!!!求救!告诉我怎么删除那可恶的喊有病毒的文档啊!!谢你们啊 bbs.ikaka.com

mikiyoko - 2007-6-4 17:36:00

[CODE]

2007-06-04,17:20:46

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>

==================================
服务
[68E6E6A3 / 68E6E6A3][Stopped/Auto Start]
<C:\WINDOWS\system32\68E6E6A3.EXE -service><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PPRich Server / PPRich][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k ppsvcs-->C:\Program Files\PPGou Soft\PPRich\PPRich.dll><www.pprich.com>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[服务名 / svcname][Stopped/Auto Start]
<C:\WINDOWS\system32\templ.exe><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[DM-PT128 MP3 player / mscusb][Stopped/Manual Start]
<System32\Drivers\mscusb.sys><Dynamic Naked Audio Inc.>
[nfor / nforv][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nforv.sys><N/A>
[nocashio / nocashio][Stopped/Manual Start]
<system32\drivers\nocashio.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\TM\TMDlls\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\Oreans.sys><N/A>
[Sony Ericsson 520 driver (WDM) / z520bus][Stopped/Manual Start]
<system32\DRIVERS\z520bus.sys><MCCI>
[Sony Ericsson 520 USB WMC Modem Filter / z520mdfl][Stopped/Manual Start]
<system32\DRIVERS\z520mdfl.sys><MCCI>
[Sony Ericsson 520 USB WMC Modem Drivers / z520mdm][Stopped/Manual Start]
<system32\DRIVERS\z520mdm.sys><MCCI>
[Sony Ericsson 520 USB WMC Device Management Drivers / z520mgmt][Stopped/Manual Start]
<system32\DRIVERS\z520mgmt.sys><MCCI>
[Sony Ericsson 520 USB WMC OBEX Interface Drivers / z520obex][Stopped/Manual Start]
<system32\DRIVERS\z520obex.sys><MCCI>
[VIMICRO USB PC Camera / ZSMC302][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

mikiyoko - 2007-6-4 17:37:00

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\WINDOWS\system32\dllcache\vgx.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Microsoft 外壳 UI 帮助程序]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[用比特精灵下载(&B)]
<C:\Program Files\BitSpirit\bsurl.htm, N/A>

mikiyoko - 2007-6-4 17:37:00

==================================
正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 4, 0, 1001]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1988][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2016][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 4, 0, 1001]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 4, 0, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 4, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 4, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 220][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3760][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 4, 0, 1001]
[C:\WINDOWS\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.5510.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 1948][D:\程序\网络安全\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\360safe\safemon\safemon.dll] [, 3, 4, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

一辈子的誓言 - 2007-6-4 17:45:00

[CODE]

2007-06-04,17:27:37

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Alert><C:\Program Files\Starsoftcomm\StarCenter\alert.exe> []
<StarCenter><C:\Program Files\Starsoftcomm\StarCenter\StarCenter.exe> [starsoftcomm]
<AutoUpd><C:\Program Files\Starsoftcomm\StarCenter\UpdTray.exe> []
<CmUCRRun><C:\WINDOWS\system32\CmUCReye.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<BigDogPath><C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)> [N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Thunder><"D:\应用软件\讯雷包\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<WebThunder><D:\讯雷\WebThunder.exe> [N/A]
<UnlockerAssistant><"E:\软件\Unlocker\UnlockerAssistant.exe"> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]

一辈子的誓言 - 2007-6-4 17:48:00

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> d:\MYDOCU~1\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\IPQQ\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WebPrint / WebPrint][Stopped/Auto Start]
<c:\windows\system32\webprint.exe><Microsoft Corporation>

一辈子的誓言 - 2007-6-4 17:50:00

==================================
驱动程序
[a320raid / a320raid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CMIUCR.SYS CM220 Card Reader Driver / CMISTOR][Running/Manual Start]
<system32\DRIVERS\cmiucr.SYS><C-Media Corporation>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]

一辈子的誓言 - 2007-6-4 17:51:00

<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[likajdoj / likajdoj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\likajdoj.sys><N/A>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nfrd960 / nfrd960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\IPQQ\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\E:\IPQQ\QQ\npkycryp.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[SCBACK / SCBACK][Stopped/Boot Start]
<\SystemRoot\System32\drivers\SCBACK.SYS><StarSoftComm>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sghbwacr / sghbwacr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sghbwacr.sys><Yahoo! China Corporation>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[ATI-437A Serial ATA Controller / SI3112r][Running/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc.>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[SSCFLTXP / SSCFLTXP][Running/Boot Start]
<\SystemRoot\System32\drivers\SSCFLTXP.SYS><Windows (R) 2000 DDK provider>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[szip / szipl][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\szipl.sys><N/A>
[TosIde / TosIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

一辈子的誓言 - 2007-6-4 17:52:00

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\讯雷\WebThunderBHO_015.dll, N/A>
[Thunder Browser Helper]
{11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Helper Class]
{6E28339B-7A2A-47B6-AEB2-197004272379} <C:\WINDOWS\vchelper.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C11970042753} <C:\WINDOWS\system32\svrhost.dll, Osborn Technologies, Inc.>
[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\讯雷\WebThunderBHO_015.dll, N/A>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Thunder Browser Helper]
{11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\应用软件\讯雷包\ComDlls\ThunderAgent_007.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Helper Class]
{6E28339B-7A2A-47B6-AEB2-197004272379} <C:\WINDOWS\vchelper.dll, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\讯雷\MediaAddin10.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C11970042753} <C:\WINDOWS\system32\svrhost.dll, Osborn Technologies, Inc.>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <E:\IPQQ\QQ\Timwp.dll, TENCENT>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&使用迅雷下载]
<D:\应用软件\讯雷包\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\应用软件\讯雷包\Program\getallurl.htm, N/A>
[使用Web迅雷下载]
<D:\讯雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\讯雷\GetAllUrl.htm, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<E:\IPQQ\QQ\AddEmotion.htm, N/A>

一辈子的誓言 - 2007-6-4 17:53:00

==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 880][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1196][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 124][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[E:\IPQQ\QQ\qdshm.dll] [, 1, 0, 101, 20]
[E:\IPQQ\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 224][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1212][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 48]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1240][C:\Program Files\Starsoftcomm\StarCenter\alert.exe] [, 1, 0, 0, 123]
[C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL] [Microsoft Corporation, 6.00.9586.0]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1248][C:\Program Files\Starsoftcomm\StarCenter\StarCenter.exe] [starsoftcomm, 1, 0, 0, 113]
[C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL] [Microsoft Corporation, 6.00.9586.0]
[C:\Program Files\Starsoftcomm\StarCenter\SmartBackup.dll] [SSC, 1, 0, 1, 142]
[C:\Program Files\Starsoftcomm\StarCenter\drvKernel.dll] [, 1, 0, 0, 116]
[C:\Program Files\Starsoftcomm\StarCenter\SC_SystemProtect.DLL] [N/A, ]

一辈子的誓言 - 2007-6-4 17:54:00

[C:\Program Files\Starsoftcomm\StarCenter\Asset.DLL] [, 1, 0, 0, 110]
[C:\Program Files\Starsoftcomm\StarCenter\DiskMonitor.DLL] [, 1, 0, 0, 108]
[C:\Program Files\Starsoftcomm\StarCenter\DrvMonitor.DLL] [, 1, 0, 0, 111]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[C:\Program Files\Starsoftcomm\StarCenter\SSCRegAc.dll] [, 1, 0, 0, 109]
[C:\Program Files\Starsoftcomm\StarCenter\SoftFunc.dll] [, 1, 0, 0, 108]
[C:\Program Files\Starsoftcomm\StarCenter\Encrypt.dll] [N/A, ]
[C:\Program Files\Starsoftcomm\StarCenter\sscac.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1256][C:\Program Files\Starsoftcomm\StarCenter\UpdTray.exe] [, 1, 0, 0, 2]
[C:\Program Files\Starsoftcomm\StarCenter\MFC42.DLL] [Microsoft Corporation, 6.00.9586.0]
[PID: 1224][C:\WINDOWS\system32\CmUCReye.exe] [, 1, 0, 0, 36]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1296][C:\WINDOWS\VM_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1364][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1456][C:\Program Files\Rising\KakaToolBar\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\KakaToolBar\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1592][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1936][D:\应用软件\讯雷包\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
[D:\应用软件\讯雷包\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[D:\应用软件\讯雷包\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[D:\应用软件\讯雷包\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[D:\应用软件\讯雷包\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
[D:\应用软件\讯雷包\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\应用软件\讯雷包\Components\DiagnoseHelper\DiagnoseHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[D:\应用软件\讯雷包\Components\PortVerify\PortVerify.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\应用软件\讯雷包\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\应用软件\讯雷包\Components\DTAG\DTAG.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 2]

一辈子的誓言 - 2007-6-4 17:55:00

[D:\应用软件\讯雷包\Components\DTAG\ExtractMediaTag.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\应用软件\讯雷包\Program\LiveUpdate.dll] [, 1, 0, 1, 17]
[D:\应用软件\讯雷包\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 15]
[D:\应用软件\讯雷包\Components\InMedia\iEmbed08.dll] [　, 3, 2, 0, 63]
[D:\应用软件\讯雷包\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
[D:\应用软件\讯雷包\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
[D:\应用软件\讯雷包\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[D:\应用软件\讯雷包\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[D:\应用软件\讯雷包\Components\VPSHELL\VPSHELL.dll] [, 1, 1, 0, 4]
[D:\应用软件\讯雷包\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 1, 0, 4]
[D:\应用软件\讯雷包\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\应用软件\讯雷包\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
[D:\应用软件\讯雷包\Plugins\ThunderKAV\ThunderKAV.dll] [深圳市迅雷网络技术有限公司, 1.0.1.17]
[D:\应用软件\讯雷包\Program\XLNet.Dll] [Xunlei, 1, 1, 0, 6]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[PID: 3620][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1900][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[D:\应用软件\讯雷包\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Common Files\CPUSH\cpush.dll] [, 1.0.2.9]
[C:\WINDOWS\vchelper.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\svrhost.dll] [Osborn Technologies, Inc., 1.0.0.2]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[D:\应用软件\讯雷包\ComDlls\ThunderAgent_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 14]
[PID: 1336][E:\IPQQ\QQ\QQ.exe] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQHelperDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[E:\IPQQ\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[E:\IPQQ\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\IPQQ\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\IPQQ\QQ\QQAPI.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\IPQQ\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\IPQQ\QQ\LoginCtrl.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[E:\IPQQ\QQ\QQRes.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\MailSummary.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQMainFrame.dll] [N/A, ]
[E:\IPQQ\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\IPQQ\QQ\CQQApplication.dll] [N/A, ]
[E:\IPQQ\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\IPQQ\QQ\NewSkin.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\HostingMgr.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\CameraDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQAllInOne.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[E:\IPQQ\QQ\QQSpace.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\IPQQ\QQ\QQGroupMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\LongConnection.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQPlugin.dll] [N/A, ]
[E:\IPQQ\QQ\UserDefinedHead.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQCustomFace.dll] [N/A, ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[E:\IPQQ\QQ\ImageOle.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQLiveQMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QRingMng.dll] [N/A, ]
[E:\IPQQ\QQ\QQSceneMng.dll] [N/A, ]
[E:\IPQQ\QQ\QQPet.dll] [TENCENT, 7,0,225,1651]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\IPQQ\QQ\QQAvatar.dll] [N/A, ]
[E:\IPQQ\QQ\QQSysMsgMng.dll] [N/A, ]
[E:\IPQQ\QQ\GroupConnection.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\PhoneAPI.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\IPQQ\QQ\QQFileTransfer.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\BQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[E:\IPQQ\QQ\CommercesMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\IPQQ\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 300]
[E:\IPQQ\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 92]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\IPQQ\QQ\QQMagicFace.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQZip.dll] [TENCENT, 7,0,225,1651]
[PID: 2016][E:\IPQQ\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\IPQQ\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3860][E:\软件\shadu\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

一辈子的誓言 - 2007-6-4 17:58:00

[C:\WINDOWS\vchelper.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\svrhost.dll] [Osborn Technologies, Inc., 1.0.0.2]
[C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[D:\应用软件\讯雷包\ComDlls\ThunderAgent_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 14]
[PID: 1336][E:\IPQQ\QQ\QQ.exe] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQHelperDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[E:\IPQQ\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[E:\IPQQ\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\IPQQ\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\IPQQ\QQ\QQAPI.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\IPQQ\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\IPQQ\QQ\LoginCtrl.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,225,1651]
[C:\Program Files\Starsoftcomm\StarCenter\HookMgr.dll] [, 1, 0, 0, 109]
[E:\IPQQ\QQ\QQRes.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\MailSummary.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQMainFrame.dll] [N/A, ]
[E:\IPQQ\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\IPQQ\QQ\CQQApplication.dll] [N/A, ]
[E:\IPQQ\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\IPQQ\QQ\NewSkin.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\HostingMgr.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\CameraDll.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQAllInOne.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[E:\IPQQ\QQ\QQSpace.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\IPQQ\QQ\QQGroupMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\LongConnection.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQPlugin.dll] [N/A, ]
[E:\IPQQ\QQ\UserDefinedHead.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQCustomFace.dll] [N/A, ]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[E:\IPQQ\QQ\ImageOle.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQLiveQMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QRingMng.dll] [N/A, ]
[E:\IPQQ\QQ\QQSceneMng.dll] [N/A, ]
[E:\IPQQ\QQ\QQPet.dll] [TENCENT, 7,0,225,1651]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\IPQQ\QQ\QQAvatar.dll] [N/A, ]
[E:\IPQQ\QQ\QQSysMsgMng.dll] [N/A, ]
[E:\IPQQ\QQ\GroupConnection.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\PhoneAPI.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\IPQQ\QQ\QQFileTransfer.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\BQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[E:\IPQQ\QQ\CommercesMng.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\IPQQ\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 300]
[E:\IPQQ\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 92]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\IPQQ\QQ\QQMagicFace.dll] [TENCENT, 7,0,225,1651]
[E:\IPQQ\QQ\QQZip.dll] [TENCENT, 7,0,225,1651]
[PID: 2016][E:\IPQQ\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\IPQQ\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3860][E:\软件\shadu\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

一辈子的誓言 - 2007-6-4 17:59:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.vip173.com
127.0.0.1 vip173.com
127.0.0.1 web772.jsy666.com
127.0.0.1 web775.jsy666.com
127.0.0.1 web778.jsy666.com
127.0.0.1 77ip.com
127.0.0.1 ww2.58cqsf.com
127.0.0.1 bywg.92095.com
127.0.0.1 b1.hxwg.cn
127.0.0.1 go.bczwg.com
127.0.0.1 go1.bczwg.com
127.0.0.1 1.uc999.info
127.0.0.1 www.4000sf.com
127.0.0.1 www.sf520.com
127.0.0.1 www.33520.com
127.0.0.1 www.sf920.com
127.0.0.1 www.sf123.com
127.0.0.1 www.haouc.com
127.0.0.1 www.bywg.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

一辈子的誓言 - 2007-6-4 18:05:00

病毒就在C:\WINDOWS\system32\drivers的szipl.sys
和C:\WINDOWS\system32\ovcye.dll
我都弄了一天了，都没弄成啊!
麻烦你给我讲下怎么删啊！

一辈子的誓言 - 2007-6-4 18:15:00

newcenturymoon - 2007-6-4 19:06:00

Xdelbox删除

天月来了 - 2007-6-4 19:29:00

回一辈子的：

用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”，
（因为实在不知道你捣鼓了哪些软件或硬件，在修改下面的这些后，有不能运行的东西，就去再改回来，好无奈。）

服务
[WebPrint / WebPrint][Stopped/Auto Start]
<c:\windows\system32\webprint.exe><Microsoft Corporation>

驱动程序
[likajdoj / likajdoj][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\likajdoj.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\E:\IPQQ\QQ\npkycryp.sys><N/A>
[szip / szipl][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\szipl.sys><N/A>
————————————————————————————————————————————————
这里的一些东西，你自己看看有没认识的，没有就考虑用扫日志的SRENG工具删除吧。
浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C11970042753} <C:\WINDOWS\system32\svrhost.dll, Osborn Technologies, Inc.>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Helper Class]
{6E28339B-7A2A-47B6-AEB2-197004272379} <C:\WINDOWS\vchelper.dll, >
[CPub Object]
{C68AE9C0-0909-4DDC-B661-C11970042753} <C:\WINDOWS\system32\svrhost.dll, Osborn Technologies, Inc.>
————————————————————————————————————————————
用扫日志的SRENG工具修复
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
——————————————————————————————————————————
用扫日志的SRENG工具删除
HOSTS 文件
127.0.0.1 www.vip173.com
127.0.0.1 vip173.com
127.0.0.1 web772.jsy666.com
127.0.0.1 web775.jsy666.com
127.0.0.1 web778.jsy666.com
127.0.0.1 77ip.com
127.0.0.1 ww2.58cqsf.com
127.0.0.1 bywg.92095.com
127.0.0.1 b1.hxwg.cn
127.0.0.1 go.bczwg.com
127.0.0.1 go1.bczwg.com
127.0.0.1 1.uc999.info
127.0.0.1 www.4000sf.com
127.0.0.1 www.sf520.com
127.0.0.1 www.33520.com
127.0.0.1 www.sf920.com
127.0.0.1 www.sf123.com
127.0.0.1 www.haouc.com
127.0.0.1 www.bywg.com
——————————————————————————————————————
重启电脑，没异常，就安装并升级杀软至最新版本，全盘杀毒。

瑞星卡卡安全论坛