2006-11-21,17:50:40

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <ProxyCap><E:\CONDIT~1\TOKYO\ProxyCap.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <svhoost><D:\WINDOWS\system32\checksys.exe>  [N/A]
    <yassistse><"D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
    <RavTask><"E:\我的地盘\Rising\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ProxyThorn><E:\Condition Zero\TOKYO\代理花刺\ProxyThorn\ProxyThorn.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"E:\我的地盘\Rising\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [ORIONNET]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><D:\WINDOWS\downlo~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{D093CAEB-A6FF-11E0-9A84-00C04FD8DBD8}><D:\WINDOWS\system32\h093caeb.log>  [N/A]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\KISSZU\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Remote Registry Protect / Framework]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\mssapi.dll><N/A>
[Human Interface Device Access / HidServ]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[DNS Cache / NHLscA]
  <D:\WINDOWS\SYSTEM32\RUNDLL32.EXE D:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[P4P Service / P4P Service]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Proxy  Service / RfwProxySrv]
  <e:\我的地盘\rising\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\我的地盘\rising\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <E:\我的地盘\RISING\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\我的地盘\Rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Security / Windows Security]
  <D:\WINDOWS\system32\Winsec.exe><N/A>

==================================
驱动程序
[ajaejgfi / ajaejgfi]
  <\SystemRoot\system32\drivers\ajaejgfi.sys><N/A>
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bbjdgafe / bbjdgafe]
  <\??\D:\WINDOWS\system32\drivers\bbjdgafe.sys><中国互联网络信息中心(CNNIC)>
[SAMSUNG Video Capture / CamAv]
  <System32\Drivers\CamAv.sys><Samsung electronics, Inc>
[cda1000 / cda1000]
  <D:\WINDOWS\SYSTEM32\DRIVERS\cda1000.SYS><Adaptec, Inc.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ExpScaner / ExpScaner]
  <\??\E:\我的地盘\Rising\Rising\Rav\ExpScan.sys><>
[fbfiajed / fbfiajed]
  <\SystemRoot\system32\drivers\fbfiajed.sys><N/A>
[gdfegicd / gdfegicd]
  <\??\D:\WINDOWS\system32\drivers\gdfegicd.sys><中国互联网络信息中心(CNNIC)>
[HookCont / HookCont]
  <\??\E:\我的地盘\Rising\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\E:\我的地盘\Rising\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\我的地盘\Rising\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\我的地盘\Rising\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSFHWBS2 / HSFHWBS2]
  <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
  <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN]
  <\??\E:\我的地盘\Rising\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\我的地盘\rising\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
  <\??\E:\qq\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
  <\??\D:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nwlnksipx / nwlnksipx]
  <\??\D:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Prot / Prot]
  <\??\D:\WINDOWS\system32\Protector.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\E:\我的地盘\Rising\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\我的地盘\RISING\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Service for AC'97 Sample Driver (WDM) / SiS7012]
  <system32\drivers\sis7012.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[winachsf / winachsf]
  <system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>
[WmRegProDrv / WmRegProDrv]
  <System32\Drivers\WmRegProDrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <D:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <D:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <D:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\XUNLEI\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\XUNLEI\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 712][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 852][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 956][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1020][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1048][E:\我的地盘\RISING\RISING\RAV\CCENTER.EXE]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1064][E:\我的地盘\Rising\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [E:\我的地盘\Rising\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\我的地盘\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\我的地盘\Rising\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\我的地盘\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\我的地盘\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\我的地盘\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\我的地盘\Rising\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\我的地盘\Rising\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [E:\我的地盘\Rising\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\我的地盘\Rising\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\我的地盘\Rising\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\我的地盘\Rising\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\我的地盘\Rising\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [E:\我的地盘\Rising\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\我的地盘\Rising\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\我的地盘\Rising\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\我的地盘\Rising\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\我的地盘\Rising\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\我的地盘\Rising\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [E:\我的地盘\Rising\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [E:\我的地盘\Rising\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\我的地盘\Rising\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\我的地盘\Rising\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [E:\我的地盘\Rising\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [E:\我的地盘\Rising\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [E:\我的地盘\Rising\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\我的地盘\Rising\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\我的地盘\Rising\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\我的地盘\Rising\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\我的地盘\Rising\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1080][e:\我的地盘\rising\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [e:\我的地盘\rising\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [e:\我的地盘\rising\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [e:\我的地盘\rising\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [e:\我的地盘\rising\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\我的地盘\rising\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1364][D:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [D:\WINDOWS\system32\h093caeb.log]  [N/A, N/A]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1452][e:\我的地盘\rising\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [e:\我的地盘\rising\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [e:\我的地盘\rising\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [e:\我的地盘\rising\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
[PID: 1552][D:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
[PID: 1608][E:\我的地盘\Rising\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\我的地盘\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\我的地盘\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1776][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Common Files\Microsoft Shared\MSInfo\msd093ca.dll]  [N/A, N/A]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
[PID: 324][D:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 24]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [D:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 0, 0, 21]
    [D:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 3]
    [D:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 1, 0, 0, 6]
[PID: 360][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 376][D:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1540][D:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1864][D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  [Yahoo! China, 3, 0, 2, 1003]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 0, 1001]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 0, 1, 1003]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 0, 1000]
[PID: 1876][E:\我的地盘\Rising\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\我的地盘\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\我的地盘\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\我的地盘\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\我的地盘\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]

[PID: 1852][E:\我的地盘\Rising\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [E:\我的地盘\Rising\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [E:\我的地盘\Rising\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\我的地盘\Rising\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\我的地盘\Rising\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\我的地盘\Rising\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\我的地盘\Rising\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\我的地盘\Rising\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
[PID: 800][D:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
[PID: 2524][D:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 3, 17, 1]
    [D:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [D:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 3, 8, 18]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
    [D:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 2, 8, 1]
    [D:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [D:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [D:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 2, 20, 1]
    [D:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [D:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [D:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2006, 5, 29, 14]
    [D:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 5, 26, 9]
    [D:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 11, 14, 1]
    [D:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [D:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 3, 24, 9]
    [D:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [D:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 5, 24, 16]
    [D:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [D:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [D:\WINDOWS\system32\pthreadVC.dll]  [N/A, N/A]
    [D:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [D:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [D:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 5, 29, 11]
    [D:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [D:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [D:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [D:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 5, 24, 14]
    [D:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2006, 3, 14, 10]
    [D:\PROGRA~1\ChinaNet\MAGICD~1.OCX]  [, 1, 0, 0, 1]
    [E:\我的地盘\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [D:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 3472][D:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\WINDOWS\downlo~1\CnsHint.dll]  [3721, 1, 0, 1, 1]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
    [d:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [d:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [D:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [D:\WINDOWS\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [E:\qq\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [E:\我的地盘\Rising\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [D:\WINDOWS\system32\h093caeb.log]  [N/A, N/A]
[PID: 1264][D:\DOCUME~1\KISSZU\LOCALS~1\Temp\Rar$EX00.562\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [D:\Program Files\d093caeb\eb068320.dll]  [N/A, N/A]
    [D:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
DNS Cache
Windows Security
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：       
D:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL
D:\WINDOWS\system32\Winsec.exe
D:\Program Files\d093caeb\eb068320.dll
D:\WINDOWS\system32\w2pxdrv.dll

病毒路径和文件名

我也中了这个病毒..怎么把上面的那些日志找出来啊..帮忙啊

问题依旧....

我的解决了..看看我的贴子吧..看看有什么线索没有

删除启动项
svhoost><D:\WINDOWS\system32\checksys.exe> [N/A]
在用KILLBOX按路径删除这个文件试试，可能没有这个文件

删除文件请先取消所有隐藏
取消文件隐藏模式方法:
1.打开任意文件夹窗口=》工具=》文件夹选项=》查看
2.取消隐藏受保护的系统文件前面的钩(出现提示点是)
3.选中显示所有文件和文件
4.取消隐藏已知文件类型扩展名前面的勾
5.确定,再到windows下找找