瑞星卡卡安全论坛
国产无敌 - 2007-3-2 8:18:00
前些日子买的正板瑞星杀光了电脑里的病毒,那感觉真爽!!!
可是现在不行了,中了好多的木马和恶意软件,什么也杀不掉,还原系统,清除重启电脑都不行,不一会他就占据了我的C盘我的注册表我的IE`````
现在向传说中的大侠们救求了,帮帮我吧``
下边的是我用瑞星卡卡清理后的诊断报告:
Logfile of Kaka v2. 0. 2. 7 Scan Module v1. 0. 5. 1
Scan saved at 07:59:19, on 2007-03-02
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CAdLogic Object - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - (file missing)
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: lhxs - {6307DBF1-72DF-4CF7-BC52-DCF8F84F9EB8} - C:\PROGRA~1\uqdy\vuhc.dll
O2 - BHO: � - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\uqdy\�.dll (file missing)
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: EyeOnIE - {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} - C:\WINDOWS\system32\atsldr.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ravshell] C:\Progra~1\Eset\rund1132.exe
O4 - HKCU\..\Run: [svc] C:\DOCUME~1\SYH\LOCALS~1\Temp\spolive.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; C:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /FIRST
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\drivers\ttp.exe] C:\WINDOWS\system32\drivers\ttp.exe
O4 - HKLM\..\Run: [dtgyis84] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\dtgyis84.dll",Start
O4 - HKLM\..\Run: [cszabk80] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\cszabk80.dll",Start
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [mhs3] C:\WINDOWS\mhs3.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [upxdnd] C:\DOCUME~1\SYH\LOCALS~1\Temp\TIMPLATF0RM.exe
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0C33E97-0999-4005-AAAF-2044A7F9F7F9}: NameServer = 202.103.224.68
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Std fbrm Service (fbrm) - - C:\WINDOWS\system32\rundll32.exe c:\progra~1\xwje\kgwr.dll,service -s
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Vsn okxv Service (okxv) - - C:\WINDOWS\system32\rundll32.exe c:\progra~1\uqdy\yxkf.dll,service
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "C:\Program Files\Rising\Rav\Ravmond.exe"
O23 - Service: BUZOR (iSPONER) - - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\fudbs.dll,export 1087
女校男生 - 2007-3-3 22:49:00
请下载SREng2 ,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来,,日志一次粘不完,分次粘完,
下载地址
http://www.kztechs.com/sreng/sreng2.zip
国产无敌 - 2007-3-4 3:37:00
有劳大侠了,以下是你要的:
2007-03-04,03:08:53
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<tt2zifty9lex6><C:\WINDOWS\iexpl0ra.exe> [N/A]
<xh4lq><C:\WINDOWS\c0nima.exe> [N/A]
<svc><C:\DOCUME~1\SYH\LOCALS~1\Temp\spolive.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Super Rabbit SRRestore><; C:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /FIRST> [Super Rabbit Soft]
<RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [N/A]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
<wsttrs><C:\WINDOWS\wsttrs.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<upxdnd><C:\DOCUME~1\SYH\LOCALS~1\Temp\iexplore9.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<Desktop><"C:\WINDOWS\system32\internet.exe"> [Microsoft Corporation]
<Internet><"C:\WINDOWS\system32\internet.exe"> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<usrinit><C:\WINDOWS\system32\usrinit.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\WINDOWS\system32\NTDLL32.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<webwork><C:\WINDOWS\webwork\webwork.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [N/A]
国产无敌 - 2007-3-4 3:37:00
==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[腾讯QQ]
<C:\Documents and Settings\SYH\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><H>
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[BE07192C / BE07192C][Stopped/Auto Start]
<C:\WINDOWS\system32\BE07192C.EXE -service><Microsoft Corporation>
[Std fbrm Service / fbrm][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\xwje\kgwr.dll,Service -s><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Vsn okxv Service / okxv][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\uqdy\yxkf.dll,Service><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Wprinter / Wprinter][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\WPRINT.EXE><Microsoft Corporation>
[Internet Connection Manager / Internet Connection Manager][Stopped/Auto Start]
<"C:\WINDOWS\system32\internet.exe"><Microsoft Corporation>
==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FXDRV / FXDRV][Stopped/Manual Start]
<\??\H:\Fxdrv.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mspcidrv / mspcidrv][Running/System Start]
<system32\DRIVERS\mspcidrv.sys><Windows (R) 2000 DDK provider>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
国产无敌 - 2007-3-4 3:40:00
==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v11.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEInit Class]
{5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\system32\drivers\usrinit.dll, >
[lhxs]
{79781F72-6774-40E7-9817-7C94BD5D4046} <C:\PROGRA~1\uqdy\vuhc.dll, >
[Advance Helper]
{8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[IE Browser Helper]
{D0903A3B-F0EA-434a-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[CaiFuCOM Class]
{C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\fcai.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v11.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEInit Class]
{5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\system32\drivers\usrinit.dll, >
[lhxs]
{79781F72-6774-40E7-9817-7C94BD5D4046} <C:\PROGRA~1\uqdy\vuhc.dll, >
[Advance Helper]
{8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE Browser Helper]
{D0903A3B-F0EA-434A-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
国产无敌 - 2007-3-4 3:42:00
==================================
正在运行的进程
[PID: 616][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[PID: 760][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1088][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1276][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[PID: 1652][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
国产无敌 - 2007-3-4 3:43:00
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\DOCUME~1\SYH\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\msccrt.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.52.6.0]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.8390]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8390]
[C:\WINDOWS\system32\nvshell.dll] [N/A, N/A]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Super Rabbit\MagicSet\srcd.dll] [Super Rabbit Software, 1.02.0001]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\WINDOWS\system32\drivers\usrinit.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\uqdy\vuhc.dll] [, 1, 2, 0, 8]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\system32\IEHelper.dll] [Mass Effect Network, 5.1.2600.0]
[PID: 1728][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1932][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1960][C:\WINDOWS\system32\usrinit.exe] [, 1, 0, 0, 1]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[PID: 288][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[PID: 416][C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe] [NVIDIA Corporation, 1.0.450]
[C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerZHC.dll] [NVIDIA Corporation, 1.0.450]
[C:\Program Files\Common Files\NVIDIA Shared\Audio\NVAudioMod.dll] [NVIDIA Corporation, 1.0.450]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[PID: 468][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.8390]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.8390]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[PID: 476][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 496][C:\Program Files\Rising\KakaToolBar\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\KakaToolBar\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[PID: 1056][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[PID: 1240][C:\DOCUME~1\SYH\LOCALS~1\Temp\spolive.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
国产无敌 - 2007-3-4 3:46:00
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\DOCUME~1\SYH\LOCALS~1\Temp\packet.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\DOCUME~1\SYH\LOCALS~1\Temp\WanPacket.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[PID: 1420][C:\WINDOWS\c0nime.exe] [N/A, N/A]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[PID: 1392][C:\WINDOWS\iexpl0re.exe] [N/A, N/A]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[PID: 1596][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1964][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\xwje\kgwr.dll] [ , 4, 1, 0, 4]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\PROGRA~1\xwje\plyw.dll] [ , 1, 0, 0, 6]
[PID: 1112][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8390]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[PID: 2072][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\uqdy\yxkf.dll] [, 1, 2, 0, 8]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[PID: 2228][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[PID: 2944][C:\WINDOWS\SYSTEM32\WINPNT.EXE] [Microsoft Corporation, 5.2600.2180]
[PID: 3328][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2672][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3088][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\RavQu.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
国产无敌 - 2007-3-4 3:47:00
[PID: 3304][C:\Program Files\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, N/A]
[C:\WINDOWS\system32\Charset.dll] [N/A, N/A]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[PID: 1584][C:\Program Files\Rising\KakaToolBar\Ras.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 5, 1]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\KakaToolBar\RasGui.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 2828][C:\Program Files\Tencent\TT\TTraveler.exe] [腾讯公司, 3.2.200.275]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,15,0]
[PID: 3944][E:\我的文档\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\PROGRA~1\xwje\njwu.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\xwje\sobw.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\wsttrs.dll] [N/A, N/A]
[C:\WINDOWS\system32\Gjzos.dll] [N/A, N/A]
[C:\WINDOWS\system32\LgSym.dll] [N/A, N/A]
==================================
国产无敌 - 2007-3-4 3:47:00
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[D:\]
[autorun]
open=LMfrK.exe
shellexecute=LMfrK.exe
shell\Auto\command=LMfrK.exe
shell=Auto
[E:\]
[autorun]
open=LMfrK.exe
shellexecute=LMfrK.exe
shell\Auto\command=LMfrK.exe
shell=Auto
[F:\]
[autorun]
open=LMfrK.exe
shellexecute=LMfrK.exe
shell\Auto\command=LMfrK.exe
shell=Auto
[G:\]
[autorun]
open=kLpvr.exe
shellexecute=kLpvr.exe
shell\Auto\command=kLpvr.exe
shell=Auto
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/CODE]
国产无敌 - 2007-3-4 3:48:00
就是这么多了```问题好多``瑞星杀不出他们``看你的了!!
女校男生 - 2007-3-4 17:37:00
运行(双击)SRE 启动项目 注册表 删除下列
tt2zifty9lex6
xh4lq
wsttrs
msccrt
upxdnd
cmdbcs
mppds
webwork
WinlogonNotify: cryptimg
启动项目 服务 驱动服务 钩选"隐藏已认证微软" 选中
npkycryp / npkycryp
删除服务 设置 否
重起机器狂按F8进入安全模式 删除下列文件
C:\WINDOWS\iexpl0ra.exe
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\msccrt.exe
C:\DOCUME~1\SYH\LOCALS~1\Temp\iexplore9.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\webwork\webwork.dll
C:\Program Files\Tencent\QQ\npkycryp.sys
C:\WINDOWS\system32\webpageparser.dll(建议用windos清理助手 清理)
C:\WINDOWS\system32\CreateDomTree.dll
女校男生 - 2007-3-4 17:38:00
以上步骤之后
建议 安全模式下再用 杀软杀一边毒
国产无敌 - 2007-3-5 12:31:00
辛苦了大大```
第一个步骤不会~
运行(双击)SRE 启动项目 注册表 删除下列
tt2zifty9lex6
xh4lq
wsttrs
msccrt
upxdnd
cmdbcs
mppds
webwork
WinlogonNotify: cryptimg
启动项目 服务 驱动服务 钩选"隐藏已认证微软" 选中
npkycryp / npkycryp
删除服务 设置 否
--------
我和一小白差不多,能不能说细点,给你捶背```
1
© 2000 - 2026 Rising Corp. Ltd.