防火墙OK.但是瑞星红伞.请求高手指点一下日志 bbs.ikaka.com

罗轩 - 2008-6-16 14:38:00

防火墙OK.但是瑞星红伞.请求高手指点一下!
怕大家没时间下，把日志写在后面了，希望能帮下我~

附件: SREngLOG.log

罗轩 - 2008-6-16 14:49:00

电脑不敢用了，请高手紧急指点一下
瑞星红伞，开了会说应用程序错误，然后就关了
....

罗轩 - 2008-6-16 14:57:00

[CODE]
2000-06-16,14:36:25
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<runeip><"C:\Program Files\Rising\KakaToolBar\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
<StormCodec_Helper><"E:\Storm Codec\StormSet.exe" /S /opti> []
<WebThunder><E:\web讯雷\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
<Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><c:\windows\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs>< ,yzztimsn.dll,ieprot.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{528DF602-9541-A985-210A-984A698C6F25}><C:\WINDOWS\system32\ptjhehlp.dll> [N/A]
<{5A069845-2036-6084-9054-6087502480A5}><C:\WINDOWS\system32\ozfyebyt.dll> []
<{9490415F-65F8-B5C5-D8BA-9405FB120549}><C:\WINDOWS\system32\yzztimsn.dll> [N/A]
<{6FD45A54-9875-698F-E56E-65102358FDF6}><C:\WINDOWS\system32\apsgfjba.dll> [N/A]
<{22596546-2036-9451-6058-658402589722}><C:\WINDOWS\system32\opshbbty.dll> []
<{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}><C:\WINDOWS\system32\oohxdbyt.dll> []
<{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><C:\WINDOWS\system32\mnmhgsrv.dll> []
<{6A041F13-A111-12A3-B0CF-F99818AA68A6}><C:\WINDOWS\system32\zxmscwin.dll> []
<{81954FAC-1023-154F-895A-1458258AD818}><C:\WINDOWS\system32\ypdjfbmp.dll> []
<{37AC9076-C898-B098-D098-A18319080973}><C:\WINDOWS\system32\nhmxcjkl.dll> [N/A]
<{4F4F0064-71E0-4f0d-0015-708476C7815F}><C:\WINDOWS\system32\midimapmy.dll> []
<{4F4F0064-71E0-4f0d-0006-708476C7815F}><C:\WINDOWS\system32\midimapcb.dll> []
<{4F4F0064-71E0-4f0d-0017-708476C7815F}><C:\WINDOWS\system32\midimaptl.dll> []
<{4F4F0064-71E0-4f0d-0021-708476C7815F}><C:\WINDOWS\system32\midimappt.dll> []
<{4F4F0064-71E0-4f0d-0012-708476C7815F}><C:\WINDOWS\system32\midimapjr.dll> []
<{4F4F0064-71E0-4f0d-0004-708476C7815F}><C:\WINDOWS\system32\midimapwl.dll> []
<{4F4F0064-71E0-4f0d-0005-708476C7815F}><C:\WINDOWS\system32\midimapzx.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<midimapzx><C:\WINDOWS\system32\midimapzx.dll> []
<midimapmy><C:\WINDOWS\system32\midimapmy.dll> []
<midimapwl><C:\WINDOWS\system32\midimapwl.dll> []
<midimaptl><C:\WINDOWS\system32\midimaptl.dll> []
<midimapcb><C:\WINDOWS\system32\midimapcb.dll> []
<midimapjr><C:\WINDOWS\system32\midimapjr.dll> []
<midimappt><C:\WINDOWS\system32\midimappt.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
[彩虹QQ显IP]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\彩虹QQ显IP.lnk --> C:\PROGRA~1\彩虹QQ\CaiHong.exe [N/A]><N>
==================================
服务
[18 / 2008][Stopped/Auto Start]
<C:\WINDOWS\RemoteAbc.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>
==================================
驱动程序
[963d29e0fc67dcf6 / 963d29e0fc67dcf6][Stopped/Manual Start]
<\??\C:\963d29e0fc67dcf6.dat><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
<system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HiddFldy / HiddFldy][Running/Auto Start]
<\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[PciHardDisk / PciHardDisk][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\pcidisk.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Sony Ericsson Device 038 Driver driver (WDM) / SE26bus][Stopped/Manual Start]
<system32\DRIVERS\SE26bus.sys><MCCI>
[Sony Ericsson Device 038 USB WMC Modem Filter / SE26mdfl][Stopped/Manual Start]
<system32\DRIVERS\SE26mdfl.sys><MCCI>
[Sony Ericsson Device 038 USB WMC Modem Driver / SE26mdm][Stopped/Manual Start]
<system32\DRIVERS\SE26mdm.sys><MCCI>
[Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM) / SE26mgmt][Stopped/Manual Start]
<system32\DRIVERS\SE26mgmt.sys><MCCI>
[Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS) / se26nd5][Stopped/Manual Start]
<system32\DRIVERS\se26nd5.sys><MCCI>
[Sony Ericsson Device 038 USB WMC OBEX Interface / SE26obex][Stopped/Manual Start]
<system32\DRIVERS\SE26obex.sys><MCCI>
[Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM) / se26unic][Stopped/Manual Start]
<system32\DRIVERS\se26unic.sys><MCCI>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[Sony Ericsson Z550 driver (WDM) / Z550bus][Stopped/Manual Start]
<system32\DRIVERS\Z550bus.sys><MCCI>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\web讯雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[]
{22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
{37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} <C:\WINDOWS\system32\oohxdbyt.dll, N/A>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A>
[]
{6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[]
{9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\HFGameOPT\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <D:\PPLive\PPLive.exe, N/A>
[启动WEB迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[IE搜索工具条]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <E:\web讯雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[]
{22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
{37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} <C:\WINDOWS\system32\oohxdbyt.dll, N/A>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\DOCUME~1\ADMINI~1\APPLIC~1\ppStream\2258~1.577\POWERP~1.DLL, PPStream Inc.>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
{6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SopCore Control]
{8FEFF364-6A5F-4966-A917-A3AC28411659} <D:\SopCast\sopocx.ocx, www.sopcast.com>
[]
{9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE搜索工具条]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[使用WEB迅雷下载]
<E:\web讯雷\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
<E:\web讯雷\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A

罗轩 - 2008-6-16 14:57:00

==================================
正在运行的进程
[PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 768 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1136 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1216 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
[C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1256 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1360 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1424 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0]
[c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1648 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1692 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.33]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9]
[c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1820 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[C:\WINDOWS\system32\ozfyebyt.dll] [N/A, ]
[C:\WINDOWS\system32\opshbbty.dll] [N/A, ]
[C:\WINDOWS\system32\oohxdbyt.dll] [N/A, ]
[C:\WINDOWS\system32\mnmhgsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zxmscwin.dll] [N/A, ]
[C:\WINDOWS\system32\ypdjfbmp.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1908 / Administrator][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[PID: 1988 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 572 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 52]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[PID: 588 / Administrator][C:\Program Files\Rising\KakaToolBar\runiep.exe] [Beijing Rising Technology Co., Ltd., 5.0.0.16]
[C:\Program Files\Rising\KakaToolBar\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\KakaToolBar\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\WINDOWS\system32\ozfyebyt.dll] [N/A, ]
[C:\WINDOWS\system32\opshbbty.dll] [N/A, ]
[C:\WINDOWS\system32\oohxdbyt.dll] [N/A, ]
[C:\WINDOWS\system32\mnmhgsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zxmscwin.dll] [N/A, ]
[C:\WINDOWS\system32\ypdjfbmp.dll] [N/A, ]
[PID: 352 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[PID: 676 / Administrator][E:\web讯雷\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 12, 3, 214]
[E:\web讯雷\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[E:\web讯雷\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 1, 56]
[E:\web讯雷\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
[E:\web讯雷\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[E:\web讯雷\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
[E:\web讯雷\streammedialib.dll] [, 1, 3, 2, 124]
[E:\web讯雷\al.dll] [, 1, 0, 1, 3]
[E:\web讯雷\xldc.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[E:\web讯雷\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 6]
[E:\web讯雷\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
[E:\web讯雷\CacheServer.dll] [, 1, 0, 0, 1]
[E:\web讯雷\XLSafe\SafeInfo.dll] [深圳市迅雷网络技术有限公司, 1, 0, 1, 2]
[E:\web讯雷\XLSafe\RMFScan.dll] [N/A, ]
[E:\web讯雷\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 3, 4, 18]
[E:\web讯雷\DownAndPlay\WebDownAndPlay.dll] [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 3, 21]
[E:\web讯雷\XLStatistic\XLStatisticAddin.dll] [深圳市迅雷网络技术有限公司, 1, 4, 1, 5]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[PID: 932 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 1088 / Administrator][C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe] [Sony Ericsson Mobile Communications AB, 1.1.1.3]

罗轩 - 2008-6-16 14:58:00

[C:\Program Files\Common Files\Teleca Shared\Telecalib_logging.dll] [Teleca/Popwire AB, 1, 0, 2, 3]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll] [N/A, ]
[C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll] [Sony Ericsson Mobile Communications AB, 1.0.6.1]
[C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll] [Sony Ericsson Mobile Communications AB, 1.0.6.1]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile2\InstSupport\TC Device Mgmt.dll] [Teleca Software Solutions, 1, 0, 1, 1]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[PID: 1108 / Administrator][C:\Program Files\Unlocker\UnlockerAssistant.exe] [N/A, ]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[PID: 1180 / Administrator][C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe] [Popwire AB, 1.2.0.70]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Teleca Shared\tlib_log.dll] [Popwire AB, 1, 0, 3, 3]
[C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll] [N/A, ]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
[PID: 1324 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3280 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[PID: 3296 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[E:\web讯雷\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 75]
[C:\WINDOWS\system32\opshbbty.dll] [N/A, ]
[C:\WINDOWS\system32\ozfyebyt.dll] [N/A, ]
[C:\WINDOWS\system32\oohxdbyt.dll] [N/A, ]
[C:\WINDOWS\system32\zxmscwin.dll] [N/A, ]
[C:\WINDOWS\system32\mnmhgsrv.dll] [N/A, ]
[C:\WINDOWS\system32\ypdjfbmp.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[PID: 3812 / Administrator][C:\Program Files\Common Files\Teleca Shared\Generic.exe] [Teleca Software Solutions, 1, 0, 3, 2]
[C:\Program Files\Common Files\Teleca Shared\Telecalib_logging.dll] [Teleca/Popwire AB, 1, 0, 2, 3]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll] [N/A, ]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
[C:\Program Files\Sony Ericsson\Mobile2\InstSupport\TC Device Mgmt.dll] [Teleca Software Solutions, 1, 0, 1, 1]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile2\Device Manager\SpecificMPM.dll] [SonyEricsson, 1, 0, 2, 1]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll] [N/A, ]
[C:\Program Files\Common Files\Teleca Shared\SpecificUSB.dll] [Popwire AB, 1, 2, 1, 1]
[C:\Program Files\Common Files\Teleca Shared\tlib_log.dll] [Popwire AB, 1, 0, 3, 3]
[C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll] [N/A, ]
[PID: 3912 / Administrator][C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe] [Sony Ericsson Mobile Communications AB, 1, 2, 0,1190]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,122]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1194]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll] [Sony Ericsson Mobile Communications AB, 1, 2, 0,309]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0804.DLL] [Popwire AB, 1, 0, 0,2018]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msmeirsock_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,946]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ms98irsock_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,991]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1003]
[C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll] [Sony Ericsson Mobile Communications AB, 1, 0, 0,1226]
[PID: 4052 / Administrator][C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe] [锐捷网络, 3, 2, 0, 0]
[C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[C:\PROGRA~1\锐捷网络\RUIJIE~1\EXRGPA~1.OCX] [锐捷网络, 1, 0, 0, 1]
[C:\PROGRA~1\锐捷网络\RUIJIE~1\HIDetect.dll] [锐捷网络, 1, 0, 0, 1]
[C:\PROGRA~1\锐捷网络\RUIJIE~1\Vx_API.dll] [锐捷网络, 1, 0, 0, 1]
[C:\WINDOWS\system32\ozfyebyt.dll] [N/A, ]
[C:\WINDOWS\system32\opshbbty.dll] [N/A, ]
[C:\WINDOWS\system32\oohxdbyt.dll] [N/A, ]
[C:\WINDOWS\system32\mnmhgsrv.dll] [N/A, ]
[C:\WINDOWS\system32\zxmscwin.dll] [N/A, ]
[C:\WINDOWS\system32\ypdjfbmp.dll] [N/A, ]
[PID: 2424 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[PID: 2892 / Administrator][F:\Xunlei\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ]
[C:\WINDOWS\system32\midimapzx.dll] [N/A, ]
[C:\WINDOWS\system32\midimapwl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapjr.dll] [N/A, ]
[C:\WINDOWS\system32\midimappt.dll] [N/A, ]
[C:\WINDOWS\system32\midimaptl.dll] [N/A, ]
[C:\WINDOWS\system32\midimapcb.dll] [N/A, ]
[C:\WINDOWS\system32\midimapmy.dll] [N/A, ]
[F:\Xunlei\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com
==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 588, C:\PROGRAM FILES\RISING\KAKATOOLBAR\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 588, C:\PROGRAM FILES\RISING\KAKATOOLBAR\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1088, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\APPLICATION LAUNCHER\APPLICATION LAUNCHER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1088, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\APPLICATION LAUNCHER\APPLICATION LAUNCHER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1108, C:\PROGRAM FILES\UNLOCKER\UNLOCKERASSISTANT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\UNLOCKER\UNLOCKERASSISTANT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1180, C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1180, C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3812, C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\GENERIC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3812, C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\GENERIC.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3912, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\MOBILE PHONE MONITOR\EPMWORKER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3912, C:\PROGRAM FILES\SONY ERICSSON\MOBILE2\MOBILE PHONE MONITOR\EPMWORKER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4052, C:\PROGRAM FILES\锐捷网络\RUIJIE SUPPLICANT\8021X.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4052, C:\PROGRAM FILES\锐捷网络\RUIJIE SUPPLICANT\8021X.EXE]
==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D4355)
入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D43F5)
入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D4355)
入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D43F5)
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00F91FFD)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00F920E5)
==================================
隐藏进程
N/A
==================================

[/CODE]

日不懂啊 - 2008-6-16 14:58:00

哥哥,点回复,把日志从附件发上来好吗?
不好编辑

天月来了 - 2008-6-16 14:58:00

建议我签名处木马群清理

清理完以后，

去我签名处折腾个2.6版的SRENG日志来打扫残余。（需要自己输入授权信息）

直接将日志文件以附件的形式发这论坛来。

一定以附件形式发这论坛来。
点击你自己的主题贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。

（同时注意SRENG工具的“入口点”提示和那个关于<AppInit_DLLs>项的<ieprot.dll>提示都只是常规提示，可以不管它，请不要为这问题反复询问。）

SRENG工具的一些操作，看这贴：http://bbs.ikaka.com/showtopic-8442813.aspx

日不懂啊 - 2008-6-16 14:59:00

不好意思,我没看到你的附件,抱歉,等我几分钟哈,我编辑一下

日不懂啊 - 2008-6-16 15:06:00

用附件的XDELBOX删除文件
C:\WINDOWS\system32\midimapzx.dll
C:\WINDOWS\system32\midimapwl.dll
C:\WINDOWS\system32\midimapjr.dll
C:\WINDOWS\system32\midimappt.dll
C:\WINDOWS\system32\midimaptl.dll
C:\WINDOWS\system32\midimapcb.dll
C:\WINDOWS\system32\midimapmy.dll
C:\WINDOWS\system32\opshbbty.dll
C:\WINDOWS\system32\ozfyebyt.dll
C:\WINDOWS\system32\oohxdbyt.dll
C:\WINDOWS\system32\zxmscwin.dll
C:\WINDOWS\system32\mnmhgsrv.dll
C:\WINDOWS\system32\ypdjfbmp.dll
C:\WINDOWS\system32\yzztimsn.dll
C:\WINDOWS\RemoteAbc.exe
C:\963d29e0fc67dcf6.dat

复制他们，从剪贴板导入，点上抑制再生，右键点击要删除的文件列表，选择立即重起删除(如果说找不到文件,不用管,继续操作)

重起以后进入XDELBOX工具，执行删除~

删除过后，打开SRENG

注册表中删除
<{528DF602-9541-A985-210A-984A698C6F25}><C:\WINDOWS\system32\ptjhehlp.dll> [N/A]
<{5A069845-2036-6084-9054-6087502480A5}><C:\WINDOWS\system32\ozfyebyt.dll> []
<{9490415F-65F8-B5C5-D8BA-9405FB120549}><C:\WINDOWS\system32\yzztimsn.dll> [N/A]
<{6FD45A54-9875-698F-E56E-65102358FDF6}><C:\WINDOWS\system32\apsgfjba.dll> [N/A]
<{22596546-2036-9451-6058-658402589722}><C:\WINDOWS\system32\opshbbty.dll> []
<{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}><C:\WINDOWS\system32\oohxdbyt.dll> []
<{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><C:\WINDOWS\system32\mnmhgsrv.dll> []
<{6A041F13-A111-12A3-B0CF-F99818AA68A6}><C:\WINDOWS\system32\zxmscwin.dll> []
<{81954FAC-1023-154F-895A-1458258AD818}><C:\WINDOWS\system32\ypdjfbmp.dll> []
<{37AC9076-C898-B098-D098-A18319080973}><C:\WINDOWS\system32\nhmxcjkl.dll> [N/A]
<{4F4F0064-71E0-4f0d-0015-708476C7815F}><C:\WINDOWS\system32\midimapmy.dll> []
<{4F4F0064-71E0-4f0d-0006-708476C7815F}><C:\WINDOWS\system32\midimapcb.dll> []
<{4F4F0064-71E0-4f0d-0017-708476C7815F}><C:\WINDOWS\system32\midimaptl.dll> []
<{4F4F0064-71E0-4f0d-0021-708476C7815F}><C:\WINDOWS\system32\midimappt.dll> []
<{4F4F0064-71E0-4f0d-0012-708476C7815F}><C:\WINDOWS\system32\midimapjr.dll> []
<{4F4F0064-71E0-4f0d-0004-708476C7815F}><C:\WINDOWS\system32\midimapwl.dll> []
<{4F4F0064-71E0-4f0d-0005-708476C7815F}><C:\WINDOWS\system32\midimapzx.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<midimapzx><C:\WINDOWS\system32\midimapzx.dll> []
<midimapmy><C:\WINDOWS\system32\midimapmy.dll> []
<midimapwl><C:\WINDOWS\system32\midimapwl.dll> []
<midimaptl><C:\WINDOWS\system32\midimaptl.dll> []
<midimapcb><C:\WINDOWS\system32\midimapcb.dll> []
<midimapjr><C:\WINDOWS\system32\midimapjr.dll> []
<midimappt><C:\WINDOWS\system32\midimappt.dll> []

把<AppInit_DLLs>< ,yzztimsn.dll,ieprot.dll> [N/A]设置为<AppInit_DLLs><ieprot.dll> [N/A]

删除服务
[18 / 2008][Stopped/Auto Start]
<C:\WINDOWS\RemoteAbc.exe><N/A>

删除驱动程序
[963d29e0fc67dcf6 / 963d29e0fc67dcf6][Stopped/Manual Start]
<\??\C:\963d29e0fc67dcf6.dat><N/A>
禁止驱动
[HiddFldy / HiddFldy][Running/Auto Start]
<\??\C:\WINDOWS\system32\d32dx9.sys><N/A>

删除[]
{22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
{37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} <C:\WINDOWS\system32\oohxdbyt.dll, N/A>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A>
[]
{6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[]
{9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A>

修复HOSTS文件~~

更新杀软，全盘杀毒~

附件: xdelboxnN.rar

罗轩 - 2008-6-16 15:49:00

谢谢楼上斑竹大哥.
我按照你的方法处理了.但是瑞星杀软依旧在运行时出现那个应用程序出错情况.依旧红伞.
...尴尬.我厚颜再扫描了一次.发了日志.希望能再费心稍看一下~.
真的，不胜感激..

附件: SREngLOG1.log

天月来了 - 2008-6-16 16:40:00

日志显示系统年份严重异常。2000-06-16,15:47:39
————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项,将启动类型改为“Disabled”
=================================
驱动程序
[PciHardDisk / PciHardDisk][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\pcidisk.sys><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
==================================
浏览器加载项
[]
{22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
{37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} <C:\WINDOWS\system32\oohxdbyt.dll, N/A>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A>
[]
{6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[]
{9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A>
[]
{22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
{37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} <C:\WINDOWS\system32\oohxdbyt.dll, N/A>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A>
[]
{6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[]
{9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A>
—————————————————————————————————————
用下载的“清理临时文件工具ATF-Cleaner-cn”，全选所有项目，点击“立即清理”
下载：http://bbs.ikaka.com/attachment.aspx?attachmentid=386491

用W i n d o w s 清理助手，清理你那系统。
W i n d o w s 清理助手下载：http://www.arswp.com/
————————————————————————————————————
再重启电脑，反复检查，操作的结果，

杀毒软件如果有异常，可能需要卸载重装，升级至最新版本全盘杀。

其他任何个人软件的异常，都可能需要卸载重装了。

记得打打系统漏洞补丁

这补丁很重要
http://bbs.ikaka.com/showtopic-8509685.aspx

部分工具的操作看这贴：http://bbs.ikaka.com/showtopic-8442813.aspx

瑞星卡卡安全论坛