【回复“龙海”的帖子】

仔细看清楚我的帖子。
如果按解决方案仍然无效，说明你的情况并附上日志
ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

楼主,你好:
我的I盘是本地磁盘,请问还是照您说的操作吗?ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

你好，我已经按你的方式试了，可是我进入进程时，只有C:\WINDOWS\Explorer.EXE
没有C:\Program Files\Common Files\Microsoft Shared\MSINFO\rehtemp.exe这个进程
还有强制删除里C:\WINDOWS\system32\xydll.dll和
C:\WINDOWS\system32\tdll.dll的下一行都有C:\WINDOWS\system32\xydll.dll.tmp
C:\WINDOWS\system32\tdll.dll.tmp
我用你的方法失败和这两条有关系吗？麻烦你再给我解答一下，谢谢！还有如果没有关系的话，还有什么办法可以解决这个问题吗？麻烦了！


ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

【回复“白云999”的帖子】
按我的回复操作ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

【回复“快乐小幺”的帖子】
你全盘搜索一下rehtemp.exe，找到后删除
将C:\WINDOWS\system32\xydll.dll.tmp
C:\WINDOWS\system32\tdll.dll.tmp
一并删除ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

是否还是在安全模式下运行ICESWORD.EXE，然后删除以上文件。ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

侠客我你的方法都试过了没用  以下是我的日志
HijackThis_zww汉化版扫描日志 V1.99.1

操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
e:\瑞星\防火墙\rising\rfw\rfwproxy.exe
e:\瑞星\防火墙\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
E:\瑞星\防火墙\Rising\Rfw\rfwmain.exe
C:\WINDOWS\VM_STI.EXE
E:\瑞星\Rising\Rav\RavTask.exe
E:\瑞星\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ChinaNet\VnetClient.exe
E:\淘宝旺旺\淘宝旺旺\WangWang.exe
D:\soft\QQ2005\cmqq\qq\QQ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\瑞星\rav\RavMonD.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\瑞星\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
E:\迅雷\Program\Thunder5.exe
F:\HIJACKTHIS\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - C:\PROGRA~1\ChinaNet\VNETTR~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\迅雷\ComDlls\XunLeiBHO_002.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RfwMain] "E:\瑞星\防火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - 启动项HKLM\\Run: [RavTask] "E:\瑞星\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - E:\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - E:\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\soft\QQ2005\cmqq\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\soft\QQ2005\cmqq\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\soft\QQ2005\cmqq\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\soft\QQ2005\cmqq\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - E:\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{099F7085-F016-4567-ADA7-77BD3C144C77}: NameServer = 202.96.104.27 202.96.104.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{099F7085-F016-4567-ADA7-77BD3C144C77}: NameServer = 202.96.104.27 202.96.104.17
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\瑞星\防火墙\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\瑞星\防火墙\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising Realtime Monitor Service (RsRavMon) - rising - E:\瑞星\rav\RavMonD.exe
O23 - NT 服务: sqlservr.exe (system) - Unknown owner - C:\WINDOWS\G_Server1.23.exe

ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

斑竹，昨天装的瑞星，但是监控刚开机是绿的，一会就变红的了。看了你的顶置，我全都一一试过，但是还是不行，最后只有把扫描的结果贴上来，麻烦帮我看看怎么回事，谢谢！

2006-10-27,00:22:15

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSNShell><C:\MSNShell\Bin\MSNShell.exe autorun> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SKYNET Personal FireWall><D:\Program Files\SkyNet\FireWall\PFWmain.exe> [sky.net.cn]
<QuickTime Task><"C:\pentax\qttask.exe" -atboottime> [Apple Computer, Inc.]
<ats><> [N/A]
<BigDogPath><D:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<AddrPlus3><D:\PROGRA~1\TENCENT\Adplus\stup.exe D:\PROGRA~1\TENCENT\Adplus\Adplus1.dll Rundll32> [N/A]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Super Rabbit SRCK><"C:\Program Files\Super Rabbit\MagicSet\SRCK.exe" /autokill:198> [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

==================================
启动文件夹
[Microsoft Office]
<D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<D:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
<><N/A>

==================================
驱动程序
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput]
<\??\D:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
<\??\E:\Tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2]
<\??\D:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
<\??\D:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TVICHW32 / TVICHW32]
<\??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
<system32\drivers\viaudios.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[MSN Shell 4]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\MSNShell\Bin\MSNShell.exe, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Tencent\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\FLASHGET\fgiebar.dll, Amaze Soft>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <c:\Kingsoft\FASTAI~1\IEBand.dll, >
[NetmarbleStarter21 Class]
{00001021-A15C-11D4-97A4-0050BF0FBE67} <D:\WINDOWS\Downloaded Program Files\NMStarter21.dll, CJInternet Inc.>
[NetmarbleStarter22 Class]
{00001022-A15C-11D4-97A4-0050BF0FBE67} <D:\WINDOWS\Downloaded Program Files\NMStarter22.dll, CJInternet Inc.>
[NetmarbleStarter23 Class]
{00001023-A15C-11D4-97A4-0050BF0FBE67} <D:\WINDOWS\Downloaded Program Files\NMStarter23.dll, CJInternet Inc.>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <D:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Minesweeper Flags Class]
{2917297F-F02B-4B9D-81DF-494B6333150B} <D:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <D:\WINDOWS\system32\MsnPUpld.dll, Microsoft? Corporation>
[YNKGAME Control]
{5BD43B68-56AF-4863-B168-3E0781C3339E} <D:\WINDOWS\DOWNLO~1\YNKGAME.ocx, Sunny YNK>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <D:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <D:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[NMTransX Module]
{92E82FBB-DA00-41E0-ABFE-95482E21A4F6} <D:\WINDOWS\Downloaded Program Files\NMTransX.dll, >
[CanStarter Control]
{C247D83D-4B52-481B-8296-BA31DD680608} <D:\WINDOWS\DOWNLO~1\CANSTA~1.OCX, hanseul>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Solitaire Showdown Class]
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} <D:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation>
[NetmarbleStarter21 Class]
{00001021-A15C-11D4-97A4-0050BF0FBE67} <D:\WINDOWS\Downloaded Program Files\NMStarter21.dll, CJInternet Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <D:\WINDOWS\system32\CMBEdit.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <D:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <D:\WINDOWS\system32\MsnPUpld.dll, Microsoft? Corporation>
[YNKGAME Control]
{5BD43B68-56AF-4863-B168-3E0781C3339E} <D:\WINDOWS\DOWNLO~1\YNKGAME.ocx, Sunny YNK>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <c:\Kingsoft\FASTAI~1\IEBand.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <D:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, N/A>
[NMTransX Module]
{92E82FBB-DA00-41E0-ABFE-95482E21A4F6} <D:\WINDOWS\Downloaded Program Files\NMTransX.dll, >
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\FLASHGET\jccatch.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CanStarter Control]
{C247D83D-4B52-481B-8296-BA31DD680608} <D:\WINDOWS\DOWNLO~1\CANSTA~1.OCX, hanseul>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\FLASHGET\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
<, N/A>
[使用KuGoo3下载(&K)]
<D:\PROGRA~1\KUGOO2\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
<C:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<E:\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Tencent\SendMMS.htm, N/A>
[设为 Messenger Live 头像]
<C:\MSNShell\Bin\SetMSNDP.htm, N/A>
ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119]
[PID: 740][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][D:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[D:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 916][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1512][D:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[D:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1560][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\MSNShell\Bin\ShellDll.dll] [N/A, N/A]
[PID: 1628][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1916][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 264][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 380][D:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 948][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][D:\Program Files\SkyNet\FireWall\PFWmain.exe] [sky.net.cn, 2.5.0.120]
[C:\MSNShell\Bin\ShellDll.dll] [N/A, N/A]
[PID: 1296][D:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[D:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 1304][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1368][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1528][C:\MSNShell\Bin\MSNShell.exe] [N/A, N/A]
[C:\MSNShell\Bin\ShellDll.dll] [N/A, N/A]
[PID: 1532][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\MSNShell\Bin\ShellDll.dll] [N/A, N/A]
[PID: 2936][D:\Documents and Settings\XiaoFish\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\MSNShell\Bin\ShellDll.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
192.168.0.0 www.51mxd.com
192.168.0.0 51mxd.com
192.168.0.0 bbs.51mxd.com
192.168.0.0 www.91mxd.com
192.168.0.0 91mxd.com
192.168.0.0 bbs.91mxd.com
192.168.0.0 www.51mxd.net
192.168.0.0 qq.51mxd.com
192.168.0.0 www.wg17.com
192.168.0.0 wg17.com
192.168.0.0 www.wg17.net
192.168.0.0 fengkuangmx.008.net
192.168.0.0 www.333wg.com
192.168.0.0 www.ya178.net
192.168.0.0 www.ya178.com
192.168.0.0 mxd88.51r.com
192.168.0.0 mxd88.anyp.cn
192.168.0.0 www.jcgame.com
192.168.0.0 www.pop00.com

==================================
ª d&ó£°Tö°bbs.ikaka.comµ&dec–LÒò%F