Agents\CPQDMSC.DLL] [Compaq Computer Corporation, 5.01.0.3]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\DMIAPI32.DLL] [, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\WCDMI.DLL] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\WDMIUTIL.dll] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\WDMI2API.DLL] [Intel, 2, 0, 0, 54]
[PID: 1428][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 1548][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1304][C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\WSDMIDCE.DLL] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\WDMIUTIL.dll] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\WDMI2API.dll] [Intel, 2, 0, 0, 54]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\DMIAPI32.DLL] [, 2, 0, 0, 54]
[PID: 1744][C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe] [Compaq Computer Corporation, 5.01.0.3]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\DMIAPI32.dll] [, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\WCDMI.dll] [Intel, 2, 0, 0, 54]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\WDMIUTIL.dll] [Intel, 2, 0, 0, 54]
[C:\PROGRA~1\Compaq\COMPAQ~1\CPQHCI.DLL] [Hewlett-Packard Company, 5.01.0.3]
[C:\PROGRA~1\Compaq\COMPAQ~1\CPQDMSC.DLL] [Compaq Computer Corporation, 5.01.0.3]
[C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\WDMI2API.DLL] [Intel, 2, 0, 0, 54]
[C:\PROGRA~1\Compaq\COMPAQ~1\CPQCI.DLL] [Compaq Computer Corporation, 5.01.0.3]
[C:\PROGRA~1\Compaq\COMPAQ~1\CPQVID.DLL] [Compaq Computer Corporation, 5.01.0.3]
[C:\PROGRA~1\Compaq\COMPAQ~1\CpqAoLAN.DLL] [N/A, N/A]
[PID: 2240][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 2888][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3804][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[PID: 3128][D:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[D:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[PID: 3772][E:\软件\病毒防治\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.18.1 15Jul03]

自由边缘 - 2007-1-16 23:48:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

[/CODE]

鸟儿天上飞 - 2007-1-16 23:51:00

运行SREng2,使用“启动项目”－－注册表－－删除
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
重启按F８进入安全模式下
显示隐藏文件
删除：
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk

自由边缘 - 2007-1-16 23:52:00

谢谢！

ぁ偷懒的猫ぁ - 2007-1-17 0:43:00

2007-01-17,00:25:03

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<RavTask><"D:\软件Files\瑞星杀毒\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\软件Files\瑞星杀毒\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
服务
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\软件files\瑞星杀毒\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\软件files\瑞星杀毒\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\软件Files\瑞星杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\软件Files\瑞星杀毒\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService][Stopped/Auto Start]
<D:\软件Files\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\ExpScan.sys><>
[GWIOPM / GWIOPM][Stopped/Manual Start]
<\??\D:\软件Files\womhcty\GWIOPM.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\软件files\瑞星杀毒\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\软件Files\qq2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\软件Files\瑞星杀毒\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Thunder Browser Helper]
{0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\软件Files\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\软件Files\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\软件Files\qq2006\QQ.EXE, TENCENT>
[易趣购物]
{DE607142-AC19-422e-865A-5D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\软件Files\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>

ぁ偷懒的猫ぁ - 2007-1-17 0:45:00

[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<D:\软件Files\迅雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\软件Files\迅雷\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\软件Files\qq2006\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\软件Files\qq2006\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\软件Files\qq2006\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\软件Files\qq2006\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 632][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 644][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 840][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 916][D:\软件Files\瑞星杀毒\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 948][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1100][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1116][D:\软件Files\瑞星杀毒\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[D:\软件Files\瑞星杀毒\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\软件Files\瑞星杀毒\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\软件Files\瑞星杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\软件Files\瑞星杀毒\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[D:\软件Files\瑞星杀毒\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\软件Files\瑞星杀毒\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\软件Files\瑞星杀毒\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\软件Files\瑞星杀毒\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\软件Files\瑞星杀毒\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[D:\软件Files\瑞星杀毒\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\软件Files\瑞星杀毒\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\软件Files\瑞星杀毒\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\软件Files\瑞星杀毒\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[D:\软件Files\瑞星杀毒\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\软件Files\瑞星杀毒\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[D:\软件Files\瑞星杀毒\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\软件Files\瑞星杀毒\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 34]
[D:\软件Files\瑞星杀毒\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[D:\软件Files\瑞星杀毒\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\软件Files\瑞星杀毒\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 13]
[D:\软件Files\瑞星杀毒\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\软件Files\瑞星杀毒\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[D:\软件Files\瑞星杀毒\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\软件Files\瑞星杀毒\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1276][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180

ぁ偷懒的猫ぁ - 2007-1-17 0:46:00

(xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[D:\软件Files\迅雷\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1316][d:\软件files\瑞星杀毒\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
[d:\软件files\瑞星杀毒\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[d:\软件files\瑞星杀毒\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[d:\软件files\瑞星杀毒\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
[d:\软件files\瑞星杀毒\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\软件files\瑞星杀毒\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[d:\软件files\瑞星杀毒\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1512][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1728][d:\软件files\瑞星杀毒\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
[d:\软件files\瑞星杀毒\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[d:\软件files\瑞星杀毒\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\软件files\瑞星杀毒\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\软件files\瑞星杀毒\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\软件files\瑞星杀毒\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1880][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1940][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1032][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1296][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM31bPrp.Ax] [VM, 4.2.711.31]
[PID: 1676][D:\软件Files\瑞星杀毒\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\软件Files\瑞星杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1648][D:\软件Files\瑞星杀毒\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[D:\软件Files\瑞星杀毒\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\软件Files\瑞星杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\软件Files\瑞星杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\软件Files\瑞星杀毒\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\软件Files\瑞星杀毒\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1868][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 2172][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 2356][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 2520][D:\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

[/CODE]

瑞星卡卡安全论坛