sumer09 - 2007-5-3 20:59:00
2007-05-03,05:25:09
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<zzr6lwdb4><C:\DOCUME~1\wang\LOCALS~1\Temp\crasos.exe> []
<zc9v76kxfst><C:\DOCUME~1\wang\LOCALS~1\Temp\iexpl0re.exe> []
<9gt3tbwri><C:\DOCUME~1\wang\LOCALS~1\Temp\winlog0n.exe> []
<c0et><C:\DOCUME~1\wang\LOCALS~1\Temp\Servere.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<FlashGet><"C:\Program Files\FlashGet\FlashGet.exe" /min> [(Verified)Trend Media Corporation Limited]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<fscp><C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe> []
<QkOnBtn><C:\Program Files\QBU\QkOnBtn.EXE> [Dritek System Inc.]
<EnergyUtility><C:\Program Files\Lenovo\EnergyCut\utilty.exe> [TODO: <Company name>]
<EnergyCut><C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe> []
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<shualai><C:\WINDOWS\shualai.exe /i> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<nwizqqhx><C:\WINDOWS\system32\nwizqqhx.exe> []
<winform><C:\WINDOWS\winform.exe> []
<nwizmhxy><C:\WINDOWS\system32\nwizmhxy.exe> []
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<nwizwows><C:\WINDOWS\system32\nwizwows.exe> []
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> []
<{2133B3FD-315E-4523-BD1A-22F723DFBCA3}><C:\WINDOWS\system32\jpqpri.dll> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
sumer09 - 2007-5-3 21:00:00
启动文件夹
N/A
==================================
服务
[FspadSvc / FspadSvc][Running/Auto Start]
<C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>
[Windows SystemDown / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS\system32\servet.exe><N/A>
[WinWMService / WinWMService][Stopped/Auto Start]
<C:\WINDOWS\system32\RAVWM.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\WINDOWS\TEMP\RAVWM.EXE><N/A>
==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
<system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<System32\Drivers\DKbFltr.sys><Dritek System Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[AVC Finger-sensing Pad Driver for Windows 2000/XP / fspad][Running/Manual Start]
<system32\DRIVERS\fspad.sys><Asia Vital Components Co.,Ltd.>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npdajxpq / npdajxpq][Running/Boot Start]
<\SystemRoot\system32\drivers\npdajxpq.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[XONEUSB.Sys MP3 Player & Digital Voice Recorder device driver / XONEUSB][Stopped/Manual Start]
<System32\Drivers\XONEUSB.sys><Yountel Corporation>
sumer09 - 2007-5-3 21:01:00
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[番茄工具条3.1.5]
{6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\PROGRA~1\Powerise\REAL2A~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
sumer09 - 2007-5-3 21:01:00
正在运行的进程
[PID: 396][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][D:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1092][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 1216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\nospri.dll] [N/A, ]
[C:\WINDOWS\system32\jpqpri.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Lenovo\EnergyCut\HookLib.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqqhx.dll] [N/A, ]
[C:\WINDOWS\system32\mhxy100.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwows.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1448][C:\WINDOWS\system32\SVCHOST.EXE ] [b, 1.00]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1496][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxdo.dll] [Intel Corporation, 3.0.0.4291]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 1504][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4291]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1272][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 43]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1600][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.49 2.1.49 12/20/2004 15:10:02]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1656][C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1732][C:\Program Files\QBU\QkOnBtn.EXE] [Dritek System Inc., 1, 0, 0, 921]
[C:\Program Files\QBU\ComFnUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\QBU\Wnd2File.dll] [Dritek System Inc., 3.00]
[C:\Program Files\QBU\SzUPFUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\QBU\OSDUtl.dll] [Dritek System Inc., 1, 0, 0, 312]
[C:\Program Files\QBU\RgnMaker.dll] [Dritek System Inc., 12.07.1999 ( VC60 )]
[C:\Program Files\QBU\CDRomUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\QBU\MixerUtl.dll] [Dritek System Inc., 1.00]
[C:\Program Files\QBU\LgKCUtl.dll] [Dritek System Inc., 2, 0, 1, 1]
[C:\Program Files\QBU\MMDUtl.dll] [Dritek System Inc., 1, 2, 3, 2719]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1744][C:\Program Files\Lenovo\EnergyCut\utilty.exe] [TODO: <Company name>, 1.0.0.1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1716][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe] [N/A, ]
[C:\Program Files\Lenovo\EnergyCut\HookLib.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 172][C:\WINDOWS\shualai.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\shualai.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 484][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 516][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 524][C:\WINDOWS\system32\inetsrv.exe] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 356][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 1304][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 2544][C:\Documents and Settings\wang\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
桃子CiCi - 2007-5-3 21:58:00
Icesword v1.20
最新版本下载地址:
中文:http://202.38.64.10/~jfpan/download/IceSword120_cn.zip MD5
:cfb8514add1fbfb510b0084e837e561c
==========================================================================
清空临时文件夹:具体路径: C:\documents and settings\feifei\LOCALS~1\Temp
进到安全模式下[安全模式进入方法:重启电脑时按住F8 选择进入安全模式],
==========================================================================
下载冰刃后运行,结束进程:
文件-设置-勾选“禁止进程创建”卸载如下进程中的相关模块信息
[PID: 1092][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)](进程)
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)](进程中所对应的模块信息)
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)](进程中所对应的模块信息)
[PID: 1216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\nospri.dll] [N/A, ]
[C:\WINDOWS\system32\jpqpri.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqqhx.dll] [N/A, ]
[C:\WINDOWS\system32\mhxy100.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwows.dll] [N/A, ]
[PID: 1448][C:\WINDOWS\system32\SVCHOST.EXE ] [b, 1.00]
[PID: 1496][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4291]
[PID: 1504][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4291]
[PID: 1272][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 43]
[PID: 1600][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.49 2.1.49 12/20/2004 15:10:02]
[PID: 1732][C:\Program Files\QBU\QkOnBtn.EXE] [Dritek System Inc., 1, 0, 0, 921]
[PID: 172][C:\WINDOWS\shualai.exe] [N/A, ]
[PID: 524][C:\WINDOWS\system32\inetsrv.exe] [N/A, ]
[PID: 356][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[PID: 2544][C:\Documents and Settings\wang\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
==========================================================================
用冰刃修改注册表:
启动项目需删除的:
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
删除如下子项:
<zzr6lwdb4><C:\DOCUME~1\wang\LOCALS~1\Temp\crasos.exe> []
<zc9v76kxfst><C:\DOCUME~1\wang\LOCALS~1\Temp\iexpl0re.exe> []
<9gt3tbwri><C:\DOCUME~1\wang\LOCALS~1\Temp\winlog0n.exe> []
<c0et><C:\DOCUME~1\wang\LOCALS~1\Temp\Servere.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]下面的:
<shualai><C:\WINDOWS\shualai.exe /i> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<nwizqqhx><C:\WINDOWS\system32\nwizqqhx.exe> []
<winform><C:\WINDOWS\winform.exe> []
<nwizmhxy><C:\WINDOWS\system32\nwizmhxy.exe> []
<nwizwows><C:\WINDOWS\system32\nwizwows.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下面的:
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> []
<{2133B3FD-315E-4523-BD1A-22F723DFBCA3}><C:\WINDOWS\system32\jpqpri.dll> []
==========================================================================
运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务"
然后将下面名称的服务删除(选中有问题的服务后,点“删除服务”,点“设置”按
钮即可。 注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用
:启动类型改为disabled,点中修改启动类型,点设置):
[npdajxpq / npdajxpq][Running/Boot Start]
<\SystemRoot\system32\drivers\npdajxpq.sys><N/A>
==========================================================================
运行SREng-在"启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下
面名称的服务删除(选中有问题的服务后,点“删除服务”,点“设置”按钮即可。
注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用:启动类型
改为disabled,点中修改启动类型,点设置):
[eibdbabf / eibdbabf][Stopped/Boot Start]
<\SystemRoot\system32\drivers\eibdbabf.sys><N/A>
[yoxu / yoxuv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\yoxuv.sys><N/A>
==========================================================================
用冰刃删除文件:
依次删除上述所有涉及到的文件!
如:
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[C:\WINDOWS\system32\nospri.dll] [N/A, ]
[C:\WINDOWS\system32\jpqpri.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\winform.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\wang\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqqhx.dll] [N/A, ]
[C:\WINDOWS\system32\mhxy100.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwows.dll] [N/A, ]
C:\WINDOWS\shualai.exe等等!
删除完毕,还原”进程创建“
=========================================================================
在删除所对应的文件之后清理注册表;运行-regedit-我的电脑-编辑-查找-依次输入
上述所有涉及到的病毒文件名:例如:BDPlugin.dll、cmdbcs.dll、shualai.exe
等等!
按F3继续,直到搜索完毕,凡查找到的一律删除!
重启计算机。
© 2000 - 2026 Rising Corp. Ltd.