高手帮忙!我的XP系统时间总是1990年,不能修改,是什么病毒? bbs.ikaka.com

wjl4593 - 2007-4-14 23:48:00

我的XP系统时间总是1990年,不能修改,是什么病毒?清高手帮助!

修罗撒旦 - 2007-4-15 0:08:00

是不是主板电池没有电了....

可以换块电池重新扫描一下...

火影忍者 - 2007-4-15 0:23:00

先扫个HJ日志上来看能不能处理掉...再看能不能扫SRE日志..

wjl4593 - 2007-4-15 0:49:00

主办电池已换过!SRE不能正常运行!

鸟儿天上飞 - 2007-4-15 0:55:00

引用:

【wjl4593的贴子】主办电池已换过!SRE不能正常运行!
………………

把系统时间修改为正常时间然后在扫描..

wjl4593 - 2007-4-15 1:01:00

========Content========
系统时间修改不了,主办电池已换过!SRE不能正常运行!－－总是提示此版本已过期？

newcenturymoon - 2007-4-15 1:02:00

安全模式下把时间改回来然后扫描

天月来了 - 2007-4-15 1:16:00

或者在BIOS里改下试试。

不行的话，就试试卡卡的日志扫描。

或者其他的什么扫系统日志的，先应付一部分再说。

wjl4593 - 2007-4-15 1:22:00

========Content========
扫描结果;
2007-04-15,00:54:26

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<usbmon><D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp\Rar$EX00.672\USBCleaner6.0\usbmon.exe> [zju]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sj><D:\WINDOWS\Syssj2\svchost.exe> []
<wm><D:\WINDOWS\Syswm3\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CdnCtr><D:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<MSConfig><D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{D91AFF37-45BF-4D4D-9E02-2D37C5EA6653}><D:\WINDOWS\system32\svchost.DLl> [N/A]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><D:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><D:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINDOWS\HEREKI~1.SCR> [Comis]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<cmddbcs><; D:\WINDOWS\cmddbcs.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<EXPLORER.EXE><; EXPLORER.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<mooness><; D:\WINDOWS\mooness.exe /i> [N/A]
<mppds><; D:\WINDOWS\mppds.exe> []
<msccrt><; D:\WINDOWS\msccrt.exe> []
<RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<rupxdnd><; D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp\rupxdnd.exe> [N/A]

wjl4593 - 2007-4-15 1:28:00

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 208][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 232][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[D:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.2180]
[D:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

wjl4593 - 2007-4-15 1:29:00

[PID: 748][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.2180]
[D:\WINDOWS\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[D:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\OLEACC.dll] [Microsoft Corporation, 4.2.5406.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[D:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\themeui.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msutb.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[D:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284]
[D:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 3.0.3790.2180]
[D:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\WINDOWS\system32\nwprovau.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[D:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]

wjl4593 - 2007-4-15 1:30:00

PID: 1060][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSUTB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.2180]
[D:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][D:\Documents and Settings\wjl.BTBU-4E5CA07936\My Documents\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.010817-1148)]
[D:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.2180]
[D:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1221]
[D:\WINDOWS\system32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Sensapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\wsock32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rasman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]

==================================

wjl4593 - 2007-4-15 1:34:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[E:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

wjl4593 - 2007-4-15 1:38:00

BIOS修改后又回到1990-4-14

鸟儿天上飞 - 2007-4-15 1:50:00

安全模式下把系统时间修改为正确时间...
运行SREng2,使用“启动项目”－－注册表－－删除
<sj><D:\WINDOWS\Syssj2\svchost.exe> []
<wm><D:\WINDOWS\Syswm3\svchost.exe> []
<{D91AFF37-45BF-4D4D-9E02-2D37C5EA6653}><D:\WINDOWS\system32\svchost.DLl> [N/A]
<cmddbcs><; D:\WINDOWS\cmddbcs.exe> [N/A]
<mooness><; D:\WINDOWS\mooness.exe /i> [N/A]
<mppds><; D:\WINDOWS\mppds.exe> []
<msccrt><; D:\WINDOWS\msccrt.exe> []
<rupxdnd><; D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp\rupxdnd.exe> [N/A]
显示隐藏文件删除:
D:\WINDOWS\Syssj2\svchost.exe
D:\WINDOWS\Syswm3\svchost.exe
D:\WINDOWS\system32\svchost.DLl
D:\WINDOWS\cmddbcs.exe
D:\WINDOWS\mooness.exe
D:\WINDOWS\mppds.exe
D:\WINDOWS\msccrt.exe
清空:D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp
用WINRARA打开C,D,D盘删除如下文件..(删除以下文件之前请压缩一份然后在删除..发送到yweier@163.com 密码123 万分感谢)
Autorun.inf rising.exe

另外日志不全以上操作做完以后请重新扫描日志上传.....

wjl4593 - 2007-4-15 1:58:00

鸟儿天上飞 --大侠:
谢谢 !! 我9:00以后再上传.

火影忍者 - 2007-4-15 9:57:00

补充下.删除
每个盘符下的(右键打开)
rising.exe和autorun.inf文件

wjl4593 - 2007-4-15 10:44:00

鸟儿天上飞 --大侠:
谢谢 !!邮件已发出.

鸟儿天上飞 - 2007-4-15 10:59:00

【回复“wjl4593”的帖子】
;楼主你的邮件我没有收到请检查你输入的邮箱地址是否正确

yweier@163.com
ywerer@yahoo.com.cn 压缩密码:123

麻烦在发一次谢谢...

wjl4593 - 2007-4-15 13:57:00

鸟儿天上飞 --大侠:
谢谢 !!扫描日志已发出

每个盘符下的(右键打开)
rising.exe和autorun.inf文件最新瑞星杀毒后已消失但时间仍不能修改总是1990 年

天月来了 - 2007-4-15 14:07:00

他本就是大侠。

9：00？？？？？？？

太迟了吧？？？？？？？？？？

火影忍者 - 2007-4-15 14:09:00

再扫份日志上来.

天月来了 - 2007-4-15 14:14:00

呵呵！！！！！！！！

火影急了！！！！！

火影忍者 - 2007-4-15 15:24:00

引用:

【天月来了的贴子】呵呵！！！！！！！！

火影急了！！！！！

………………

........................

怎么说?

wjl4593 - 2007-4-15 15:59:00

========Content========
鸟儿天上飞 --大侠:
谢谢 !!上网后rising.exe和autorun.inf文件又出现
扫描日志和病毒压缩件已发到雅虎邮箱

wjl4593 - 2007-4-15 16:07:00

========Content========
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<usbmon><D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp\Rar$EX00.672\USBCleaner6.0\usbmon.exe> [N/A]
<EXPLORER.EXE><; EXPLORER.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CdnCtr><D:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><D:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><D:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINDOWS\HEREKI~1.SCR> [Comis]

wjl4593 - 2007-4-15 16:11:00

启动文件夹
N/A

==================================
服务
[4C9907B8 / 4C9907B8][Stopped/Auto Start]
<D:\WINDOWS\system32\4C9907B8.EXE -service><N/A>
[9C491BA8 / 9C491BA8][Stopped/Auto Start]
<D:\WINDOWS\system32\9C491BA8.EXE -k><Microsoft Corporation>
[A1284DBF / A1284DBF][Stopped/Auto Start]
<D:\WINDOWS\system32\A1284DBF.EXE -A1284DBF><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Stopped/Auto Start]
<D:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[F13953D8 / F13953D8][Stopped/Auto Start]
<D:\WINDOWS\system32\F13953D8.EXE -service><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Imsvc / Imsvc][Stopped/Auto Start]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\Webmail.dll><>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Navoct / Navoct][Stopped/Auto Start]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\Program Files\iesnap\navoct.dll>< >
[Vsn qxdi Service / qxdi][Stopped/Auto Start]
<D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\wajo\ahqv.dll,Service><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Stopped/Auto Start]
<\??\D:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Stopped/Auto Start]
<\??\D:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cgecciec / cgecciec][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cgecciec.sys><N/A>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[king002 / king002][Stopped/Manual Start]
<\??\D:\DOCUME~1\WJL~1.BTB\LOCALS~1\Temp\xpa.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Stopped/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>

wjl4593 - 2007-4-15 16:12:00

浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[nuaf]
{11C5633F-1B68-4E42-A15D-43B82B9A56D6} <D:\PROGRA~1\wajo\xens.dll, N/A>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\Jccatch.dll, FlashGet>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <D:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[nuaf]
{11C5633F-1B68-4E42-A15D-43B82B9A56D6} <D:\PROGRA~1\wajo\xens.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Menu Class]
{27D784D7-9217-4227-B43B-E06E4781E0CB} <D:\WINDOWS\system32\AlxTB1.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\Jccatch.dll, FlashGet>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <D:\WINDOWS\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <D:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[BrowserProxy4 Class]
{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} <D:\WINDOWS\system32\AlxTB1.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, >
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[Mail to a Friend...]
<http://client.alexa.com/holiday/script/actions/mailto.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[访问通用网址]
<, N/A>

wjl4593 - 2007-4-15 16:16:00

正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 208][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 232][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

wjl4593 - 2007-4-15 16:16:00

[D:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[D:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.2180]
[D:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.258]
[D:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

瑞星卡卡安全论坛