【求助】版主，输入法不见了，语言选项成灰色 bbs.ikaka.com

梦elva - 2008-3-8 17:06:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> []
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [N/A]
<H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"> [Microsoft Corporation]
<eMuleAutoStart><; C:\Program Files\eMule\eMule.exe -AutoStart> [N/A]
<Ntcheck><; C:\WINDOWS\mapserver.exe> [N/A]
<swg><; > [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SSBkgdUpdate><"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot> [Scansoft, Inc.]
<PaperPort PTD><C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe> [ScanSoft, Inc.]
<IndexSearch><C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe> [ScanSoft, Inc.]
<BrMfcWnd><C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN> [N/A]
<ControlCenter3><C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun> [N/A]
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
<bqvitxlm><C:\WINDOWS\qixmfrjo.exe> []
<WinSysM><C:\WINDOWS\684745M.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<Alitalk><; > [N/A]
<ATIModeChange><; Ati2mdxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<AtiPTA><; atiptaxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<HP Software Update><; C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<Install Alitalk><; > [N/A]
<LoadBtnHnd><; C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe> [FUJITSU LIMITED]
<LoadFujitsuQuickTouch><; C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe> [N/A]
<LTSMMSG><; LTSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<MINI_BFYY><; C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe> [N/A]
<MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows Publisher]
<OPSE reminder><; "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"> [N/A]
<OpwareSE2><; "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"> [ScanSoft, Inc.]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PPHIDPAD><; C:\WINPENJR\win32\pphidpad.exe> []
<runeip><; C:\Program Files\Rising\KakaToolBar\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<ThunderMini><; C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe> [N/A]
<Windows木马防火墙><; > [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosmhfp00.dll,msosdohs00.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{23b07818-3d0b-4ac6-89bd-1305eab432aa}><C:\WINDOWS\system32\DAADAA1040.dll> []
<{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><C:\WINDOWS\system32\hfrdzx.dll> []
<{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zjydcx.dll> []
<{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys> []
<{e899b0c7-dd39-4213-bde9-555935129f0e}><C:\WINDOWS\system32\ffBABBAB1039.dll> []
<{e74edcc5-8e16-46ff-8fb1-b38987f45466}><C:\WINDOWS\system32\ffNNBNNB1035.dll> []
<{b5873d17-5469-4f96-a2a2-528be86e5de7}><C:\WINDOWS\system32\ffSACSAC1021.dll> []
<{69e1d07e-baac-4d2f-ae46-5de03960b10d}><C:\WINDOWS\system32\ffKADKAD1039.dll> []
<{70c330f3-fb9e-44fc-8f4b-14ab783005e5}><C:\WINDOWS\system32\ffEZZEZZ1033.dll> []
<{3e0bacb8-81b9-433b-aee0-0148600996e3}><C:\WINDOWS\system32\fNNBNNB1030.dll> []
<{6b22d384-97ba-4c43-81ab-a6bb24e9d831}><C:\WINDOWS\system32\fJACJAC1041.dll> []
<{d9a0e8e6-e1f0-4b21-a09e-22e6e189fd7a}><C:\WINDOWS\system32\ffFKKFKK1047.dll> []
<{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll> []
<{5ce3bfce-ece0-432f-a629-1119bc42565e}><C:\WINDOWS\system32\ffHADHAD1044.dll> []
<{0a2fc8ad-5508-44da-99ad-1763bd96d031}><C:\WINDOWS\system32\ffTQQTQQ1010.dll> []
<{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll> []
<{0f909a71-e33d-4548-9871-4d1062cb001a}><C:\WINDOWS\system32\ayCBDCBD1037.dll> []
<{f018b5f0-8af0-4619-a450-bde806ceb364}><C:\WINDOWS\system32\ayQACQAC1021.dll> []
<{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> []
<{59ad5cae-6176-4e33-be6b-40c508a51576}><C:\WINDOWS\system32\ayDABDAB1046.dll> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)

梦elva - 2008-3-8 17:06:00

启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[PPPoE Service / PPPoEService][Running/Auto Start]
<C:\PROGRA~1\北京通信\宽带E~1\app\pppoeservice.exe><N/A>
[WL-311FA Wireless Service / WL-311FA][Running/Auto Start]
<C:\Program Files\WMonitor\WLService.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>

梦elva - 2008-3-8 17:07:00

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATICDSDr / ATICDSDr][Stopped/Manual Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\ATICDSDr.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Brother USB Still Image driver / BrScnUsb][Stopped/Manual Start]
<system32\DRIVERS\BrScnUsb.sys><Brother Industries Ltd.>
[BtnHnd / BtnHnd][Running/Auto Start]
<\??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys><FUJITSU LIMITED>
[CAPI 2.0 Service / CAPI][Running/Auto Start]
<System32\DRIVERS\capi.sys><Shanghai Beidian Comp.>
[CardBus Fast Ethernet Attached Port PC Card / CB102][Stopped/Manual Start]
<System32\DRIVERS\cb102.sys><Fast Ethernet Controller Provider>
[d346bus / d346bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\tmpB.tmp><N/A>
[fpids32 / fpids32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosfpids32.sys><N/A>
[Serial Port Driver / GGCOM][Stopped/Manual Start]
<system32\DRIVERS\GGCOM.SYS><GIGA-TELECOM>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[IPCDRV / IPCDRV][Stopped/Manual Start]
<system32\DRIVERS\IPCDRV.SYS><GIGA-TELECOM>
[BD2000C USB ISDN TA ISDN Driver / isdnusb][Stopped/Manual Start]
<System32\DRIVERS\isdnusb.sys><Shanghai Beidian Comp.>
[Lucent Technologies Soft Modem / LucentSoftModem][Running/Manual Start]
<System32\DRIVERS\LTSM.sys><Lucent Technologies>
[mfrdnf / mfrdnf][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\mfrdnf.sys><N/A>
[mhfp / mhfp][Stopped/Auto Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\tmp4.tmp><N/A>
[802.11b Wireless LAN Adapter / NC7210][Stopped/Manual Start]
<System32\DRIVERS\haku51.sys><NextComm, Inc.>
[NDIS CAPI Service / NDISCAPI][Running/Auto Start]
<System32\DRIVERS\ndiscapi.sys><Shanghai Beidian Comp.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[CNC Enternet P.P.P.o.E LAN Miniport Driver / NTSPPPOE][Stopped/Manual Start]
<System32\DRIVERS\ntspppoe.sys><Microsoft Corporation>
[Pnpnt / Pnpnt][Running/Boot Start]
<\SystemRoot\System32\Drivers\pnpnt.sys><>
[pop / pop][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
[ppmoucls / ppmoucls][Running/System Start]
<System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
<System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RAWESR / RAWESR][Stopped/Manual Start]
<\??\C:\PROGRA~1\北京通信\宽带E~1\app\RAWESR.SYS><Microsoft Corporation>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[TL-WN210 2.2 / TL-WN250 2.2 / rtl8180][Stopped/Manual Start]
<System32\DRIVERS\RTL8180.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
<system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
<System32\DRIVERS\smcirda.sys><SMC>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TAPBIND / TAPBIND][Stopped/Manual Start]
<\??\C:\PROGRA~1\北京通信\宽带E~1\app\TAPBIND1.SYS><Network TeleSystems, Inc.>
[BD2000C USB ISDN TA WAN Driver / usbwmac][Running/Manual Start]
<System32\DRIVERS\usbwmac.sys><Shanghai Beidian Comp.>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>

梦elva - 2008-3-8 17:07:00

浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL, N/A>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MMCShell.dll, N/A>
[ULiveCtrl Control]
{070CA17A-4BD2-4612-83B4-32B1B9159B47} <C:\WINDOWS\system32\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[updatePanelX Control]
{43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINDOWS\system32\uusee\internet\updateC.ocx, uusee>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[HCNetVideoActiveX Control]
{AA25A56C-B654-4356-B390-DC3594B75C63} <C:\WINDOWS\system32\HCNETV~1.OCX, Hikvision>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, N/A>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL, N/A>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

梦elva - 2008-3-8 17:07:00

正在运行的进程
[PID: 564 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.005]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 6.01.00.009]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzsnt07.dll] [HP, 2,140,0,0]
[C:\WINDOWS\system32\hpzll054.dll] [Hewlett-Packard Company, 60.054.45.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll] [Hewlett-Packard Corporation, 60.054.45.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ppbipr.dll] [Black Ice Software, 2.00]
[PID: 1512 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[PID: 1608 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 5]
[PID: 1688 / SYSTEM][C:\PROGRA~1\北京通信\宽带E~1\app\pppoeservice.exe] [N/A, ]
[PID: 1836 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1948 / SYSTEM][C:\Program Files\WMonitor\WLService.exe] [N/A, ]
[PID: 2004 / SYSTEM][C:\Program Files\WMonitor\WLanCfgB.exe] [, 1, 0, 1, 9]
[C:\Program Files\WMonitor\PINGDLL.dll] [N/A, ]
[C:\Program Files\WMonitor\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\WMonitor\ProcNICs.dll] [GemTek, 1, 0, 0, 7]
[C:\Program Files\WMonitor\NextComm.dll] [Gemtek Tech. Co. LTD, 1.0.1.7]
[C:\WINDOWS\W32N50.DLL] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
[C:\Program Files\WMonitor\GEMWEP.DLL] [, 1, 0, 0, 1]
[PID: 428 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 316 / aa][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.1.63.0]
[C:\WINDOWS\system32\DAADAA1040.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\ffBABBAB1039.dll] [N/A, ]
[C:\WINDOWS\system32\ffNNBNNB1035.dll] [N/A, ]
[C:\WINDOWS\system32\ffSACSAC1021.dll] [N/A, ]
[C:\WINDOWS\system32\ffKADKAD1039.dll] [N/A, ]
[C:\WINDOWS\system32\ffEZZEZZ1033.dll] [N/A, ]
[C:\WINDOWS\system32\fNNBNNB1030.dll] [N/A, ]
[C:\WINDOWS\system32\fJACJAC1041.dll] [N/A, ]
[C:\WINDOWS\system32\ffFKKFKK1047.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\ffHADHAD1044.dll] [N/A, ]
[C:\WINDOWS\system32\ffTQQTQQ1010.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\ayCBDCBD1037.dll] [N/A, ]
[C:\WINDOWS\system32\ayQACQAC1021.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\ayDABDAB1046.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\684745MM.DLL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.1.63.0]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]

梦elva - 2008-3-8 17:08:00

[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 352 / aa][C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe] [ScanSoft, Inc., 9.0]
[C:\Program Files\ScanSoft\PaperPort\MAXUTIL.dll] [ScanSoft, Inc., 9.0]
[C:\Program Files\ScanSoft\PaperPort\PPERR.dll] [ScanSoft, Inc., 9.0]
[C:\Program Files\ScanSoft\PaperPort\blicectr.dll] [ScanSoft, Inc., 1, 0, 0, 1]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[PID: 2216 / aa][C:\WINDOWS\system32\ctfmon.exe] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[PID: 2300 / aa][C:\program files\microsoft activesync\wcescomm.exe] [Microsoft Corporation, 3.5.0.1240]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 3.5.0.1240]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 3.5.0.1240]
[C:\program files\microsoft activesync\TCP2UDP.dll] [Microsoft Corporation, 3.5.0.1240]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[PID: 3972 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1572 / aa][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[PID: 2180 / aa][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 75]
[C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 60]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.1.

梦elva - 2008-3-8 17:08:00

[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Rising, 18, 1, 0, 9]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 9]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 9]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1848 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1416 / aa][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]

梦elva - 2008-3-8 17:08:00

[PID: 848 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 32]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 3188 / aa][c:\program files\rising\rav\CopyRun\RavCopy.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]
[PID: 3076 / aa][C:\Program Files\Rising\Rfw\RfwCfg.exe] [Beijing Rising Technology Corporation Limited, 4, 0, 0, 89]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]
[PID: 3464 / aa][C:\Program Files\Rising\Rfw\CopyRun\RavCopy.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[PID: 2368 / aa][e:\sreng2\srengps.exe] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\jhfrxz.dll] [N/A, ]
[C:\WINDOWS\system32\wyrsdj.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\zjydcx.dll] [N/A, ]
[C:\WINDOWS\system32\hfrdzx.dll] [N/A, ]
[e:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\lvrxduar.dll] [N/A, ]

梦elva - 2008-3-8 17:13:00

请高手帮我看看这中了多少种木马和病毒？

天月来了 - 2008-3-8 17:15:00

直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。
一定以附件形式发这论坛来。
点击我这贴右下角的“引用”然后就应该知道怎么发了。

梦elva - 2008-3-8 17:40:00

引用:

【天月来了的贴子】直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。
一定以附件形式发这论坛来。
点击我这贴右下角的“引用”然后就应该知道怎么发了。
………………

以前说不让发附件让贴出来，现在又改了？附件来了．．．．

附件: 754384200838172832.txt

天月来了 - 2008-3-8 18:05:00

做好准备后，一定要断网处理，不然不能成功：

你只有用Xdelbox这个工具去删除这些文件。
Xdelbox下载：http://www.dodudou.com/down/里面的“原创软件文件夹”下载那个1.6版本的。
下载后
解压所有文件到一个文件夹,（一定要解压出来运行，不要懒）运行xdelbox前请拔掉插在电脑上的所有移动硬盘、U盘、MP3等。
将下面的文件信息全部复制，然后打开Xdelbox,（打开后，不要好奇点这Xdelbox玩）直接在下面大窗口的空白处，使用右键菜单的“剪贴板导入不检查路径”导入，并全选文件选择右键菜单的“立刻重启删除”

C:\WINDOWS\system32\DAADAA1040.dll
C:\WINDOWS\system32\hfrdzx.dll
C:\WINDOWS\system32\zjydcx.dll
C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys
C:\WINDOWS\system32\ffBABBAB1039.dll
C:\WINDOWS\system32\ffNNBNNB1035.dll
C:\WINDOWS\system32\ffSACSAC1021.dll
C:\WINDOWS\system32\ffKADKAD1039.dll
C:\WINDOWS\system32\ffEZZEZZ1033.dll
C:\WINDOWS\system32\fNNBNNB1030.dll
C:\WINDOWS\system32\fJACJAC1041.dll
C:\WINDOWS\system32\ffFKKFKK1047.dll
C:\WINDOWS\system32\sgrefg.dll
C:\WINDOWS\system32\ffHADHAD1044.dll
C:\WINDOWS\system32\ffTQQTQQ1010.dll
C:\WINDOWS\system32\wyrsdj.dll
C:\WINDOWS\system32\ayCBDCBD1037.dll
C:\WINDOWS\system32\ayQACQAC1021.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\ayDABDAB1046.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\684745MM.DLL
C:\WINDOWS\system32\WSockDrv32.dll
C:\WINDOWS\system32\lvrxduar.dll
C:\WINDOWS\system32\Kvsc3.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\MsIMMs32.dll
C:\WINDOWS\system32\DbgHlp32.dlL
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\mapserver.exe
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\Kvsc3.exE
C:\WINDOWS\qixmfrjo.exe
C:\WINDOWS\684745M.exe
C:\WINPENJR\win32\pphidpad.exe
C:\WINDOWS\msosmhfp00.dll
C:\WINDOWS\msosdohs00.dll
C:\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\msosdohs00.dll
C:\DOCUME~1\Floder\LOCALS~1\Temp\ATICDSDr.sys
C:\DOCUME~1\Floder\LOCALS~1\Temp\tmpB.tmp
C:\WINDOWS\system32\drivers\msosfpids32.sys
C:\WINDOWS\System32\drivers\mfrdnf.sys
C:\DOCUME~1\Floder\LOCALS~1\Temp\tmp4.tmp
C:\WINDOWS\system32\DRIVERS\pop.sys
C:\WINDOWS\system32\sscli.dll

重启计算机以后会有两个系统进入的选择的倒计时界面
第一个是你原来的windows系统
第二个是这个软件给你设定的dos系统
系统会自动选择进入第二个系统
此时不要进行任何操作
之后会自动重启进入正常模式
进入系统后，再做下面的：
————————————————————————————————————————
去C:\WINDOWS\system32\dllcache文件夹里找ctfmon.exe文件，复制到C:\WINDOWS\system32文件夹里替换。
或者在下面这贴附件里下载，那是XP系统里的ctfmon.exe文件。
http://forum.ikaka.com/topic.asp?board=28&artid=8417665

替换前先在任务管理器里结束ctfmon.exe进程。
==================================
正在运行的进程
[PID: 2216 / aa][C:\WINDOWS\system32\ctfmon.exe] [N/A, ]
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除：
启动项目
注册表
<Ntcheck><; C:\WINDOWS\mapserver.exe> [N/A]
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
<bqvitxlm><C:\WINDOWS\qixmfrjo.exe> []
<WinSysM><C:\WINDOWS\684745M.exe> []
<PPHIDPAD><; C:\WINPENJR\win32\pphidpad.exe> []
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里将下面项目置空（就是选择“编辑”）（这步可能需要关闭杀毒软件的监控，不然杀毒软件会阻止修改）
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosmhfp00.dll,msosdohs00.dll> [N/A]
就是将 <AppInit_DLLs><msosmhfp00.dll,msosdohs00.dll> [N/A] 编辑置空为

<AppInit_DLLs><> [N/A]
————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除
==================================
驱动程序
[ATICDSDr / ATICDSDr][Stopped/Manual Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\ATICDSDr.sys><N/A>

[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\tmpB.tmp><N/A>

[fpids32 / fpids32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosfpids32.sys><N/A>

[mfrdnf / mfrdnf][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\mfrdnf.sys><N/A>

[mhfp / mhfp][Stopped/Auto Start]
<\??\C:\DOCUME~1\Floder\LOCALS~1\Temp\tmp4.tmp><N/A>

[pop / pop][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\pop.sys><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
==================================
浏览器加载项
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, N/A>
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[Schedule Class]
{8B316DA1-9950-4926-B9EA-1AEC124AFA45} <C:\WINDOWS\system32\sscli.dll, N/A>
————————————————————————————————————
再重启电脑，升级杀毒软件至最新版本全盘杀毒。

这里下载 W i n d o w s 清理助手，清理你那系统。
http://www.arswp.com/

记得用QQ医生和瑞星漏洞扫描打打系统补丁，检测到的都打全

清空IE缓存，清空临时文件夹。

瑞星卡卡安全论坛