瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 哪位大哥帮我看看,附SREngLOG.
sTenMooN - 2007-4-26 22:12:00
[CODE]

2007-04-26,21:18:05

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\logsony.exe>  [N/A]
    <Alt+Q Hotkey Tool><; C:\WINDOWS\FlyakiteOSX\Software\Alt+Q Hotkey.exe>  []
    <RK Launcher><; C:\Program Files\RK Launcher\RKLauncher.exe>  [RaduKing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
    <System Files Updater><C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S>  []
    <Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions>  [Sony Ericsson Mobile Communications AB]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <McAfeeUpdaterUI><"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
    <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <upxdn><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AVP / AVP][Stopped/Manual Start]
  <?尺????峌?????????????癡尶癁?硥?爭"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
  <system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
  <system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
  <system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
  <system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
  <system32\DRIVERS\k750obex.sys><MCCI>
[MRxSmb / MRxSmb][Stopped/System Start]
  <system32\DRIVERS\mrxsmb.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qjjfqjp / qjjfqjp][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\qjjfqjp.sys><N/A>
[QuakeDRV / QuakeDRV][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[Rdbss / Rdbss][Stopped/System Start]
  <system32\DRIVERS\rdbss.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
  <\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
sTenMooN - 2007-4-26 22:15:00
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\123\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BT\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[]
  {FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, >
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\123\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\PROGRA~1\Powerise\REAL2A~1\PowerPlr.ocx, Powerise Digital>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BT\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\123\MediaAddin12.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, N/A>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[]
  {FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, >
[&V使用Vagaa哇嘎下载]
  <D:\Vagaa\Data\vg.htm, N/A>
[&使用BitComet下载]
  <res://D:\BT\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\BT\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\BT\BitComet\BitComet.exe/AddVideo.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <D:\123\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\123\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>
sTenMooN - 2007-4-26 22:17:00
正在运行的进程
[PID: 336][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 384][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 408][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 456][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1284][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL]  [, 1.5.33.11]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\AVP6\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [E:\金山游侠\Tools\KVD\kscdrush.dll]  [金山软件股份有限公司, 5, 0, 0, 0]
    [D:\123\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 1704][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.00.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.00.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.0.6.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.11.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1712][C:\Program Files\McAfee\Common Framework\UdaterUI.exe]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\McAfee\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\naXML71.dll]  [N/A, ]
    [C:\Program Files\McAfee\Common Framework\NaiSign.DLL]  [N/A, ]
    [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\Program Files\McAfee\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1740][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1764][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3275]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1796][C:\Program Files\McAfee\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.125]
    [C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1832][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1888][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1608][C:\Program Files\Common Files\Teleca Shared\Generic.exe]  [Teleca Software Solutions, 1, 0, 3, 2]
    [C:\Program Files\Common Files\Teleca Shared\Telecalib_logging.dll]  [Teleca/Popwire AB, 1, 0, 2, 3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_32.dll]  [N/A, ]
    [C:\Program Files\Common Files\Teleca Shared\TC Device Mgmt.dll]  [Teleca Software Solutions, 1, 0, 1, 1]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]
    [C:\Program Files\Sony Ericsson\Mobile2\Device Manager\SpecificMPM.dll]  [SonyEricsson, 1, 0, 2, 1]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll]  [N/A, ]
    [C:\Program Files\Common Files\Teleca Shared\SpecificUSB.dll]  [Popwire AB, 1, 2, 1, 1]
    [C:\Program Files\Common Files\Teleca Shared\tlib_log.dll]  [Popwire AB, 1, 0, 3, 3]
    [C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1660][C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe]  [Sony Ericsson Mobile Communications AB, 1, 2, 0,1183]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,115]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll]  [N/A, ]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,1187]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll]  [Sony Ericsson Mobile Communications AB, 1, 2, 0,302]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msmeirsock_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,938]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ms98irsock_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,983]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,995]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,1219]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\xpbtsock_2_object.dll]  [Sony Ericsson Mobile Communications AB, 1, 0, 0,131]
    [C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0804.DLL]  [Popwire AB, 1, 0, 0,2013]
sTenMooN - 2007-4-26 22:18:00
[PID: 1392][D:\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3356][D:\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\QQ\CQQApplication.dll]  [N/A, ]
    [D:\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQAllInOne.dll]  [N/A, ]
    [D:\QQ\GroupLive.dll]  [N/A, ]
    [D:\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQPlugin.dll]  [N/A, ]
    [D:\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QRingMng.dll]  [N/A, ]
    [D:\QQ\QQAvatar.dll]  [N/A, ]
    [D:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ\BQQApplication.dll]  [N/A, ]
    [D:\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [D:\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\QQ\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [D:\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 8, 81]
[PID: 1236][D:\QQ\QQexternal.exe]  [, 1, 0, 0, 1]
    [D:\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2948][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\123\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\BT\BitComet\tools\BitCometBHO_1.1.2.7.dll]  [BitComet, 20070207]
    [C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL]  [, 1.5.33.11]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3924][D:\System Repair Engineer\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [2992] C:\Documents and Settings\All Users\Application Data\Microsoft\Application Data\termsv.exe

==================================


[/CODE]
紫墨蓝尘 - 2007-4-26 22:21:00


[复制到剪贴板]
CODE:


在桌面建立一个文件夹,再用WinRAR工具(即开始-->所有程序里的WinRAR)打开WinRAR-->点“查找”在磁盘和文件夹选 C: 。找到文件(或文件相关的程序),然后按解压到,选桌面刚建的文件夹,然后确定,然后等所有操作做完后再将那个文件夹压缩加密码123(即高级-->设置密码)给我,我的QQ是397005089或者油箱也行wuduyouli@yahoo.com.cn要找的文件如下:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\logsony.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Application Data\termsv.exe
==============================================================================
关闭所有正在使用的应用程序包括QQ等等
然后关闭系统还原(WIN2000可以忽略):按我的电脑右键的属性点系统还原,在所有驱动器上关闭系统还原 打勾。[等所有操作完成后再去打开]
用ATF清理工具点这里下载http://hzqedison.mm9mm.com/hanhua/ATF-Cleaner-cn.exe,在全选那打勾,然后点立即清理
然后按照我以下的方法做:
==============================================================================
PowerRMV 下载地址: 
http://ishare.sina.com.cn/cgi-bin/fileid.cgi?fileid=1020456
使用方法:
分别填入下面的文件(包括完整的路径) ,勾选“抑止杀灭对象再次生成”,点杀灭 【如果其实目标不存在,那就忽略继续】
使用PowerRMV删除如下文件:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\logsony.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Application Data\termsv.exe
==============================================================================
等XDelBox杀完后去安全模式进行如下操作(重启电脑 不断按F8 然后选安全模式)进不了安全模式,可以在SREng中 点系统修复 --> 点高级修复,再点修复安全模式
==============================================================================
用工具 SREng 删除如下各项
在SREng中 点 启动项目 --> 注册表  进入后 用鼠标左键在对应要修复的项上单击 然后点击"删除"
  删除如下项目:
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\logsony.exe> [N/A]
<upxdn><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe> [N/A]

==============================================================================
在SERng中 点 启动项目 --> 服务 --> Win32服务应用程序 进入后(勾选 隐藏已认证的微软项目),用鼠标左键在对应要修复的项上单击 然后点“删除服务”,再点“设置”按钮即可(注意到最后弹出的窗口中要点 “NO 否”才是确认删除服务。)
删除如下项目:
[AVP / AVP][Stopped/Manual Start]
<?尺????峌?????????????癡尶癁?硥?爭"><N/A>
==============================================================================
在SERng中 点 启动项目 --> 服务 --> 驱动程序 进入后 (勾选 隐藏已认证的微软项目),用鼠标左键在对应要修复的项上单击 然后点“设置” 按钮即可(注意到最后弹出的窗口中要点 “NO 否”才是确认删除驱动。)[注:有关可疑驱动如果你不知道的话建议删除,删除不了可以把类型设置为disabled ]
删除如下项目:
[qjjfqjp / qjjfqjp][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\qjjfqjp.sys><N/A>

==============================================================================
在SREng中 点系统修复 --> 点文件关联,点“修复”
在SREng中 点系统修复 --> 点Windows Shell/IE ,勾全选,点“修复”
==============================================================================
以上步骤做完就重启电脑,然后如果安装了QQ的话就重装QQ(先卸载了,再安装),再用WINDOWS 清理助手点这里下载http://www.arswp.com/download/arswp/arswp.rar和恶意软件清理助手点这里下载http://www.crsky.com/soft/6251.html杀恶意软件,再升级杀毒软件全盘杀毒

                                                       
                                                                        分  析:無毒侑禮
                                                                        时 间:2007-4-26
                                                                          QQ:397005089
                                                              E-mail:wuduyouli@yahoo.com.cn




1
查看完整版本: 哪位大哥帮我看看,附SREngLOG.
© 2000 - 2026 Rising Corp. Ltd.