2007-04-18,06:20:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(ctfmon.exe) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [(Verified)Microsoft Windows 2000 Publisher]
(SoundMan)(SOUNDMAN.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(AtiPTA)(; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe) [ATI Technologies, Inc.]
(CnxDslTaskBar)(C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe) [Conexant Systems Inc.]
(Super Rabbit Desktop Set)(D:\Program Files\超级兔子魔法设置 2003.9 精简版\MagicSet2003\DS.EXE /Load) [Super Rabbit Software]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(ATICCC)("C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay) [N/A]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows 2000 Publisher]
(Userinit)(C:\WINNT\system32\userinit.exe,) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINNT\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]




--------------------------------------------------------------------------------



启动文件夹

[Microsoft Office]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --) C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation])(H)
[Adobe Gamma Loader]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --) C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.])(N)
[ADSL拨号王]
(C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ADSL拨号王.lnk --) C:\PROGRA~1\HelloNet\HelloNet.exe [N/A])(N)
[腾讯QQ]
(C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --) C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT])(N)



--------------------------------------------------------------------------------



服务

[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
("C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe")(Adobe Systems)
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
(C:\WINNT\system32\Ati2evxx.exe)(ATI Technologies Inc.)
[ATI Smart / ATI Smart][Stopped/Auto Start]
(C:\WINNT\system32\ati2sgag.exe)()
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")()
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
(C:\WINNT\System32\svchost.exe -k netsvcs--)C:\WINNT\system32\mspmsnsv.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[ati2mtag / ati2mtag][Running/Manual Start]
(System32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
(system32\DRIVERS\brpppoe.sys)(N/A)
[Conexant AccessRunner USB ADSL LAN Adapter Filter Driver / CnxEtP][Running/Manual Start]
(system32\DRIVERS\CnxEtP.sys)(Conexant)
[Conexant AccessRunner USB ADSL Interface Device Driver / CnxEtU][Running/Manual Start]
(system32\DRIVERS\CnxEtU.sys)(Conexant)
[Conexant AccessRunner USB ADSL LAN Adapter Driver / CnxTgN][Running/Manual Start]
(system32\DRIVERS\CnxTgN.sys)(Conexant Systems Inc.)
[d347bus / d347bus][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\d347bus.sys)()
[d347prt / d347prt][Running/Boot Start]
(\SystemRoot\System32\Drivers\d347prt.sys)()
[Sundance ST201 based Adapter NT Driver / DLH5X][Stopped/Manual Start]
(System32\DRIVERS\DLH5XND5.sys)(D-Link Corporation)
[dmboot / dmboot][Stopped/Disabled]
(System32\drivers\dmboot.sys)(VERITAS Software Corp.)
[Logical Disk Manager Driver / dmio][Running/Boot Start]
(\SystemRoot\System32\drivers\dmio.sys)(VERITAS Software Corp.)
[dmload / dmload][Running/Boot Start]
(\SystemRoot\System32\drivers\dmload.sys)(VERITAS Software Corp.)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\ExpScan.sys)()
[HookCont / HookCont][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\c:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[New0 / New0][Running/Auto Start]
(\??\C:\WINNT\system32\new.sys)(N/A)
[npkcrypt / npkcrypt][Stopped/Auto Start]
(\??\C:\Program Files\Tencent\QQ\npkcrypt.sys)(N/A)
[Padus ASPI Shell / pfc][Running/Manual Start]
(system32\drivers\pfc.sys)(Padus, Inc.)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(System32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[VIA AGP Filter / viaagp1][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\viaagp1.sys)(VIA Technologies, Inc.)
[VIA USB Filter / viafilter][Stopped/Manual Start]
(\SystemRoot\System32\Drivers\viausb.sys)(VIA Technologies, Inc.)
[viaide / viaide][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\viaide.sys)(VIA Technologies, Inc.)
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
(\SystemRoot\System32\Drivers\vulfnth.sys)(VIA Technologies, Inc.)
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
(\SystemRoot\System32\Drivers\vulfntr.sys)(VIA Technologies, Inc.)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(System32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)

浏览器加载项

[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT)
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINNT\system32\msdxm.ocx, Microsoft Corporation)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft)
[虎翼DIY吧!]
{0A00D11E-B1E7-44b5-AD88-C9190876AAC4} (C:\WINNT\system32\51.net\diybar\diybar.dll, N/A)
[DIYBAR]
{58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} (C:\WINNT\system32\51.net\diybar\diybar.dll, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司)
[上传到QQ网络硬盘]
(C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A)
[使用网际快车下载]
(C:\Program Files\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\Program Files\FlashGet\jc_all.htm, N/A)
[导出到 Microsoft Excel(&x)]
(res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(C:\Program Files\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(C:\Program Files\Tencent\QQ\SendMMS.htm, N/A)

正在运行的进程

[PID: 160][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6898]
[C:\WINNT\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
[PID: 1172][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINNT\system32\cmdbcs.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1024][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[PID: 1240][C:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.21]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1276][C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe] [Conexant Systems Inc., 2.099.066.000]
[C:\Program Files\Conexant\AccessRunner ADSL\CnxDslWz.dll] [Conexant Systems Inc., 2.099.066.000]
[C:\WINNT\system32\CnxHwIo.dll] [Conexant Systems Inc., 2.099.066.000]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1284][D:\Program Files\超级兔子魔法设置 2003.9 精简版\MagicSet2003\DS.EXE] [Super Rabbit Software, 1.31]

[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1296][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1232][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1436][C:\Program Files\HelloNet\HNMainUI.exe] [, 2, 0, 0, 0]
[C:\Program Files\HelloNet\HNUtils.dll] [HelloNet, 2.0.0.0]
[C:\Program Files\HelloNet\HNKernel.dll] [HelloNet, 2.1.0.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\HelloNet\plugins\Diagnose.dll] [, 2.1.0.0]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1456][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 1208][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[C:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[C:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 6, 60]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[PID: 1584][C:\Program Files\foobar2000\foobar2000.exe] [N/A, ]
[C:\Program Files\foobar2000\utf8api.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_ui_std.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_ui_columns.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_uie_dbexplorer.dll] [N/A, ]
[C:\Program Files\foobar2000\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\foobar2000\components\foo_input_std.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_cdda.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_flac.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_ape.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_wavpack.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_speex.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_mod.dll] [N/A, ]
[C:\Program Files\foobar2000\BASS.dll] [Un4seen Developments, 2.0]
[C:\Program Files\foobar2000\components\foo_wma.dll] [, 1.0.9]
[C:\Program Files\foobar2000\components\foo_output_std.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_out_dsound_ex.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_out_dsound_ex2.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_console.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_read_http.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_rgscan.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_albumlist.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_masstag.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_codepage_action.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_infobox.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_shuffle.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_scheduler.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_playlistgen.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_quicktag.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_massdelete.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_utils.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_dirvol.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_dsp_extra.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_dsp_soundtouch.dll] [N/A, ]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\foobar2000\components\foo_diskwriter.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_clienc.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_vis_manager.dll] [N/A, ]
[C:\Program Files\foobar2000\components\foo_liveupdate.dll] [N/A, ]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1620][C:\Program Files\Tencent\TT\TTraveler.exe] [腾讯公司, 3.2.200.275]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\Program Files\Tencent\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINNT\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINNT\system32\MSSCIPYA.IME] [Microsoft Corporation, 5.3.0.2516]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 816][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Msxo1.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\Documents and Settings\Administrator\桌面\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 60.169.0.66
127.0.0.1 60.169.1.29
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com



--------------------------------------------------------------------------------



API HOOK

N/A



--------------------------------------------------------------------------------



隐藏进程

N/A



--------------------------------------------------------------------------------

瑞星查杀不出来。硬盘中大部分EXE都被感染了

只要双击运行就会修改注册表和运行一个什么A然后再就是什么B

的一个程序。查杀被感染的文件瑞星一点反应都没有。

只有运行的时候会提示一个叫做Trojan.DL.Inject.xl 的木马

病毒库没有具体资料。求助各位。

先谢谢了

大部分EXE无法显示图标。都变为了WIN默认的EXE图标。

就是那种类似一个窗口，中间空白的样子。

点开这种EXE就会修改注册表和修改IE。RIXING会提示

但是查杀的话却发现不了

谢谢孤独.晚上回家我去试试