《紧急求助》电脑中了病毒Trojan.PSW.ZhengTu.akk bbs.ikaka.com

病急1乱1投医 - 2007-2-13 17:45:00

电脑中了这个病毒清除了开机又来了，帮我弄掉啊，
[CODE]

2007-02-13,17:29:23

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2149 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<6yyh4rqf4><C:\WINDOWS\svch0st.exe> [N/A]
<b77dj5wwj><C:\WINDOWS\iexp1ore.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<BaoFeng32><C:\WINDOWS\TEMP\6.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[svchost / GrayPigeon][Stopped/Disabled]
<C:\WINDOWS\svchost.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SLLL / HTTP SLLL][Stopped/Disabled]
<C:\WINDOWS\windowsxp.bat><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Disabled]
<"C:\Program Files\Windows Media Player\wmpnetwk.exe"><N/A>

病急1乱1投医 - 2007-2-13 17:47:00

驱动程序
[a320raid / a320raid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[aar1210 / aar1210][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6890 / AEC6890][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[aha154x / aha154x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[asc / asc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fasttrak / fasttrak][Running/Boot Start]

病急1乱1投医 - 2007-2-13 17:47:00

<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Hpt366 / Hpt366][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[kmsinput / kmsinput][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[m5228 / m5228][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn][Stopped/Manual Start]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\WINDOWS\system32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\Tencent\QQ\npkycryp.sys><N/A>
[SiI 680 ATA Controller / Pnp680][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql10wnt / ql10wnt][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
<system32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiI-3512 SATALink Controller / SI3112][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Running/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SiSV / SiSV][Stopped/Manual Start]
<system32\DRIVERS\SiSV.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sparrow / sparrow][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[UlSata / UlSata][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA ATA/ATAPI Host Controller / viapdsk][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Running/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonx86][Running/Manual Start]
<system32\DRIVERS\yukonx86.sys><Marvell Semiconductor Inc.>
[Teclast WE 303 PC Camera / ZSMC303][Running/Manual Start]
<System32\Drivers\usbVM303.sys><Vimicro Corporation>

病急1乱1投医 - 2007-2-13 17:47:00

浏览器加载项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&使用BitComet下载]
<res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Tencent\QQ\SendMMS.htm, N/A>

病急1乱1投医 - 2007-2-13 17:48:00

正在运行的进程
[PID: 556][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4109]
[PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 864][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 892][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 980][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1076][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1092][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1144][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1288][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1300][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1476][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1596][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1976][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2040][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 308][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 356][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 428][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]
[PID: 252][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 4, 0, 4, 11]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Device, Inc., 1, 0, 22, 26]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 592][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 4, 0, 4, 25]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 332][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]

病急1乱1投医 - 2007-2-13 17:48:00

\VM303Prp.Ax] [Vimicro, 4.3. 625.61]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 628][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 616][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1044][C:\WINDOWS\TEMP\6.exe] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 288][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 2628][D:\dzh\internet\hypwise.exe] [大智慧, 1, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3164][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3552][C:\WINDOWS\svch0st.exe] [N/A, N/A]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]
[PID: 3700][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2136][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]
[PID: 3300][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\Program Files\BitComet\tools\BitCometBHO.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3348][G:\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================

病急1乱1投医 - 2007-2-13 17:49:00

HOSTS 文件
127.0.0.1 localhost
127.0.0.1cool.47555.com
127.0.0.1www.dosboy.com
127.0.0.1guajfskajiw.43242.com
127.0.0.1www.3448.com
127.0.0.1www.zhengdian.com
127.0.0.1girlchinese.com
127.0.0.1www.yibinren.com
127.0.0.1w25.hitbox.com
127.0.0.1web2.deja.com
127.0.0.1webads.bizservers.com
127.0.0.1www.PostMasterBannerNet.com
127.0.0.1www.ad-up.com
127.0.0.1www.admex.com
127.0.0.1www.alladvantage.com
127.0.0.1www.burstnet.com
127.0.0.1www.commission-junction.com
127.0.0.1www.eads.com
127.0.0.1www.freestats.com
127.0.0.1www.imaginemedia.com
127.0.0.1www.netdirect.nl
127.0.0.1www.oneandonlynetwork.com
127.0.0.1www.targetshop.com
127.0.0.1www.teknosurf2.com
127.0.0.1www.teknosurf3.com
127.0.0.1www.valueclick.com
127.0.0.1www.websitefinancing.com
127.0.0.1www2.burstnet.com
127.0.0.1www4.trix.net
127.0.0.1www80.valueclick.com
127.0.0.1z.extreme-dm.com
127.0.0.1z0.extreme-dm.com
127.0.0.1z1.extreme-dm.com
127.0.0.1ads.rediff.com
127.0.0.1ads.indya.com
127.0.0.1ads.adflight.com
127.0.0.1ads.beguide.net
127.0.0.1ads.mediaturf.net
127.0.0.1ad1.adcept.net
127.0.0.1ad2.adcept.net
127.0.0.1ad3.adcept.net
127.0.0.1ads.fortunecity.com
127.0.0.1www.139cn.com
127.0.0.1www.7liao.com
127.0.0.1chat.51liao.net
127.0.0.1www.51liao.net
127.0.0.1www.7liao.net
127.0.0.1www.6see.com
127.0.0.1bliao.com
127.0.0.1www.bliao.com
127.0.0.1hao123.net
127.0.0.1www.hao123.net
127.0.0.1www.hao222.net
127.0.0.1www.hao222.com
127.0.0.1www.v111.com
127.0.0.1music.v111.com
127.0.0.1www.qq165.com
127.0.0.1www.xicu.com
127.0.0.1www.haodx.com
127.0.0.1www.haohz.com
127.0.0.1www.265.com
127.0.0.1www.dj99.com
127.0.0.1www.dj99.net
127.0.0.1www.yqdj.com
127.0.0.1www.qq530.com
127.0.0.1www.tt67.com
127.0.0.1ad.t2t2.com
127.0.0.1www.yexr.com
127.0.0.1chat.9see.com
127.0.0.1www.ok816.com
127.0.0.1www.3399.net
127.0.0.1www.ads8.com
127.0.0.1www.5566.net
127.0.0.1www.t2t2.com
127.0.0.1popad.qq.com
127.0.0.1v.jsdownload.com
127.0.0.1www.linktoad.com
127.0.0.1club.homeway.com.cn
127.0.0.1sms1.ctn.com.cn
127.0.0.1sms2.ctn.com.cn
127.0.0.1sms3.ctn.com.cn
127.0.0.1www.331122.com
127.0.0.1mmpic.uni.cc
127.0.0.1www.love34.com
127.0.0.1www.free-movie.org
127.0.0.1www.skyhits.com
127.0.0.1www.rd18.com
127.0.0.1tadsweb.tencent.com
127.0.0.1www.vlike.com
127.0.0.1www.chinasee.net
127.0.0.1www.japansky.net
127.0.0.1www.225.com.cn
127.0.0.1ads.china.com
127.0.0.1www.yes521.com
127.0.0.1www.today6.com
127.0.0.1www.h2004.com
127.0.0.1www.movie4.com
127.0.0.1www.rm88.com
127.0.0.1www.qq300.com
127.0.0.1www.qq500.com
127.0.0.1www.av126.com
127.0.0.1www.kissmm.com
127.0.0.1www.cn808.net
127.0.0.1www.hao168.com
127.0.0.1www.mm91.com
127.0.0.1www.huole.com
127.0.0.1www.kan69.com
127.0.0.1ulinkdir.tom.com
127.0.0.1cpc.sohu.com
127.0.0.1images.sohu.com
127.0.0.1adv.pconline.com.cn
127.0.0.1goto.sohu.com
127.0.0.1images2.sohu.com
127.0.0.1www.sexy-books.com
127.0.0.1www.xxbooks.com
127.0.0.1www.18it.com
127.0.0.1www.cnxxx.com
127.0.0.1www.18-girl.net
127.0.0.1ad.tom.com
127.0.0.1ad4.sina.com.cn
127.0.0.1sina.allyes.com
127.0.0.1adtaobao.allyes.com
127.0.0.1smarttrade.allyes.com
127.0.0.1tom.allyes.com
127.0.0.1szwindow.allyes.com
127.0.0.1eachnetmember.allyes.com
127.0.0.1iplus.allyes.com
127.0.0.1sinatest.allyes.com
127.0.0.1casting9.allyes.com
127.0.0.1yinsha.allyes.com
127.0.0.1stockstar.allyes.com
127.0.0.1www.001x.com
127.0.0.1www.hksexweb.com
127.0.0.1www.99adultx.com
127.0.0.1www2.xfreehosting.com
127.0.0.1www1.xfreehosting.com
127.0.0.1www.w555.net
127.0.0.1www.excitecity.com
127.0.0.1www.0xing.com
127.0.0.1sba.3322.net
127.0.0.1www.zgxl.net
127.0.0.1www.qqpic.com
127.0.0.1webspacecn.com
127.0.0.1www.yeapple.com
127.0.0.1manage.link8.com
127.0.0.1www.web888.org
127.0.0.1www.432.cn
127.0.0.1www.kan123.com
127.0.0.1www.3tom.com
127.0.0.1www.sotop.com
127.0.0.1www3.7789.com
127.0.0.1www.66036.com
127.0.0.1www1.66036.com
127.0.0.1www2.66036.com
127.0.0.1www3.66036.com
127.0.0.1www4.66036.com
127.0.0.1www5.66036.com
127.0.0.1www6.66036.com
127.0.0.1www7.66036.com
127.0.0.1www8.66036.com
127.0.0.1www9.66036.com
127.0.0.1www10.66036.com
127.0.0.1tj4.7789.com
127.0.0.1tj5.7789.com
127.0.0.1tj6.7789.com
127.0.0.1tj7.7789.com
127.0.0.1www.7789.com

病急1乱1投医 - 2007-2-13 17:49:00

127.0.0.1count.zhao123.com
127.0.0.1count1.zhao123.com
127.0.0.1count2.zhao123.com
127.0.0.1count3.zhao123.com
127.0.0.1count4.zhaocount.com
127.0.0.1count5.zhaocount.com
127.0.0.1count6.zhaocount.com
127.0.0.1count7.zhaocount.com
127.0.0.1count8.zhaocount.com
127.0.0.1count9.zhaocount.com
127.0.0.1count10.zhaocount.com
127.0.0.1count11.zhaocount.com
127.0.0.1tj1.mytongji.com
127.0.0.1count1.99count.com
127.0.0.1www.99count.com
127.0.0.1bar.baidu.com
127.0.0.1www2.7789.com
127.0.0.1www.guang.org
127.0.0.1www.dlmovie.com
127.0.0.1www.91look.com
127.0.0.1www.kan51.com
127.0.0.1www.mewo.com
127.0.0.1coolsite21.com
127.0.0.1www.t3j4.com
127.0.0.1www.yun8.com
127.0.0.1film.yun8.com
127.0.0.1www.wo123.com
127.0.0.1www.da123.com
127.0.0.1www.1ya.cn
127.0.0.1www.sleazydream.com
127.0.0.1www.easypic2.com
127.0.0.1serv.sexushost.com
127.0.0.1www.xfreehosting.com
127.0.0.1www.888txt.com
127.0.0.1asiafriendfinder.com
127.0.0.1www3.cool168.com
127.0.0.1www2.cool168.com
127.0.0.1www1.cool168.com
127.0.0.1www.happy8.cn
127.0.0.1www.topsex2k.com
127.0.0.1topxxx.sexushost.com
127.0.0.1www.cool168.com
127.0.0.1www.s6.cn
127.0.0.1popme.163.com
127.0.0.1adclient.163.com
127.0.0.1fadama.com
127.0.0.1www.66vv.com
127.0.0.1www.qqee.com
127.0.0.1www.sohu123.com
127.0.0.1www.xgmm.com
127.0.0.1www.7t7t.com
127.0.0.1www.cnimg.com
127.0.0.1cdn2.cnnic.cn
127.0.0.1cool.vv66.com
127.0.0.1www.vv66.com
127.0.0.1www.freepicturepage.com
127.0.0.1www.snasty.com
127.0.0.1www.yourcage.com
127.0.0.1www.shagadelic.com
127.0.0.1hualiao.net
127.0.0.1www.qq163.com
127.0.0.1www.qq163.net
127.0.0.1www.superdown.com
127.0.0.1web.114.com.cn
127.0.0.1www.114.com.cn
127.0.0.1www.91f.cn
127.0.0.1wwww.tthao.com
127.0.0.1www.91f.org
127.0.0.1www.v23.com
127.0.0.1auto.search.msn.com
127.0.0.1x2.51link.com
127.0.0.1x1.51link.com
127.0.0.1www.textlink.cn
127.0.0.1stat.textclick.com
127.0.0.1www.easyhere.com
127.0.0.1www.xxx168.com
127.0.0.1ally.263.net
127.0.0.1www.hualiao.net
127.0.0.1www.xchina.com
127.0.0.1www.sex.com
127.0.0.1www.3xcn.com
127.0.0.1www.20girl.com
127.0.0.1www.x365x.com
127.0.0.1chat.263.net
127.0.0.1chat.yinsha.com
127.0.0.1chat.tom.com
127.0.0.1chat.xilu.com
127.0.0.1www.aliao.com
127.0.0.1chat.163.com
127.0.0.1www.haoliao.com
127.0.0.1www.liaoliao.com
127.0.0.1www.haoliao.net
127.0.0.1www.haoliao.cn
127.0.0.1www.qqliao.com
127.0.0.1www.qliao.com
127.0.0.1www.loveliao.com
127.0.0.1www.mmliao.com
127.0.0.1chat.qq.com
127.0.0.1vchat.xaonline.com
127.0.0.1www.loveliao.net
127.0.0.1www.chinamp3.com
127.0.0.1www.9sky.com
127.0.0.1www.sogua.com
127.0.0.1www.99music.net
127.0.0.1www.yzskdj.com
127.0.0.1music.feifa.com
127.0.0.1www.aisex.com
127.0.0.1www.movie-down.com
127.0.0.1www2.movie-down.com
127.0.0.1www.tt90.com
127.0.0.1www.tt78.com
127.0.0.1www.tiankong.net
127.0.0.1www.qqchat.cn
127.0.0.1www.yymp3.com
127.0.0.1www.9see.com
127.0.0.1www.woliao.net
127.0.0.1www.woliao.com
127.0.0.1www.kuro.com.cn
127.0.0.1www.wangzhiku.com
127.0.0.1hothack.home.chinaren.com
127.0.0.1www.777888.com
127.0.0.1www.5dsoft.com
127.0.0.1www.wokoo.net
127.0.0.1movie.sx.zj.cn
127.0.0.1xyxy68.8u8.net
127.0.0.1www.youmiss.com
127.0.0.1www.cctv8.net
127.0.0.1www.kuliao.com
127.0.0.1www.yyqy.com
127.0.0.1www.sunvod.com
127.0.0.1www.t168.com
127.0.0.1www.coolcdrom.com
127.0.0.1www.girl008.com
127.0.0.1xajh.15888.net
127.0.0.1www.51bug.com
127.0.0.1www.wplune.com
127.0.0.1www.777888.net
127.0.0.1pollen.my001.net
127.0.0.1www.yule21.com
127.0.0.1www.fish3000.com
127.0.0.1www.666e.com
127.0.0.1qm.8ok.com
127.0.0.1www.guosir.ccoo.com
127.0.0.1www.163mm.com
127.0.0.1www.cnooo.com
127.0.0.1www.es158.com
127.0.0.1www.aisa-girl.net
127.0.0.1www.boliwu.com
127.0.0.1www.89005.com
127.0.0.1www.cctv1.net
127.0.0.1www.play.cn.gs
127.0.0.1newyouth.3322.net
127.0.0.1chinabdkx.363.net
127.0.0.1www.zknew.com
127.0.0.1www.dhchao.com
127.0.0.1www.top666.net
127.0.0.1www.amoisonic.com
127.0.0.1www.markguide.com
127.0.0.1www.xyxc.ccoo.com
127.0.0.1www.flyingwalk.com
127.0.0.1www.yezine.net
127.0.0.1www.mmgirls.com
127.0.0.1www.wa***.net
127.0.0.1www.net5w.com
127.0.0.1www.fbstu.com
127.0.0.1www.qlwl.com
127.0.0.1www.yinshang.com
127.0.0.1www.ncunet.com
127.0.0.1www.555666.net
127.0.0.1www.fm1058.cc
127.0.0.1meim.y365.com
127.0.0.1www.qq520.net
127.0.0.1jjkafei.longcity.net
127.0.0.1chow.yesky.net
127.0.0.1oicq.hk.st
127.0.0.1www.my288.com
127.0.0.1www.laws-online.net
127.0.0.1www.hj168.net
127.0.0.116888.6to23.com
127.0.0.1www.love520.net
127.0.0.1www.qq520.com
127.0.0.1www.ezhgc.com
127.0.0.1www.eastedu.com.cn
127.0.0.1www.435000.com
127.0.0.1sdik.8ok.net
127.0.0.1feiying.coolwww.net
127.0.0.1zhongxuesheng.myrice.com
127.0.0.1www.yes9999.com 　　
127.0.0.1www.nnptt.com
127.0.0.1vod.hengshui.com
127.0.0.1tv.megajoy.com
127.0.0.1www.h444.net
127.0.0.1update.myxq.com
127.0.0.1www.qq168.net 　
127.0.0.1www.777888.com 　
127.0.0.1www.5dsoft.com 　
127.0.0.1movie.sx.zj.cn 　　
127.0.0.1www.yeapple.com 　
127.0.0.1winzheng.126.com
127.0.0.1www.boliwo.com
127.0.0.1www.pk.com
127.0.0.1www.unionsky.cn
127.0.0.1www.allyes.com
127.0.0.1www.xxx.com
127.0.0.1204.177.92.68
127.0.0.1www.fassia.net 　　　　　　
127.0.0.1www.jinpin.net 　　　　　　
127.0.0.1www.happy666.net
127.0.0.1www.myxq.com
127.0.0.1dvd.qq92.com
127.0.0.1www.16yi.com
127.0.0.1www.ye77.com
127.0.0.1www.7sese.com
127.0.0.1www.1yin.net
127.0.0.1www.77ttt.com
127.0.0.1www.7mao.com
127.0.0.1www.mydj2005.com
127.0.0.1www.vv78.com
127.0.0.1www.v119.com
127.0.0.1100.332233.com
127.0.0.1www.cashbackbuddy.com
127.0.0.1www.10uu.com
127.0.0.1fly950.nease.net

==================================
API HOOK
N/A

==================================

[/CODE]

病急1乱1投医 - 2007-2-13 18:16:00

主要症状：瑞星被转入后台操作，声音被静音，有时候回出来一个流量计的显示一闪就过，启动msconfig项无法运行，提示该文件不存在（用搜索文件可以找到并启动）用超级巡警3.1没有提示发现病毒，用瑞星发现并清除了2个病毒但是一开机或从起它就又出来了。急切的盼望高手给解决，在这里跪谢了

新版小欧 - 2007-2-13 18:29:00

你先用360在安全模式下清一下你的HOSTS 文件先,汗~~~~

再在启动项删去
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<C:\WINDOWS\svch0st.exe>
<C:\WINDOWS\iexp1ore.exe>
<C:\WINDOWS\TEMP\6.exe>

同时删除对应文件,最好通文件的建立时间查找其它文件一起删除

重装安装或修复瑞星,在带网络安全模式下进行,然后进行全面杀毒.

奇迹天下 - 2007-2-13 18:39:00

注册表
<6yyh4rqf4><C:\WINDOWS\svch0st.exe> [N/A]
<b77dj5wwj><C:\WINDOWS\iexp1ore.exe> [N/A]
<{DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> [N/A]
<BaoFeng32><C:\WINDOWS\TEMP\6.exe> [N/A
服务
[HTTP SLLL / HTTP SLLL][Stopped/Disabled]
<C:\WINDOWS\windowsxp.bat><N/A>
[svchost / GrayPigeon][Stopped/Disabled]
<C:\WINDOWS\svchost.exe><N/A>

动态媒体连接库
[C:\WINDOWS\system32\Kav26.dll] [N/A, N/A]

楼主病毒还真是多哦！记下路径
ICESWORD有么？打开冰刃和SRENG，然后禁止创建进程，结束svch0st.exe，iexp1ore.exe，6.exe
然后用SRENG把上面的注册表启动项全部删除，然后把服务停止，并且禁用！
然后用ICESWORD找到文件，全部删除，不删出可以剪切到一个文件夹里面上报给瑞星，这样下次直接用瑞星杀毒就可以了（上报地址：up.rising.com.cn）
最后把禁止创建进程去掉，重启，OK

新版小欧 - 2007-2-13 18:45:00

有的工具偶也不是太会用,还是楼上这位大哥招高些.呵呵~~~

蓝狐Lovepig - 2007-2-13 18:53:00

瑞星被转入后台操作，声音被静音

偶的也一样

ydfhfx - 2007-2-13 19:01:00

上面的说得差不多了，我补充一下。
在C:\WINDOWS\system32\drivers\etc下面找到hosts
用笔记本打开。
把内容改成：“127.0.0.1 localhost”
其他那些都不要。

UFO不幸外人 - 2007-2-13 19:03:00

打开冰刃结束下列进程
[PID: 3552][C:\WINDOWS\svch0st.exe] [N/A, N/A]
[PID: 1044][C:\WINDOWS\TEMP\6.exe] [N/A, N/A]

打开冰刃的服务禁用下列服务
[svchost / GrayPigeon][Stopped/Disabled]
<C:\WINDOWS\svchost.exe><N/A>
[HTTP SLLL / HTTP SLLL][Stopped/Disabled]
<C:\WINDOWS\windowsxp.bat><N/A>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windds32.dll,input><Microsoft Corporation>

打开冰刃中的注册表删除下列对应注册表
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
<6yyh4rqf4><C:\WINDOWS\svch0st.exe> [N/A]
<b77dj5wwj><C:\WINDOWS\iexp1ore.exe> [N/A]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
不删除任何项目
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
<BaoFeng32><C:\WINDOWS\TEMP\6.exe> [N/A]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
不删除任何项目
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
不删除任何项目

需要处理的驱动程序
无

打开冰刃中的文件删除下列文件删除不了的强制删除
C:\WINDOWS\system32\Kav26.dll
C:\WINDOWS\TEMP\6.exe
C:\WINDOWS\iexp1ore.exe
C:\WINDOWS\system32\windds32.dll
C:\WINDOWS\windowsxp.bat
C:\WINDOWS\svchost.exe
C:\WINDOWS\svch0st.exe
C:\WINDOWS\iexp1ore.exe
清空C:\Documents and Settings\用户名\Local Settings\Temp文件夹中所有文件及文件夹

特殊处理
处理HOSTS文件具体方法看我的置顶贴2楼上面的5的第二个
（第二个要看的就是HOSTS文件，这里的看法是按照行，日志前面写的是网址对应的DNS解析的IP地址，如果所有IP地址都是同一个，或者和其他计算机解析的IP地址不同，那么就有问题，最主要的还是同一个或者同为127.0.0.1。处理方法很简单，利用记事本打开Host这个文件，路经在C:\WINDOWS\system32\drivers\etc，这个处理最好是在病毒删除以后。）

怀疑项目：
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Disabled]
<"C:\Program Files\Windows Media Player\wmpnetwk.exe"><N/A>

病毒文件希望可以发送给我一份
temp下面的dll和EXE也给我一份
瑞星隔离系统（c:\ravbin\下的.bin文件）的文件也给我

冰刃下载地址http://www.ttian.net/website/2005/0829/391.html

病急1乱1投医 - 2007-2-13 19:29:00

谢谢你们的帮助，我用安全卫士弄了一下，好多了，我在按你们的搞一下，希望彻底清除我把刚扫的在发一下（还没来的急用你们的招我先扫个上来）看看还有什么问题
[CODE]

2007-02-13,19:11:26

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2149 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SLLL / HTTP SLLL][Stopped/Disabled]
<C:\WINDOWS\windowsxp.bat><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Disabled]
<"C:\Program Files\Windows Media Player\wmpnetwk.exe"><N/A>

==================================
驱动程序
[a320raid / a320raid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[aar1210 / aar1210][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6890 / AEC6890][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[aha154x / aha154x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[asc / asc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fasttrak / fasttrak][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Hpt366 / Hpt366][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[m5228 / m5228][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn][Stopped/Manual Start]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]

病急1乱1投医 - 2007-2-13 19:30:00

<\??\C:\WINDOWS\system32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\Tencent\QQ\npkycryp.sys><N/A>
[SiI 680 ATA Controller / Pnp680][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql10wnt / ql10wnt][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
<system32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiI-3512 SATALink Controller / SI3112][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Running/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SiSV / SiSV][Stopped/Manual Start]
<system32\DRIVERS\SiSV.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sparrow / sparrow][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[UlSata / UlSata][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[VIA ATA/ATAPI Host Controller / viapdsk][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Running/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonx86][Running/Manual Start]
<system32\DRIVERS\yukonx86.sys><Marvell Semiconductor Inc.>
[Teclast WE 303 PC Camera / ZSMC303][Running/Manual Start]
<System32\Drivers\usbVM303.sys><Vimicro Corporation>

病急1乱1投医 - 2007-2-13 19:31:00

浏览器加载项
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Tencent\QQ\SendMMS.htm, N/A>

病急1乱1投医 - 2007-2-13 19:32:00

正在运行的进程
[PID: 556][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4109]
[PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 884][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1096][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1112][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1168][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1312][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1352][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1492][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1644][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1844][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 1912][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 2036][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]

UFO不幸外人 - 2007-2-13 19:35:00

如果你完全按照我的去查杀病毒文件删除了那么就没有问题了不用再发你的日志了

病急1乱1投医 - 2007-2-13 19:35:00

正在运行的进程
[PID: 556][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4109]
[PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 884][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1096][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1112][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1168][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1312][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1352][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1492][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1644][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1844][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4109]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 1912][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 2036][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]

病急1乱1投医 - 2007-2-13 19:35:00

[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 388][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 428][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 444][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 4, 0, 4, 11]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Device, Inc., 1, 0, 22, 26]
[PID: 468][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 4, 0, 4, 25]
[PID: 592][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 4.3. 625.61]
[PID: 788][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 768][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 1336][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1620][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 2664][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 1, 0, 1, 1004]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 3001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 5, 1000]
[PID: 2412][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 2424][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 3588][G:\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 3944][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\Program Files\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：CreateProcessA
入口点错误：CreateProcessW

==================================

[/CODE]

瑞星卡卡安全论坛