瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求各位帮忙看下,这个有点莫名其妙

12   1  /  2  页   跳转

求各位帮忙看下,这个有点莫名其妙

收藏
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 12:10 | 显示全部 短消息 资料
字号: 1楼

求各位帮忙看下,这个有点莫名其妙

昨天晚上我在玩游戏,等退出游戏后瑞星时时监空提示
进程名称  C:\WINDOWS\system32\rundll32.exe 
路径      HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
数值名称  pj
数值数据  C:\WINDOWS\system32\rundll32.exe 3xrlf.dll Rundll3
因为最近我没安装什么新东西,所以我选者了拒绝.
结果过了一会它就跳出"0x7c81e079" 指令引用的"0x7c81e079"内存.该内存不能为written
而且我现在只要打开应用程序此框总是跳出,重起后也会跳出,我系统还原了2次都没用,
还发现系统自带的那个系统还原功能它自动关闭的,我选者打开,可是重起后还是这个样子.
还有就是老是有些自动连接程序,被瑞星拦住了.
我昨天搞到2点多还是没搞好,真不知道改怎么解决了.希望各位高手帮帮忙.
最后编辑2006-11-25 20:35:16.827000000
分享到:
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 12:34 | 显示全部 短消息 资料
字号: 2楼

删不了,而且也进不了安全模式,现在连在网页上也用不了输入法了。我帖下日志希望帮忙看看。
2006-11-24,12:21:01

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [N/A]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <StormCodec_Helper><; "E:\Program Files\暴风影音\Storm Codec\StormSet.exe" /S /opti>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"E:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <wk><C:\WINDOWS\cb5if31.exe>  [软告工作室]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[WNSO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WNSO.lnk --> C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe [软告工作室]><N>
[腾讯QQ]
  <C:\Documents and Settings\yu\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\PROGRA~1\QQ\QQ.exe [TENCENT]><H>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 12:35 | 显示全部 短消息 资料
字号: 3楼

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[front / front]
  <system32\drivers\front.sys><Microsoft Corporation>
[HOOKAPI / HOOKAPI]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PciCon / PciCon]
  <\??\G:\PciCon.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[roreg / roreg]
  <system32\drivers\roreg.sys><Windows System Internal>
[RsFwDrv / RsFwDrv]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\Program Files\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Program Files\QQ\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\Program Files\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\Program Files\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080][E:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1112][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1328][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352][E:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 12:35 | 显示全部 短消息 资料
字号: 4楼

[E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [E:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [E:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [E:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [E:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [E:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1452][e:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [e:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [e:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [e:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [e:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1524][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
    [E:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1700][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1844][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7801]
[PID: 1900][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
[PID: 208][E:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1744][E:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
[PID: 1640][E:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [E:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
[PID: 1920][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\a.dll]  [软告工作室, 4, 0, 0, 0]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\c.dll]  [软告工作室, 4, 0, 0, 0]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\d.dll]  [软告工作室, 4, 0, 0, 0]
[PID: 1940][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
[PID: 1952][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
[PID: 540][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3336][E:\Program Files\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]
    [E:\Program Files\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [E:\Program Files\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [E:\Program Files\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2784][E:\Program Files\扫描\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\3xrlf.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.141.31.11 www.kzdh.com
61.141.31.11 www.7255.com
61.141.31.11 www.7322.com
61.141.31.11 www.7939.com
61.141.31.11 www.piaoxue.com
61.141.31.11 www.feixu.net
61.141.31.11 www.6781.com
61.141.31.11 www.7b.com.cn
61.141.31.11 7b.com.cn
61.141.31.11 www.918188.com
61.141.31.11 hao.allxue.com
61.141.31.11 good.allxue.com
61.141.31.11 baby.allxue.com
61.141.31.11 www.allxue.com
61.141.31.11 about.lank.la
61.141.31.11 www.x114x.com
61.141.31.11 www.37ss.com
61.141.31.11 www.7k.cc
61.141.31.11 www.73ss.com
125.91.14.230 www.hao123.com
61.141.31.11 www.81915.com
61.141.31.11 222.88.90.22
61.141.31.11 www.9991.com
61.141.31.11 www.my123.com
61.141.31.11 www.haokan123.com
61.141.31.11 www.5566.net
61.141.31.11 www.gjj.cc
61.141.31.11 www.2345.com
61.141.31.11 dl.hao318.com
61.141.31.11 www.123wa.com
61.141.31.11 www.ku886.com
61.141.31.11 www.5icrack.com
61.141.31.11 www.jjol.cn
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 12:56 | 显示全部 短消息 资料
字号: 5楼

<wk><C:\WINDOWS\cb5if31.exe> [软告工作室]
这个不是我的,昨天的自动连接中有这向,我记得把他拒绝了。
C:\WINDOWS\system32\3xrlf.dll我无法删除,依然进不了安全模式,进到一半就又自动重起
HOSTS文件已经清空但是未只到127.0.0.1
网页上依然无法使用输入法。
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 18:12 | 显示全部 短消息 资料
字号: 6楼

我把你说的都删了,可是重起后跳出加载3xrlf.dll时出错找不到指定的模块
还有我只要一打开文本文档,就会跳出"0x7c81e079" 指令引用的"0x7c81e079"内存.该内存不能为written
求高手在帮忙搞下
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 19:13 | 显示全部 短消息 资料
字号: 7楼

还是不行啊,重起后还是会跳出来.文件又有了.我发下重新扫描日志
2006-11-24,19:01:29

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [N/A]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <StormCodec_Helper><; "E:\Program Files\暴风影音\Storm Codec\StormSet.exe" /S /opti>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"E:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[WNSO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WNSO.lnk --> C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe [软告工作室]><N>
[腾讯QQ]
  <C:\Documents and Settings\yu\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\PROGRA~1\QQ\QQ.exe [TENCENT]><H>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <e:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <e:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[front / front]
  <system32\drivers\front.sys><Microsoft Corporation>
[HOOKAPI / HOOKAPI]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\e:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PciCon / PciCon]
  <\??\G:\PciCon.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[roreg / roreg]
  <system32\drivers\roreg.sys><Windows System Internal>
[RsFwDrv / RsFwDrv]
  <\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[Eye Class]
  {41BE3A3D-6E4B-43F4-AAEB-5B4E95971968} <C:\WINDOWS\system32\iymovrwa.dll, >
[BhoObj Class]
  {D1991243-396F-43E3-50B2-7AF5374B19B3} <C:\WINDOWS\system32\kezlzjze.dll, Microsoft Corporation>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\Program Files\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Program Files\QQ\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Eye Class]
  {41BE3A3D-6E4B-43F4-AAEB-5B4E95971968} <C:\WINDOWS\system32\iymovrwa.dll, >
[BhoObj Class]
  {D1991243-396F-43E3-50B2-7AF5374B19B3} <C:\WINDOWS\system32\kezlzjze.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\Program Files\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\Program Files\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\Program Files\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Program Files\QQ\SendMMS.htm, N/A>
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 19:14 | 显示全部 短消息 资料
字号: 8楼

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][E:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1076][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1324][E:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [E:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [E:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [E:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [E:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [E:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [E:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1492][e:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [e:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [e:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [e:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [e:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [e:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1524][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\iymovrwa.dll]  [, 1, 0, 0, 10]
    [C:\WINDOWS\system32\kezlzjze.dll]  [Microsoft Corporation, 1, 0, 0, 25]
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 19:15 | 显示全部 短消息 资料
字号: 9楼

[PID: 1688][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1864][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7801]
[PID: 1980][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 200][E:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1404][E:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1480][E:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [E:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]
[PID: 1880][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
[PID: 116][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1820][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 380][C:\WINDOWS\system32\ke860uo.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]
[PID: 312][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\a.dll]  [软告工作室, 4, 0, 0, 0]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\c.dll]  [软告工作室, 4, 0, 0, 0]
    [C:\DOCUME~1\yu\TEMPLA~1\69f660f\d.dll]  [软告工作室, 4, 0, 0, 0]
[PID: 3056][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3232][E:\Program Files\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]
    [E:\Program Files\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [E:\Program Files\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [E:\Program Files\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 3872][E:\Program Files\扫描\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\drivers\smga82w.sys]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.141.31.11 www.kzdh.com
61.141.31.11 www.7255.com
61.141.31.11 www.7322.com
61.141.31.11 www.7939.com
61.141.31.11 www.piaoxue.com
61.141.31.11 www.feixu.net
61.141.31.11 www.6781.com
61.141.31.11 www.7b.com.cn
61.141.31.11 7b.com.cn
61.141.31.11 www.918188.com
61.141.31.11 hao.allxue.com
61.141.31.11 good.allxue.com
61.141.31.11 baby.allxue.com
61.141.31.11 www.allxue.com
61.141.31.11 about.lank.la
61.141.31.11 www.x114x.com
61.141.31.11 www.37ss.com
61.141.31.11 www.7k.cc
61.141.31.11 www.73ss.com
125.91.14.230 www.hao123.com
61.141.31.11 www.81915.com
61.141.31.11 222.88.90.22
61.141.31.11 www.9991.com
61.141.31.11 www.my123.com
61.141.31.11 www.haokan123.com
61.141.31.11 www.5566.net
61.141.31.11 www.gjj.cc
61.141.31.11 www.2345.com
61.141.31.11 dl.hao318.com
61.141.31.11 www.123wa.com
61.141.31.11 www.ku886.com
61.141.31.11 www.5icrack.com
61.141.31.11 www.jjol.cn
127.0.0.1 www.rising.com.cn
127.0.0.1 tool.ikaka.com
127.0.0.1 www.ikaka.com
127.0.0.1 update.rising.com.cn
127.0.0.1 online.rising.com.cn
127.0.0.1 up.rising.com.cn
127.0.0.1 go.rising.com.cn
127.0.0.1 it.rising.com.cn
127.0.0.1 rising.com.cn
127.0.0.1 ikaka.com
gototop
 
无意的战火
头像
拙长孩提狮
  • 帖子:122
  • 注册: 2006-03-28
  • 来自:
发表于: 2006-11-24 19:33 | 显示全部 短消息 资料
字号: 10楼

请帮忙再看看.
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT