中毒了，杀毒软件打不开，C、D、E、F硬盘也打不开 bbs.ikaka.com

西部男人 - 2008-4-13 19:54:00

========Content========
[CODE]

2008-04-13,18:38:29

System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<pyjj><; C:\Program Files\jj4\jjsvr4.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Thunder><; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd.exe><rem C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd.exe> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo! China]
<IESAddr><> [N/A]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [(Verified)China Internet Network Information Center]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<ieup><C:\Program Files\ieup\inetsvr.exe> [(Verified)China Internet Network Information Center]
<stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [N/A]
<TBMonEx><C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\wdfmgr.exe> []
<inudhya><C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\soundma.exe> []
<SHAProc><C:\WINDOWS\SHAProc.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<scufnchl><C:\WINDOWS\cfcltdiz.exe> []
<fmsbbqi><C:\WINDOWS\fmsbbqi.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<WSockDrv32><C:\WINDOWS\aberzw.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<mfchlp32><C:\WINDOWS\mfchlp32.exe> []
<tciocp32><C:\WINDOWS\tciocp32.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<WebThunder><; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> []
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wfhyt.dll,kghk.dll,lfsjgf.dll,stehs.dll,fghshj.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,msepbe.dll,> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.

西部男人 - 2008-4-13 22:43:00

<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> []
<{6ce08af1-5f70-4c1a-8d1a-8aba11619e87}><C:\WINDOWS\system32\ayFKKFKK1055.dll> []
<{05922c2d-da84-48e8-a3e4-e797c58c39cf}><C:\WINDOWS\system32\ttEZZEZZ1046.dll> []
<{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><C:\WINDOWS\system32\ttNNBNNB1047.dll> []
<{29fab913-d0cd-477b-a3f0-3d7c3a90379b}><C:\WINDOWS\system32\ttVUFVUF1011.dll> []
<{79dae25e-7bee-4484-bb1a-f30c45d535d9}><C:\WINDOWS\system32\ttQACQAC1035.dll> []
<{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ati2evxx.exe]
<IFEO[ati2evxx.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idag.exe]
<IFEO[idag.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
<IFEO[kaccore.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
<IFEO[kissvc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
<IFEO[KPPMain.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my.exe]
<IFEO[my.exe]><C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\lmmh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQLogin.exe]
<IFEO[QQLogin.exe]><"C:\WINDOWS\system32\qqxyd.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe]
<IFEO[qqsc.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe]
<IFEO[ravtask.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtool.exe]
<IFEO[ravtool.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exeFYFireWall.exe]
<IFEO[rfwproxy.exeFYFireWall.exe]><C:\WINDOWS\system32\svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XYD2.exe]
<IFEO[XYD2.exe]><"C:\WINDOWS\system32\qqxyd.exe"> []

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

西部男人 - 2008-4-13 22:47:00

==================================
驱动程序
[a0 / a0][Stopped/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\8472343.sys><N/A>
[a320raid / a320raid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Stopped/Disabled]
<system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[afbidbch / afbidbch][Stopped/Boot Start]
<\SystemRoot\system32\drivers\afbidbch.sys><N/A>
[Aha154x / Aha154x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dafaddij / dafaddij][Stopped/Boot Start]
<\SystemRoot\system32\drivers\dafaddij.sys><N/A>
[ddcjhdid / ddcjhdid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ddcjhdid.sys><N/A>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ediafeca / ediafeca][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ediafeca.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[h***oul / h***oul][Stopped/Disabled]
<system32\drivers\h***oul.sys><>
[iajfeech / iajfeech][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iajfeech.sys><N/A>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iCafe Manager / iCafe Manager][Stopped/Manual Start]
<\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbhcid.sys><N/A>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[iirsp / iirsp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[KvMemon / KvMemon][Stopped/Manual Start]
<\??\C:\PROGRA~1\KV2006\KvMemon.sys><N/A>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\tmpF.tmp><N/A>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[nfrd960 / nfrd960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[NPF / NPF][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\12.tmp><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[phy / phy][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\phy.sys><N/A>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]

西部男人 - 2008-4-13 22:47:00

<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[PProtect / PProtect][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Sc Manager / Sc Manager][Stopped/Manual Start]
<\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbcams3.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Service for AC'97 Sample Driver (WDM) / SiS7012][Running/Manual Start]
<system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SISIDE / SISIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP][Running/Manual Start]
<system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[SiSRaid / SiSRaid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\yaskp.sys><N/A>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

西部男人 - 2008-4-13 22:48:00

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5068.dll, N/A>
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[视频聊天]
{6924091F-CD97-41E1-B1D4-D9079409D413} <http://www.liantang.net, N/A>
[寻论网--中学作业解答]
{6924091F-CD97-41E1-B1D4-D9079409D423} <http://www.xunlun.com, N/A>
[珊瑚虫工具栏]
{8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_0601005.dll, IE Toolbar>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
[nEdit Control]
{32D72994-45B9-42B5-8980-FB561D1BE2D0} <C:\WINDOWS\system32\nEdit\nEdit.ocx, NetEase Information Technology (Beijing) Co. Ltd>
[SVG Document]
{377B5106-3B4E-4A2D-8520-8767590CAC86} <C:\WINDOWS\system32\Adobe\SVGVIE~1.0\NPSVG3.dll, Adobe Systems Inc.>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[UploadControl Control]
{52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, Koos>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Java Plug-in 1.4.2_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll, JavaSoft / Sun Microsystems, Inc.>
[VqqSpeedDlProxy Class]
{9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Java Plug-in 1.4.2_04]
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5068.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[nEdit Control]
{32D72994-45B9-42B5-8980-FB561D1BE2D0} <C:\WINDOWS\system32\nEdit\nEdit.ocx, NetEase Information Technology (Beijing) Co. Ltd>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[UploadControl Control]
{52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yalive.dll, yahoo! china>
[KooPlayer Control]
{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, Koos>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[]
{6167F471-EF2B-41DD-A5E5-C26ACDB5C096} <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys, N/A>
[HanGamePluginCn18 Class]
{61F5C358-60FB-4A23-A312-D2B556620F20} <C:\WINDOWS\downloaded program files\hangameplugincn18.dll, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft 外壳 UI 帮助程序]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c0.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.lotuspond.com.cn)>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Kuaiso Toolsbar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\Kuaiso Toolsbar\kuaiso_0601005.dll, IE Toolbar>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[WBEM Scripting Sink]
{75718C9A-F029-11D1-A1AC-00C04FB6C223} <C:\WINDOWS\system32\wbem\wbemdisp.dll, Microsoft Corporation>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[WBEM Scripting Locator]
{76A64158-CB41-11D1-8B02-00600806D9B6} <C:\WINDOWS\system32\wbem\wbemdisp.dll, Microsoft Corporation>

西部男人 - 2008-4-13 22:51:00

[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[GlobalLink Chat Control]
{AE93C5DF-A990-11D1-AEBD-5254ABDD2B69} <C:\PROGRA~1\GLOBAL~1\Game\Share\GLChat.ocx, GlobalLink>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[ActiveX Class]
{C3D8F2C7-A508-4724-BC3A-C247058D17EB} <C:\Program Files\Novasoft\vodplayer\VODPlayer.dll, PowerCOM>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WVX Moniker Class]
{CD3AFA95-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[使用影音传送带下载]
<C:\Program Files\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到我的网易博客]
<C:\WINDOWS\system32\NetEase.html, N/A>

==================================
正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [, ]
[C:\WINDOWS\system32\msaud32.acm] [Microsoft Corporation, 8.00.00.4487]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINDOWS\system32\l3codeca.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 1092 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 1324 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.003]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 1396 / new][C:\WINDOWS\Explorer.EXE] [N/A, ]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\system32\juacbihd.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\system32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 1628 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 1764 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]

西部男人 - 2008-4-13 22:52:00

[PID: 1780 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 340 / new][C:\WINDOWS\system32\WgaTray.exe] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\system32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\system32\juacbihd.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 496 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\System32\hfjg.dll] [N/A, ]
[C:\WINDOWS\System32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\System32\rhs.dll] [N/A, ]
[C:\WINDOWS\System32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\System32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 2152 / new][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2164 / new][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe] [Yahoo! China, 3, 0, 4, 1005]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll] [Yahoo! China, 3, 0, 5, 1007]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll] [Yahoo! China, 3, 0, 1, 1001]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll] [Yahoo! China, 3, 0, 2, 1002]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll] [Yahoo! China, 3, 0, 1, 1002]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2180 / new][C:\Program Files\OCINS\idnsvr.exe] [中国互联网信息中心(CNNIC), 2, 6, 0, 1]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\Program Files\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 4]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2188 / new][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 2464 / new][C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\wdfmgr.exe] [N/A, ]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[PID: 4072 / new][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 3540 / new][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[PID: 3992 / new][C:\WINDOWS\system32\dllcache\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\dllcache\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\system32\dllcache\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\system32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\msi.dll] [Microsoft Corporation, 3.1.4000.4039]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\system32\juacbihd.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\dllcache\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\dllcache\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\ayFKKFKK1055.dll] [N/A, ]
[C:\WINDOWS\system32\ttEZZEZZ1046.dll] [N/A, ]
[C:\WINDOWS\system32\ttNNBNNB1047.dll] [N/A, ]
[C:\WINDOWS\system32\ttVUFVUF1011.dll] [N/A, ]
[C:\WINDOWS\system32\ttQACQAC1035.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\dllcache\tsd32.dll] [, ]
[C:\WINDOWS\system32\msaud32.acm] [Microsoft Corporation, 8.00.00.4487]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINDOWS\system32\l3codeca.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]

西部男人 - 2008-4-13 22:53:00

[PID: 2636 / new][C:\WINDOWS\123\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\system32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\system32\juacbihd.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[D:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[E:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[F:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe

==================================
HOSTS 文件
127.0.0.1 localhost
124.238.254.113 www.10280011.com
124.238.254.113 10280011.com
124.238.254.113 www.10289900.com
124.238.254.113 10289900.com
124.238.254.113 www.78877788.com
124.238.254.113 78877788.com
124.238.254.113 www.11051122.com
124.238.254.113 11051122.com
124.238.254.113 1.ehai01.com
124.238.254.113 da.ehai01.com
124.238.254.113 ehai01.com
124.238.254.113 2008.sekart.cn
124.238.254.113 www.sekart.cn
124.238.254.113 sekart.cn
124.238.254.113 www.11309988.com
124.238.254.113 www.12100088.com
124.238.254.113 www.12108899.com
124.238.254.113 d2.llsging.com
124.238.254.113 llsging.com
124.238.254.113 dd.749571.com
124.238.254.113 749571.com
124.238.254.113 pr.749571.com
124.238.254.113 txwm1204.com
124.238.254.113 www.txwm1204.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1324, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1324, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1396, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1396, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1396, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2164, C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2164, C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2164, C:\PROGRA~1\YAHOO!\ASSISTANT\YASSISTSE.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2188, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2188, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2188, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2464, C:\WINDOWS\FONTS\00-E0-06-09-56-74\SYSTEM\WDFMGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2464, C:\WINDOWS\FONTS\00-E0-06-09-56-74\SYSTEM\WDFMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2464, C:\WINDOWS\FONTS\00-E0-06-09-56-74\SYSTEM\WDFMGR.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3992, C:\WINDOWS\SYSTEM32\DLLCACHE\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3992, C:\WINDOWS\SYSTEM32\DLLCACHE\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3992, C:\WINDOWS\SYSTEM32\DLLCACHE\EXPLORER.EXE]

==================================
API HOOK
入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D)

==================================
隐藏进程
N/A

[/CODE]

天月来了 - 2008-4-14 9:44:00

我就不明白了。

为什么我遇到的所有求助的都绝不看我发的汉字呢？？？？

我1楼说：“直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。
一定以附件形式发这论坛来。
点击我这贴右下角的“引用”然后就应该知道怎么发了。

你可以打开日志后，在左上角的“编辑”里选择“全选”再选择“复制”
就可以彻底复制日志内容到另一个空记事本保存了”

真的就那么看不懂吗？？？？？

西部男人 - 2008-4-14 12:30:00

日志

附件: 10397002008414121839.txt

xiaoxiongjoy - 2008-4-14 14:21:00

头皮发麻，中了这么多的病毒，你的机器还活着。奇迹！
C:\Program Files\jj4\jjsvr4.exe
C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd.exe
C:\PROGRA~1\TENCENT\Adplus\stup.exe 你这个装的什么软件？
修复启动项
TBMonEx><C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\wdfmgr.exe> []
<inudhya><C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\soundma.exe> []
<SHAProc><C:\WINDOWS\SHAProc.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<scufnchl><C:\WINDOWS\cfcltdiz.exe> []
<fmsbbqi><C:\WINDOWS\fmsbbqi.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<WSockDrv32><C:\WINDOWS\aberzw.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<mfchlp32><C:\WINDOWS\mfchlp32.exe> []
<tciocp32><C:\WINDOWS\tciocp32.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wfhyt.dll,kghk.dll,lfsjgf.dll,stehs.dll,fghshj.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,msepbe.dll,> [N/A]
删除下列文件
<{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> []
<{6ce08af1-5f70-4c1a-8d1a-8aba11619e87}><C:\WINDOWS\system32\ayFKKFKK1055.dll> []
<{05922c2d-da84-48e8-a3e4-e797c58c39cf}><C:\WINDOWS\system32\ttEZZEZZ1046.dll> []
<{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><C:\WINDOWS\system32\ttNNBNNB1047.dll> []
<{29fab913-d0cd-477b-a3f0-3d7c3a90379b}><C:\WINDOWS\system32\ttVUFVUF1011.dll> []
<{79dae25e-7bee-4484-bb1a-f30c45d535d9}><C:\WINDOWS\system32\ttQACQAC1035.dll> []
<{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}><C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys> []
C:\WINDOWS\system32\qqxyd.exe
SystemRoot\\SystemRoot\System32\drivers\8472343.sys
SystemRoot\system32\drivers\afbidbch.sys
SystemRoot\system32\drivers\dafaddij.sys
SystemRoot\system32\drivers\ddcjhdid.sys
C:\WINDOWS\system32\drivers\EagleNT.sys
SystemRoot\system32\drivers\ediafeca.sys
SystemRoot\system32\drivers\iajfeech.sys
system32\drivers\h***oul.sys
C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbhcid.sys
C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\tmpF.tmp
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
<\??\C:\WINDOWS\system32\drivers\12.tmp><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
<\??\C:\WINDOWS\system32\DRIVERS\phy.sys
C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbcams3.sys
SystemRoot\system32\drivers\yaskp.sys
C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys
C:\PROGRA~1\OCINS\ieaux.dll
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\system32\xgnfn.dll] [N/A, ]
[C:\WINDOWS\system32\hfjg.dll] [N/A, ]
[C:\WINDOWS\system32\ijatnaw.dll] [N/A, ]
[C:\WINDOWS\system32\rhs.dll] [N/A, ]
[C:\WINDOWS\system32\bjrvm.dll] [N/A, ]
[C:\WINDOWS\system32\msepbe.dll] [N/A, ]
[C:\WINDOWS\system32\mfdesy.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\inudhya.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\system32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\system32\juacbihd.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\system32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys] [N/A, ]
Autorun.inf
[C:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[D:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[E:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe
[F:\]
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell\打开(&O)\command=ntldr.exe

天月来了 - 2008-4-14 14:40:00

做好准备后，一定要断网处理，不然不能成功：

你只有用Xdelbox这个工具去删除这些文件。
Xdelbox下载：http://www.dodudou.com/down/里面的“原创软件文件夹”下载那个1.6版本的。
下载后
解压所有文件到一个文件夹,（一定要解压出来运行，不要懒）运行xdelbox前请拔掉插在电脑上的所有移动硬盘、U盘、MP3等。
将下面的文件信息全部复制，然后打开Xdelbox,（打开后，不要好奇点这Xdelbox玩）直接在下面大窗口的空白处，使用右键菜单的“剪贴板导入不检查路径”导入，并全选文件选择右键菜单的“立刻重启删除”

c:\program files\internet explorer\plugins\winsys8v.sys
c:\windows\fonts\00-e0-06-09-56-74\system\inudhya.dll
c:\windows\system32\avpsrv.dll
c:\windows\system32\ayfkkfkk1055.dll
c:\windows\system32\bjrvm.dll
c:\windows\system32\cmdbcs.dll
c:\windows\system32\dbghlp32.dll
c:\windows\system32\fmsbbqi.dll
c:\windows\system32\hfjg.dll
c:\windows\system32\ijatnaw.dll
c:\windows\system32\juacbihd.dll
c:\windows\system32\lotushlp.dll
c:\windows\system32\mfchlp32.dll
c:\windows\system32\mfdesy.dll
c:\windows\system32\msccrt.dll
c:\windows\system32\msepbe.dll
c:\windows\system32\ptsshell.dll
c:\windows\system32\rhs.dll
c:\windows\system32\shaproc.dat
c:\windows\system32\tciocp32.dll
c:\windows\system32\ttezzezz1046.dll
c:\windows\system32\ttnnbnnb1047.dll
c:\windows\system32\ttqacqac1035.dll
c:\windows\system32\ttvufvuf1011.dll
c:\windows\system32\upxdnd.dll
c:\windows\system32\wsockdrv32.dll
c:\windows\system32\xgnfn.dll
c:\docume~1\new\locals~1\temp\setupcmd.exe
c:\progra~1\tencent\adplus\stup.exe
c:\windows\fonts\00-e0-06-09-56-74\system\wdfmgr.exe
c:\windows\fonts\00-e0-06-09-56-74\system\soundma.exe
c:\windows\shaproc.exe
c:\windows\dbghlp32.exe
c:\windows\cfcltdiz.exe
c:\windows\fmsbbqi.exe
c:\windows\ptsshell.exe
c:\windows\avpsrv.exe
c:\windows\aberzw.exe
c:\windows\upxdnd.exe
c:\windows\lotushlp.exe
c:\windows\mfchlp32.exe
c:\windows\tciocp32.exe
c:\windows\cmdbcs.exe
c:\windows\msccrt.exe
c:\windows\fonts\00-e0-06-09-56-74\system\lmmh.exe
c:\windows\system32\qqxyd.exe
c:\windows\system32\drivers\8472343.sys
c:\windows\system32\drivers\dafaddij.sys
c:\windows\system32\drivers\ddcjhdid.sys
c:\windows\system32\drivers\ediafeca.sys
c:\windows\system32\drivers\iajfeech.sys
c:\docume~1\newcf6~1.000\locals~1\temp\usbhcid.sys
c:\docume~1\newcf6~1.000\locals~1\temp\tmpf.tmp
c:\windows\system32\drivers\msosmsfpfis64.sys
c:\windows\system32\drivers\12.tmp
c:\windows\system32\drivers\phy.sys
c:\docume~1\newcf6~1.000\locals~1\temp\usbcams3.sys
c:\windows\system32\drivers\yaskp.sys
c:\documents and settings\all users\application data\microsoft\userdata\iehelper_5068.dll
c:\windows\downloaded program files\hangameplugincn18.dll
c:\windows\system32\ssup.dll
C:\Autorun.inf
C:\ntldr.exe
D:\Autorun.inf
D:\ntldr.exe
E:\Autorun.inf
E:\ntldr.exe
F:\Autorun.inf
F:\ntldr.exe

重启计算机以后会有两个系统进入的选择的倒计时界面
第一个是你原来的windows系统
第二个是这个软件给你设定的dos系统
系统会自动选择进入第二个系统
此时不要进行任何操作
之后会自动重启进入正常模式
进入系统后，再做下面的：
————————————————————————————————————————
去C:\WINDOWS\system32\dllcache文件夹里找Explorer.EXE文件，复制到C:\WINDOWS\文件夹里替换。
或者在下面这贴附件里下载，那是XP系统里的Explorer.EXE文件。
http://forum.ikaka.com/topic.asp?board=28&artid=8417665

替换前先在任务管理器里结束Explorer.EXE进程。

[PID: 1396 / new][C:\WINDOWS\Explorer.EXE] [N/A, ]
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除：
[C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd.exe] <rem C:\DOCUME~1\new\LOCALS~1\Temp\SetupCmd.exe>
[stup.exe] <; C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[TBMonEx] <C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\wdfmgr.exe>
[inudhya] <C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\soundma.exe>
[SHAProc] <C:\WINDOWS\SHAProc.exe>
[DbgHlp32] <C:\WINDOWS\DbgHlp32.exe>
[scufnchl] <C:\WINDOWS\cfcltdiz.exe>
[fmsbbqi] <C:\WINDOWS\fmsbbqi.exe>
[PTSShell] <C:\WINDOWS\PTSShell.exe>
[AVPSrv] <C:\WINDOWS\AVPSrv.exE>
[WSockDrv32] <C:\WINDOWS\aberzw.exe>
[upxdnd] <C:\WINDOWS\upxdnd.exe>
[LotusHlp] <C:\WINDOWS\LotusHlp.exe>
[mfchlp32] <C:\WINDOWS\mfchlp32.exe>
[tciocp32] <C:\WINDOWS\tciocp32.exe>
[cmdbcs] <C:\WINDOWS\cmdbcs.exe>
[msccrt] <C:\WINDOWS\msccrt.exe>
[{DC3D30AE-0380-4151-8934-EE98A34B0370}] <C:\WINDOWS\system32\mfdesy.dll>
[{6ce08af1-5f70-4c1a-8d1a-8aba11619e87}] <C:\WINDOWS\system32\ayFKKFKK1055.dll>
[{05922c2d-da84-48e8-a3e4-e797c58c39cf}] <C:\WINDOWS\system32\ttEZZEZZ1046.dll>
[{c4bf46a2-1c05-427d-992f-4e24f7d57f68}] <C:\WINDOWS\system32\ttNNBNNB1047.dll>
[{29fab913-d0cd-477b-a3f0-3d7c3a90379b}] <C:\WINDOWS\system32\ttVUFVUF1011.dll>
[{79dae25e-7bee-4484-bb1a-f30c45d535d9}] <C:\WINDOWS\system32\ttQACQAC1035.dll>
[{6167F471-EF2B-41DD-A5E5-C26ACDB5C096}] <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys>
[IFEO[ati2evxx.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[egui.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[idag.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[kaccore.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[kissvc.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[KPPMain.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[my.exe]] <C:\WINDOWS\Fonts\00-E0-06-09-56-74\system\lmmh.exe>
[IFEO[QQLogin.exe]] <"C:\WINDOWS\system32\qqxyd.exe">
[IFEO[qqsc.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[ravtask.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[ravtool.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[rfwproxy.exeFYFireWall.exe]] <C:\WINDOWS\system32\svchost.exe>
[IFEO[XYD2.exe]] <"C:\WINDOWS\system32\qqxyd.exe">
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里将下面项目置空（就是选择“编辑”）这必须关闭杀毒软件的监控，否则改不了可能。
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wfhyt.dll,kghk.dll,lfsjgf.dll,stehs.dll,fghshj.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,msepbe.dll,> [N/A]

就是将 <AppInit_DLLs><wfhyt.dll,kghk.dll,lfsjgf.dll,stehs.dll,fghshj.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,msepbe.dll,> [N/A]的“值”项编辑置空为：

<AppInit_DLLs><> [N/A]

你可以选择其中一个红色项，然后编辑时你可能看不到什么，只需要在值项里输入任意一个字母或数字即可。

————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除，

[a0 / a0] <\SystemRoot\\SystemRoot\System32\drivers\8472343.sys>
[dafaddij / dafaddij] <\SystemRoot\system32\drivers\dafaddij.sys>
[ddcjhdid / ddcjhdid] <\SystemRoot\system32\drivers\ddcjhdid.sys>
[ediafeca / ediafeca] <\SystemRoot\system32\drivers\ediafeca.sys>
[iajfeech / iajfeech] <\SystemRoot\system32\drivers\iajfeech.sys>
[iCafe Manager / iCafe Manager] <\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbhcid.sys>
[mnsf / mnsf] <\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\tmpF.tmp>
[msfpfis64 / msfpfis64] <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys>
[NPF / NPF] <\??\C:\WINDOWS\system32\drivers\12.tmp>
[phy / phy] <\??\C:\WINDOWS\system32\DRIVERS\phy.sys>
[Sc Manager / Sc Manager] <\??\C:\DOCUME~1\NEWCF6~1.000\LOCALS~1\Temp\usbcams3.sys>
[yaskp / yaskp] <\SystemRoot\system32\drivers\yaskp.sys>

—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除

[MyIEHelper Class] <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5068.dll>
[] <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys>
[HanGamePluginCn18 Class] <C:\WINDOWS\downloaded program files\hangameplugincn18.dll>
[] <C:\Program Files\Internet Explorer\PLUGINS\WinSys8v.Sys>
[MyIEHelper Class] <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5068.dll>
[] <C:\WINDOWS\system32\SSup.dll>
[] <C:\WINDOWS\system32\SSup.dll>

————————————————————————————————————
在扫日志的SRENG工具》系统修复》HOSTS文件》选择“重置”再“保存”

————————————————————————————————————
再重启电脑，反复检查，操作删除，

————————————————————————————————————
再重启电脑，升级杀毒软件至最新版本全盘杀毒。

下载卡卡助手，清理你那系统。

记得打打系统漏洞补丁

清空IE缓存，清空临时文件夹。

这里下载 W i n d o w s 清理助手，清理你那系统。清理掉所有垃圾软件。
http://www.arswp.com/

瑞星卡卡安全论坛