瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 中病毒,瑞星不能启动,附SREng日志,高手请进
奥斯卡+卡 - 2007-9-17 15:38:00
电脑中病毒了~瑞星不能启动,双击瑞星没有任何反应,SREng和icesword也不能运行,改名字后才可以用。360安全卫士安装没反应,现附日志如下,高手请帮忙!!!谢谢谢谢!!

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [N/A]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <fjnijid><C:\WINDOWS\system32\rketbuy.exe>  []
    <fctatie><C:\WINDOWS\system32\trmgfyg.exe>  []
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <RavTray><"C:\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <CCenterInst><"C:\Rising\Rav\CCenter.exe" -install>  [Beijing Rising Technology Co., Ltd.]
    <RAV><C:\Rising\Rav\Update\RavUpdtN.exe -CONTINUE -AUTORUN -S>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
奥斯卡+卡 - 2007-9-17 15:41:00
[CODE]

2007-09-17,14:38:04

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [N/A]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <fjnijid><C:\WINDOWS\system32\rketbuy.exe>  []
    <fctatie><C:\WINDOWS\system32\trmgfyg.exe>  []
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <RavTray><"C:\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <CCenterInst><"C:\Rising\Rav\CCenter.exe" -install>  [Beijing Rising Technology Co., Ltd.]
    <RAV><C:\Rising\Rav\Update\RavUpdtN.exe -CONTINUE -AUTORUN -S>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
奥斯卡+卡 - 2007-9-17 15:42:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
    <IFEO[avconsol.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
    <IFEO[EGHOST.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
    <IFEO[FYFireWall.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
奥斯卡+卡 - 2007-9-17 15:43:00
<IFEO[isPwdSvc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
    <IFEO[KAVPF.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
    <IFEO[KPfwSvc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
    <IFEO[KRepair.com]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
    <IFEO[KVScan.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
奥斯卡+卡 - 2007-9-17 15:43:00
<IFEO[KVSrvXP.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
    <IFEO[KvXP_1.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
    <IFEO[nod32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
    <IFEO[NPFMntor.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <IFEO[QQKav.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE]
    <IFEO[SREng.EXE]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
奥斯卡+卡 - 2007-9-17 15:44:00
<IFEO[SysSafe.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
    <IFEO[upiea.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
    <IFEO[UpLive.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <IFEO[vsstat.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
    <IFEO[webscanx.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\WINDOWS\system32\trmgfyg.exe>  []

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[RavService / RavService][Stopped/Auto Start]
  <"C:\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
奥斯卡+卡 - 2007-9-17 15:45:00
==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[AEC6260 / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AmdK8 Compatible Device / AmdK8][Stopped/System Start]
  <System32\BIRD\amdk8.sys><Advanced Micro Devices>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA  Technology Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[BCRAID / BCRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\BCRAID.sys><Broadcom Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件(北京)有限公司>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[FASTSX / FASTSX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[FT8300 / FT8300][Stopped/Boot Start]
奥斯卡+卡 - 2007-9-17 15:45:00
<\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Running/Boot Start]
  <\SystemRoot\System32\BIRD\ftsata2.sys><Promise Technology, Inc.>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IASTOR / IASTOR][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iaStor.sys><Intel Corporation>
[IFT2000 / IFT2000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ift2000.sys><Infortrend Technology, Inc.>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\JRAID.SYS><JMicron Technology Corp.>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5228.sys><ALi Corporation.>
[M5281 / M5281][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\mraid35x.sys><LSI Logic Corporation>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVATABUS.SYS><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) MIDI UART / nvmpu401][Running/Manual Start]
  <system32\drivers\nvmpu401.sys><NVIDIA Corporation>
[NVRAID / NVRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVRAID.SYS><NVIDIA Corporation>
[ojndq / ojndq][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ojndq.sys><N/A>
[perc2 / perc2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\perc2.sys><Adaptec, Inc.>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp649r.sys><CMD Technology, Inc.>
[PNP680 / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680.sys><Silicon Image, Inc.>
[PNP680R / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\raidsrc.sys><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\rr232x.sys><HighPoint Technologies, Inc.>
[RSPPSYS / RSPPSYS][Stopped/Disabled]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><N/A>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SIS AGP Bus Filter / sisagp][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[SPTRAK / SPTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TwoTrack Compatible Device / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ULSATA / ULSATA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\System32\bird\vmscsi.sys><VMware, Inc.>
[W2KADV / W2KADV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
奥斯卡+卡 - 2007-9-17 15:46:00
浏览器加载项
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[时尚精品,体验快感]
  {6E5EECAF-8879-4a75-8A88-B44B6382A763} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-290?cn=chaoyue;site;hp&mpro=http://www.ebay.com.cn, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 国风因特软件(北京)有限公司>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
奥斯卡+卡 - 2007-9-17 15:46:00
正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1308 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, ]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件(北京)有限公司, 2.5.1.1003]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\sanlink\INPUT_~1\contmenu.dll]  [N/A, ]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1472 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [国风因特软件(北京)有限公司, 2.5.0.6]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
[PID: 1576 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2012 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 48]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 120 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 128 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 172 / Administrator][C:\WINDOWS\system32\rketbuy.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 180 / Administrator][C:\WINDOWS\system32\trmgfyg.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 192 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\notifier.dll]  [国风因特软件(北京)有限公司, 2.5.1.1003]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 188 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 260 / Administrator][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 396 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 1556 / Administrator][C:\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 14]
    [C:\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 14]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
[PID: 2160 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 2500 / SYSTEM][C:\Rising\Rav\CopyRun\RavUpgrd.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Rising\Rav\CopyRun\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Rising\Rav\CopyRun\Update.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[PID: 3112 / Administrator][D:\Personal\Desktop\新建文件夹 (2)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [D:\Personal\Desktop\新建文件夹 (2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
奥斯卡+卡 - 2007-9-17 15:47:00
正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1308 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, ]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件(北京)有限公司, 2.5.1.1003]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\sanlink\INPUT_~1\contmenu.dll]  [N/A, ]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1472 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [国风因特软件(北京)有限公司, 2.5.0.6]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
[PID: 1576 / SYSTEM][d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [d:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2012 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 48]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 120 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 128 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
[PID: 172 / Administrator][C:\WINDOWS\system32\rketbuy.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 180 / Administrator][C:\WINDOWS\system32\trmgfyg.exe]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 192 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.5.5.1010]
    [C:\PROGRA~1\3721\notifier.dll]  [国风因特软件(北京)有限公司, 2.5.1.1003]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 188 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 260 / Administrator][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 396 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 1556 / Administrator][C:\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 14]
    [C:\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 14]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
[PID: 2160 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
[PID: 2500 / SYSTEM][C:\Rising\Rav\CopyRun\RavUpgrd.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Rising\Rav\CopyRun\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Rising\Rav\CopyRun\Update.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[PID: 3112 / Administrator][D:\Personal\Desktop\新建文件夹 (2)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.2.1005]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [D:\Personal\Desktop\新建文件夹 (2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
奥斯卡+卡 - 2007-9-17 15:47:00
==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe
[E:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe
[F:\]
[AutoRun]
open=fctatie.exe
shell\open=打开(&O)
shell\open\Command=fctatie.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=fctatie.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 172, C:\WINDOWS\SYSTEM32\RKETBUY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 172, C:\WINDOWS\SYSTEM32\RKETBUY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 180, C:\WINDOWS\SYSTEM32\TRMGFYG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 180, C:\WINDOWS\SYSTEM32\TRMGFYG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 396, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 396, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1556, C:\RISING\RAV\RAVTRAY.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
奥斯卡+卡 - 2007-9-17 16:20:00
谢谢大家了!!!
Enao2005 - 2007-9-17 19:03:00
找到下面的文件复制到桌面,用RAR压缩,传给我enao@people.com.cn 麻烦你了
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe

删除注册表项目
<fjnijid><C:\WINDOWS\system32\rketbuy.exe> []
<fctatie><C:\WINDOWS\system32\trmgfyg.exe> []

重起用WINRAR删除下面文件
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe
D:\Autorun.inf
E:\fctatie.exe
E:\Autorun.inf
F:\fctatie.exe
F:\Autorun.inf

下载IFEO修复工具(enao.ys168.com 下载)
没有梦想的男人 - 2007-9-17 19:28:00
到游戏迷的网盘下个3721专杀来清清吧.http://scj2007.ys168.com/

给我也来一份,
C:\WINDOWS\system32\rketbuy.exe
C:\WINDOWS\system32\trmgfyg.exe
D:\fctatie.exe
压缩发给qcqyt1983@163.com
1
查看完整版本: 中病毒,瑞星不能启动,附SREng日志,高手请进
© 2000 - 2026 Rising Corp. Ltd.