瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » mspcidrv.sys无法删除(已解决!谢谢“西门吹牛”兄弟!!!)
yuelihu - 2007-3-12 12:01:00
中着了!高手请指点!如何施救?
mspcidrv.sys无法删除,病毒……
yuelihu - 2007-3-12 12:02:00


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <igfxtray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <igfxpers><C:\WINDOWS\System32\igfxpers.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <Desktop><"C:\WINDOWS\System32\internet.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Symantec Fax Starter Edition Port]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Symantec Fax Starter Edition Port.lnk --> C:\PROGRA~1\MICROS~2\Office\2052\OLFSNT40.EXE [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[BUZOR / BKMARKS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\LQBUY.DLL,Export 1087><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[E213CDC7 / E213CDC7][Stopped/Auto Start]
  <C:\WINDOWS\System32\E213CDC7.EXE -service><N/A>
[Vsn fkwx Service / fkwx][Running/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\lqcd\sxjk.dll,Service><Microsoft Corporation>
[Event Service / Hardware][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\gkniv.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Internet Connection Manager / Internet Connection Manager][Stopped/Auto Start]
  <"C:\WINDOWS\System32\internet.exe"><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Std wbqr Service / wbqr][Running/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\rwij\bgvw.dll,Service -s><Microsoft Corporation>
[WebPrint / WebPrint][Stopped/Auto Start]
  <c:\windows\system32\webprint.exe><Microsoft Corporation>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mspcidrv / mspcidrv][Running/System Start]
  <system32\DRIVERS\mspcidrv.sys><Windows (R) 2000 DDK provider>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\安装应用程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <System32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[UnlockerDriver4 Driver / UnlockerDriver4][Stopped/Manual Start]
  <\??\C:\Program Files\Unlocker\UnlockerDriver4.sys><N/A>
[uule / uulef][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\uulef.sys><N/A>
[llwuxa / llwuxa][Running/Disabled]
  <\??\C:\WINDOWS\TEMP\llwuxajnx><N/A>

==================================
yuelihu - 2007-3-12 12:03:00
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[chwx]
  {899F04BD-01A8-44A0-9801-1CDBB7EEDF67} <C:\PROGRA~1\lqcd\pugh.dll, >
[Advance Helper]
  {8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\System32\NTDLL32.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[IE Browser Helper]
  {D0903A3B-F0EA-434a-9742-98C5335C7946} <C:\WINDOWS\System32\IEHelper.dll, Mass Effect Network>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\安装应用程序\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\安装应用程序\QQ胡达达\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\安装应用程序\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\安装应用程序\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\安装应用程序\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\安装应用程序\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\安装应用程序\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\安装应用程序\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
yuelihu - 2007-3-12 12:08:00
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, N/A]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 576][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 588][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 824][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 840][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\gkniv.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 960][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1024][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1040][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1244][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\xtnwq.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\Downloaded Program Files\826230\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\Downloaded Program Files\826230\SHLWAPI32.DLL]  [Microsoft Corporation, 6.00.2900.3020]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\WINDOWS\System32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\NTUP1.dll]  [Microsoft Corporation, 1, 0, 3, 1]
    [C:\WINDOWS\System32\wsttrs.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\SYSTEM32\WBEM\LQBUY.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [c:\windows\system32\gkniv.dll]  [Microsoft Corporation, 5.1.2600.0]
    [D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
yuelihu - 2007-3-12 12:08:00
[PID: 1284][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  [CNNIC, 2, 2, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1340][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\安装应用程序\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\system32\OLFMNT40.DLL]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.60.709.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 60, 2629, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 6, 1, 524, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 6, 1, 520, 1]
[PID: 1524][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1672][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\LQBUY.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1704][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1724][C:\WINDOWS\System32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1760][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1780][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1784][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\lqcd\sxjk.dll]  [, 1, 2, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1796][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1848][C:\WINDOWS\System32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1888][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.39]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 1948][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
[PID: 124][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 192][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\rwij\bgvw.dll]  [ , 4, 1, 0, 4]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\glxy.dll]  [ , 1, 0, 0, 6]
[PID: 500][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 760][C:\Program Files\Microsoft Office\Office\2052\OLFSNT40.EXE]  [Microsoft Corporation, 9.0.98.0105]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
yuelihu - 2007-3-12 12:09:00
[C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2436][D:\安装应用程序\世界之窗绿色版\TheWorldFull\TheWorld.exe]  [Phoenix Studio, 1, 2, 3, 5]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [D:\安装应~1\世界之~1\THEWOR~1\Plugin\SysState\SysState.dll]  [Phoenix Stdio, 1, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3020][C:\WINDOWS\System32\MDM.EXE]  [Microsoft Corporation, 6.00.8149]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\MSDBG.DLL]  [Microsoft Corporation, 6.00.8146]
[PID: 2360][c:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll]  [CNNIC, 1.0.0.7]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\System32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\System32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  [CNNIC, 1, 1, 0, 0]
    [C:\WINDOWS\System32\PDM.DLL]  [Microsoft Corporation, 6.00.8169]
    [C:\WINDOWS\System32\MSDBG.DLL]  [Microsoft Corporation, 6.00.8146]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2952][E:\tools\专杀\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\PROGRA~1\rwij\ejvw.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\rwij\joab.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================


[/CODE]
yuelihu - 2007-3-12 15:33:00
没有人指点吗?在线等…………
yuelihu - 2007-3-12 17:11:00
今天高手全都放假了?继续等……
yuelihu - 2007-3-13 8:10:00
今天高手全都放假了?帮忙啊……
菜鸟玩病毒 - 2007-3-13 8:32:00
进行以下操作(操作时候请先确认一下):
删除注册表:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{2D49692C-A5FD-4E29-A3CD-37E9B182FCC6}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Desktop><"C:\WINDOWS\System32\internet.exe"> [Microsoft Corporation]
删除服务:
    [BUZOR / BKMARKS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\LQBUY.DLL,Export 1087><Microsoft Corporation>
[E213CDC7 / E213CDC7][Stopped/Auto Start]
<C:\WINDOWS\System32\E213CDC7.EXE -service><N/A>
[Vsn fkwx Service / fkwx][Running/Auto Start]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\lqcd\sxjk.dll,Service><Microsoft Corporation>
[Event Service / Hardware][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\gkniv.dll><Microsoft Corporation>
[Internet Connection Manager / Internet Connection Manager][Stopped/Auto Start]
<"C:\WINDOWS\System32\internet.exe"><Microsoft Corporation>
[Std wbqr Service / wbqr][Running/Auto Start]
<C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\rwij\bgvw.dll,Service -s><Microsoft Corporation>
删除驱动:
[uule / uulef][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\uulef.sys><N/A>
[llwuxa / llwuxa][Running/Disabled]
<\??\C:\WINDOWS\TEMP\llwuxajnx><N/A>
重起机器清理相关的文件.......

操作之后可以再发个报告上来...


yuelihu - 2007-3-13 12:01:00


那家伙还在………………  


yuelihu - 2007-3-13 12:04:00
[CODE]

2007-03-13,11:36:48

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <igfxtray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <igfxpers><C:\WINDOWS\System32\igfxpers.exe>  [(Verified)Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Symantec Fax Starter Edition Port]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Symantec Fax Starter Edition Port.lnk --> C:\PROGRA~1\MICROS~2\Office\2052\OLFSNT40.EXE [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[BUZOR / BKMARKS][Stopped/Disabled]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\LQBUY.DLL,Export 1087><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\System32\drivers\CDAC11BA.EXE><Macrovision>
[E213CDC7 / E213CDC7][Stopped/Disabled]
  <C:\WINDOWS\System32\E213CDC7.EXE -service><N/A>
[Vsn fkwx Service / fkwx][Stopped/Disabled]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\lqcd\sxjk.dll,Service><Microsoft Corporation>
[Event Service / Hardware][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\gkniv.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Internet Connection Manager / Internet Connection Manager][Stopped/Auto Start]
  <"C:\WINDOWS\System32\internet.exe"><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Std wbqr Service / wbqr][Stopped/Disabled]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\rwij\bgvw.dll,Service -s><Microsoft Corporation>
[WebPrint / WebPrint][Stopped/Auto Start]
  <c:\windows\system32\webprint.exe><Microsoft Corporation>
yuelihu - 2007-3-13 12:05:00
==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mspcidrv / mspcidrv][Running/System Start]
  <system32\DRIVERS\mspcidrv.sys><N/A>
[msqmx / msqmx][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\msqmx.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\安装应用程序\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <System32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[UnlockerDriver4 Driver / UnlockerDriver4][Stopped/Manual Start]
  <\??\C:\Program Files\Unlocker\UnlockerDriver4.sys><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[chwx]
  {09DD41A0-0C3B-424B-86EC-F10A6D4971C4} <C:\PROGRA~1\COMMON~1\lqcd\pugh.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[chwx]
  {899F04BD-01A8-44A0-9801-1CDBB7EEDF67} <C:\PROGRA~1\lqcd\pugh.dll, >
[Advance Helper]
  {8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\System32\NTDLL32.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[IE Browser Helper]
  {D0903A3B-F0EA-434a-9742-98C5335C7946} <C:\WINDOWS\System32\IEHelper.dll, Mass Effect Network>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\安装应用程序\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\安装应用程序\QQ胡达达\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\安装应用程序\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\安装应用程序\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\安装应用程序\QQ胡达达\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\安装应用程序\QQ胡达达\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\安装应用程序\QQ胡达达\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\安装应用程序\QQ胡达达\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
yuelihu - 2007-3-13 12:06:00
==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, N/A]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 576][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 828][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 964][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 992][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1008][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1200][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\AdobePDF.dll]  [Adobe Systems Incorporated., 7.0.0.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\安装应用程序\Acrobat 7.0\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\system32\OLFMNT40.DLL]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1396][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\xtnwq.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\Downloaded Program Files\826230\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\Downloaded Program Files\826230\SHLWAPI32.DLL]  [Microsoft Corporation, 6.00.2900.3020]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\COMMON~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\System32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\安装应用程序\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\安装应用程序\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 1472][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
yuelihu - 2007-3-13 12:07:00
[PID: 1484][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  [CNNIC, 2, 2, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1656][C:\WINDOWS\System32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1784][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 244][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 260][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 276][C:\WINDOWS\System32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 284][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.39]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 316][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 364][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
[PID: 824][C:\Program Files\Unlocker\UnlockerAssistant.exe]  [N/A, N/A]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 920][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1288][C:\Program Files\Microsoft Office\Office\2052\OLFSNT40.EXE]  [Microsoft Corporation, 9.0.98.0105]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2256][c:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.dll]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\安装应用程序\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS]  [Adobe Systems Incorporated, 7.0.0.0]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [D:\安装应用程序\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\PROGRA~1\COMMON~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
    [C:\Program Files\Common Files\CPUSH\cpush0.dll]  [N/A, 1.0.2.5]
    [C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll]  [CNNIC, 1.0.0.7]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [D:\安装应用程序\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\lqcd\pugh.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\System32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\System32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  [CNNIC, 1, 1, 0, 0]
yuelihu - 2007-3-13 12:07:00
[PID: 2508][D:\安装应用程序\世界之窗绿色版\TheWorldFull\TheWorld.exe]  [Phoenix Studio, 1, 2, 3, 5]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [D:\安装应~1\世界之~1\THEWOR~1\Plugin\SysState\SysState.dll]  [Phoenix Stdio, 1, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3344][E:\tools\专杀\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================


[/CODE]
瞳孔在放大 - 2007-3-13 12:09:00
到DOS下改掉文件属性再册,楼主的电脑流氓软件真不少啊
西门吹牛 - 2007-3-13 12:41:00
楼主中的病毒我见过
该木马病毒运行后,向系统添加一个名为Internet Connection Manager(管理Internet网络连接)的自启动系统服务(用于实现远程监控),源文件为x:\windows\system32\internet.exe,并向ie浏览器添加了一个名为IEHELPER.DLL的插件,以上就是这个程序的最终目的。到此为止,这都只是个很普通的木马程序做的事情,剩下的就是它为了保证这两项能在系统中常驻所花的心思了,而它厉害的地方也在于此。

程序运行时,在x:\windows\system32\driver文件夹下添加一个名为mspcidrv.sys的系统驱动,向HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls下添加NTDLL32.DLL项(注意,这个大有用处)
同时也向HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects下添加了该项(启动浏览器时自动激活NTDLL32.DLL)向HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run下添加了两处启动项,分别都指向x:\windows\system32.internet.exe,驱动mspcidrv.sys加载后会改写三个系统服务描述表项,分别为NtDeleteKey、NtDeleteValueKey、NtSetValueKey,并HOOK,使得针对那两个最终目的的注册表项的删除注册表项、删除注册表键值、更改注册表键值这三个操作就失去作用了,这是为了保护Internet Connection Manager系统服务和IEHELPER.DLL插件的注册表项不会被清除。而HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls下的这个NTDLL32.DLL项,这就是实现内存恢复的关键。实际上这个是一个插入系统进程的DLL文件,在程序启动时,它就作为一个系统线程插入explorer进程,并对注册表项进行监视,它分别检测上述两个最终目的的两处注册表项,发现它们被删除就立刻重写, 这一招的作用是,在驱动还在的情况下,如果注册表项被删除(通过某些工具软件如:Rootkit Unhooker),就立刻重写,保证两个最终功能的完整是因为这个线程自己本身也是要靠驱动保护的,所以在驱动失效,而它自己的注册表项又已被清除的情况下,它也只能维持在驱动被清除之前的那一次进程插入,以保证下次开机时两个最终目的启动项的完整。

下载Rootkit Unhooker并安装,进入Windows任务管理器(同时按ctrl+alt+del)结束explorer进程,然后同样在任务管理器 “文件\新建任务”选中并运行你安装的Rootkit Unhooker程序,将mspcidrv.sys所挂钩的服务移出,之后在任务管理器 “文件\新建任务”选中运行注册表编辑器regedit,分别搜索并删除(现在可以删了)与internet.exe 、mspcidrv.sys、Ntdll32.dll及IEHELPER.DLL相关的所有项目。重启机器后就OK了,当然你还可以进入x:\windows\system32\删除病毒残留internet.exe 、mspcidrv.sys、Ntdll32.dll和IEHELPER.DLL文件。
西门吹牛 - 2007-3-13 12:43:00
楼主也可以试一试下载360安全卫士,据说能清除该病毒
yuelihu - 2007-3-13 12:53:00
不懂,详细步骤能否提供?
西门吹牛 - 2007-3-13 13:04:00
下载Rootkit Unhooker并安装,进入Windows任务管理器(同时按ctrl+alt+del)结束explorer进程,然后同样在任务管理器 “文件\新建任务”选中并运行你安装的Rootkit Unhooker程序,将mspcidrv.sys所挂钩的服务移出,之后在任务管理器 “文件\新建任务”选中运行注册表编辑器regedit,分别搜索并删除(现在可以删了)与internet.exe 、mspcidrv.sys、Ntdll32.dll及IEHELPER.DLL相关的所有项目。重启机器后就OK了,当然你还可以进入x:\windows\system32\删除病毒残留internet.exe 、mspcidrv.sys、Ntdll32.dll和IEHELPER.DLL文件。
西门吹牛 - 2007-3-13 13:07:00
Rootkit Unhooker官方下载地址
http://www.rku.xell.ru/?l=e&a=dl
西门吹牛 - 2007-3-13 13:11:00
有中文语言,楼主可以下载Chinese语言包,解压缩出一个local.dll文件,放在安装的程序目录中,然后可以选择简体中文界面。
yuelihu - 2007-3-13 14:37:00
用“Rootkit Unhooker”搞定了!谢谢各位!
西门吹牛 - 2007-3-13 22:40:00
看到这个消息很高兴
琼台听雨 - 2007-3-13 22:58:00
长见识了……
stkk112 - 2007-3-15 12:53:00
我也要杀这个东西.害死我了.
含笑饮毒酒 - 2007-3-15 13:22:00
学习中!!!
咖啡猫88 - 2007-8-5 13:44:00
这个问题大概一年前我就碰到了,那时候杀毒软件都没有报毒,只是总弹窗口,手工查杀才发现,因为查不到mspcidrv.sys这个程序,只是被internet.exe反复的折腾,只好带毒运行了……寒一个

前几天杀毒程序发现了mspcidrv.sys,总算找到了根,不过这个病毒杀毒软件只能发现,杀不掉,必须手工,因为进了注册表和服务自启动,每次都会被激活,安全模式也会被激活(真佩服这个病毒软件编写者,有点水平哦)

但是我用Rootkit Unhooker 似乎总是启动失败(我在安全模式下启动的,可能不行)

不得已使用了一种最简单的方法

1.先用WIN98光盘启动系统(幸好硬盘不是NTFS格式)
2.到SYSTEM32\DRIVERS\ 目录下 (可能是这个目录,过了几天了,有点忘记了),首先要干掉 mspcidrv.sys 文件,删除的时候有个技巧,用del mspcidrv.sys命令居然被拒绝,所以先用了rename 命令,rename mspcidrv.sys msp.sys 修改为msp.sys以后实际上这个病毒就不能在服务里自启动了,不过还是del msp.sys安心些(很多网友没用过486 586时代的DOS操作系统,这些命令可能并不熟悉)

剩下的就比较简单了

3.进系统注册表,把那几个病毒键值删除掉
4.干掉那几个病毒软件(有些病毒软件显示正在运行,不能删除,就重启动一下,前提是已经删除了在注册表的键值,不然下次又会被运行)
5.到服务里把假冒的服务禁止掉(Internet Connection Manager系统服务)

最后再复查一下,一般mspcidrv.sys 被灭了以后,剩下的病毒都容易处理
1
查看完整版本: mspcidrv.sys无法删除(已解决!谢谢“西门吹牛”兄弟!!!)
© 2000 - 2026 Rising Corp. Ltd.