不知道是不是新病毒，很难缠，高手帮帮忙，有日志 bbs.ikaka.com

小小企鹅 - 2007-6-16 20:35:00

[CODE]

2007-06-16,20:15:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<ApabiAgent><; "C:\Program Files\Founder\Apabi Reader 1.8\ApabiAgent.exe"> []
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<sm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\Rav.exe> [N/A]
<6shrc9i0w><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp1ore.exe> [N/A]
<7zj4ei><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\crasos.exe> [N/A]
<f2xfhc><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp10re.exe> [N/A]
<li4gm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\c0nime.exe> [N/A]
<6qwbjm4e8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<z49><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\1explore.exe> [N/A]
<822><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\exp10rer.exe> [N/A]
<qs2c657w1ut58><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexplorer.exe> [N/A]
<jx><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\explorei.exe> [N/A]
<hcjid8bxskf8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\winlog0n.exe> [N/A]
<MS Reporter(dont disable)><; C:\WINDOWS\W1NL0GON.EXE> []
<Service Pack 1><; C:\WINDOWS\System32\vexg6ame4.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<NeroCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<InCD><; C:\Program Files\Ahead\InCD\InCD.exe> [N/A]
<wlsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\wlso.exe> [N/A]
<mhsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\mhso.exe> [N/A]
<qjsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\qjso.exe> [N/A]
<load><; C:\WINDOWS\uninstall\rundl132.exe> []
<upxdnd><; C:\WINDOWS\upxdnd.exe> []
<Microsoft Autorun5><; C:\WINDOWS\System32\mosou.exe> []
<dasa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\daso.exe> [N/A]
<Microsoft Autorun12><; C:\WINDOWS\System32\nwizzhuxians.exe> []
<Microsoft IME><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\Win15.exe> [N/A]
<Microsoft Autorun4><; C:\WINDOWS\System32\mydata.exe> []
<wosa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\woso.exe> [N/A]
<rxsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\rxso.exe> [N/A]
<tlsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\tlso.exe> [N/A]
<wgsa><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\wgso.exe> [N/A]
<System><; C:\Program Files\Common Files\system\Updaterun.exe> []
<thjcghi><; C:\Program Files\InstallShield Installation Information\thjcghi.exe> []
<TinTSentp><; C:\WINDOWS\system32\autoc0nv.exe> []
<runner1><; C:\WINDOWS\retadpu321.exe 61A847B5BBF72811309A284503996897C881250221C8670836AC4FA7C8833201749139> [N/A]
<><; C:\Program Files\Common Files\Services\svchost.exe> []
<Mrxiaokan4><; C:\Program Files\Internet Explorer\SPLOUE.exe> [N/A]
<spoolsvv><; C:\WINDOWS\System32\spoolsvv.exe> []
<wdynyi12><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\wdynyi12.dll",Start> []
<nrbnve71><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\nrbnve71.dll",Start> []
<hncsbe79><%systemroot%\system32\Rundll32.exe %systemroot%\system32\hncsbe79.dll,DllCanUnloadNow> [Microsoft Corporation]
<Microsoft Autorun9><C:\WINDOWS\System32\Ravasktao.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<qqkwha><%systemroot%\system32\Rundll32.exe %systemroot%\system32\qqkwha.dll,DllUnregisterServer> []
<bthaq><%systemroot%\system32\Rundll32.exe %systemroot%\system32\bthaq.dll,DllUnregisterServer> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<visin><; C:\WINDOWS\System32\visin.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\UserInit.exe,C:\WINDOWS\System32\wintemp.exe> [N/A]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows XP Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewTemp.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\windows\System32\scandisk.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows XP Publisher]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\botreg]
<WinlogonNotify: botreg><C:\Documents and Settings\All Users\Documents\Settings\bot.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows XP Publisher]

==================================

小小企鹅 - 2007-6-16 20:36:00

==================================
启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Acrobat Assistant]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> D:\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
[ykhijk]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ykhijk.lnk --> C:\Program Files\Microsoft.NET\ykhijkk.exe [N/A]><N>

==================================
服务
[4E98AB0C / 4E98AB0C][Stopped/Auto Start]
<C:\windows\System32\744EB526.EXE -p><Microsoft Corporation>
[6DCA4309 / 6DCA4309][Stopped/Auto Start]
<C:\windows\System32\A8CCB330.EXE -6DCA4309><Microsoft Corporation>
[840F1C4B / 840F1C4B][Stopped/Auto Start]
<C:\windows\System32\1E954C5F.EXE -k><Microsoft Corporation>
[Messenger Accelerator / Accelerator Tools][Stopped/Auto Start]
<C:\WINDOWS\System32\mdn.exe><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Stopped/Auto Start]
<C:\WINDOWS\System32\upnpsvc.exe><Microsoft Corporatio>
[at2.810810.org / at2.810810.org][Stopped/Auto Start]
<C:\WINDOWS\System32\at2.810810.org.exe><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[B76DD14A / B76DD14A][Stopped/Auto Start]
<C:\windows\System32\39E6A229.EXE -g><Microsoft Corporation>
[EJOTZFLPVAGLRWC / BGLQWCHMSXDINT][Stopped/Auto Start]
<C:\windows\system32\svchost.exe -k YDJPUAFLQVBGM-->C:\WINDOWS\ANYjtB1001.DLL><N/A>
[Windows Install Helper / BKMARKS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\NJFQZ.DLL,DllRegisterServer 1087><Microsoft Corporation>
[C#_NET_HowTo_TimeTrackerService / C#_NET_HowTo_TimeTrackerService][Stopped/Disabled]
<c:\program files\clarity consulting\c#.net how-to windows service - time track\how-to windows service demo.exe><>
[Client IP-IPX / Client IP-IPX][Stopped/Disabled]
<"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>
[EA0A5D0B / EA0A5D0B][Stopped/Auto Start]
<C:\windows\System32\2386EE1D.EXE -d><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><>
[Remote Route Service / Hardware][Stopped/Auto Start]
<C:\windows\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\njldc.dll><Microsoft Corporation>
[System Local Kernel Service / kernel][Stopped/Auto Start]
<"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\8HoNjqgHmr.exe"><N/A>
[kernl32 / kernl32][Stopped/Auto Start]
<C:\WINDOWS\System32\kernl32.exe><N/A>
[Fax 2Client / ms_2fax][Stopped/Auto Start]
<C:\WINDOWS\System32\86aa1.exe><N/A>
[Navoct / Navoct][Stopped/Disabled]
<C:\windows\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll><N/A>
[Net Login Helper / netlog][Stopped/Auto Start]
<C:\windows\system32\SCardSer.exe ><N/A>
[Windows pgsd RunThem / pgsd][Stopped/Auto Start]
<C:\windows\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\kbny\ulxi.dll>< >
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
<C:\WINDOWS\System32\RpcS.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[svchost / svchost][Stopped/Auto Start]
<C:\WINDOWS\svchost.exe><N/A>
[Unigraphics Plot Server (ugiipqd) / ugiipqd][Stopped/Auto Start]
<C:\WINDOWS\System32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)][Stopped/Auto Start]
<D:\UGS\UGNXFLEXlm\lmgrd.exe><>
[Telephonyl / WindowsDown][Stopped/Auto Start]
<C:\WINDOWS\System32\servet.exe><N/A>
[wljs0001.3322.org / wljs0001.3322.org][Stopped/Auto Start]
<C:\WINDOWS\System32\wljs0001.3322.org.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\windows\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>

==================================

小小企鹅 - 2007-6-16 20:36:00

驱动程序
[a347bus / a347bus][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
<\SystemRoot\System32\Drivers\a347scsi.sys><>
[acpidisk / acpidisk][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Apaidi / Apaidi][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Apaidi.sys><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[BaseTDI / BaseTDI][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[InCD Storage Helper Driver / BsStor][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\bsstor.sys><B.H.A Co.,Ltd.>
[CdaC15BA / CdaC15BA][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Creative SB Live! (WDM) / emu10k][Stopped/Disabled]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[hncsbe7 / hncsbe79][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hncsbe79.sys><N/A>
[HookCont / HookCont][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[lqfxxy2 / lqfxxy29][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<System32\DRIVERS\npf.sys><NetGroup - Politecnico di Torino>
[nrbnve7 / nrbnve71][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nrbnve71.sys><Microsoft Corporation>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ornu / ornux][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ornux.sys><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qqkwh / qqkwha][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qqkwha.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[rysqhe / rysqhe][Stopped/Disabled]
<\SystemRoot\system32\drivers\rysqhe.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Stopped/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Stopped/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[wdynyi1 / wdynyi12][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\wdynyi12.sys><Microsoft Corporation>
[yaskp / yaskp][Stopped/Disabled]
<???\C:\WINDOWS\SYSTEM32\DRIVERS\YASKP.SYS><N/A>
[ygqijx4 / ygqijx43][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[zufupbxd / zufupbxd][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\zufupbxd.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[MyLoader Class]
{09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\UNiD4qsxBg_2002.dll, >
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, N/A>
[腾讯QQ]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[IEInit Class]
{5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\System32\drivers\usrinit.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[]
{C74CDF30-68C2-49B4-9918-EBD66B8D9FBF} <C:\WINDOWS\system32\zrdxorfmncquq.dll, >
[FavHook Class]
{CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com, Inc.>
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\System32\c861.dll, TODO: <公司名>>
[信息检索]
{FC37E818-6FBF-42F7-8CDE-72B890F493D9} <C:\WINDOWS\system32\svchost.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[CaiFuCOM Class]
{C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[酷搜-搜索高级工具]
{E6357A1D-8264-4B68-B3D2-1D4D0A5B1E61} <C:\PROGRA~1\KuSou\KuSou.DLL, N/A>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[使用Web迅雷下载]
<d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<d:\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

newcenturymoon - 2007-6-16 20:41:00

病毒太多了加我QQ 帮你远程弄 q号通过悄悄话发给你

小小企鹅 - 2007-6-16 20:42:00

==================================
正在运行的进程
[PID: 200][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[PID: 264][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[C:\windows\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.1134 (xpsp2.020921-0842)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1255 (xpsp2.030804-1745)]
[C:\windows\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1254 (xpsp2.030801-1834)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\sxs.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 288][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1254 (xpsp2.030801-1834)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1255 (xpsp2.030804-1745)]
[C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1233 (xpsp2.030604-1804)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1276]
[C:\windows\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp1.020828-1920)]
[C:\windows\System32\ODBC32.dll] [Microsoft Corporation, 3.520.9041.40]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[C:\windows\System32\SHSVCS.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1263 (xpsp2.030819-2129)]
[C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Documents and Settings\All Users\Documents\Settings\bot.dll] [N/A, ]
[C:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]

小小企鹅 - 2007-6-16 20:51:00

PID: 3156][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1254 (xpsp2.030801-1834)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1255 (xpsp2.030804-1745)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1276]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1233 (xpsp2.030604-1804)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1263 (xpsp2.030819-2129)]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\System32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1276]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp1.020828-1920)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\AcSignIcon.dll] [Autodesk, 16.1.63.0]
[C:\WINDOWS\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\OLEACC.dll] [Microsoft Corporation, 4.2.5406.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\windows\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\KB9279O2.log] [N/A, ]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\wsock32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\themeui.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msutb.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\windows\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.1.63.0]
[C:\windows\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\msi.dll] [Microsoft Corporation, 2.0.2600.1106]
[C:\windows\System32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1282]
[C:\windows\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\mlang.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\windows\System32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ODBC32.dll] [Microsoft Corporation, 3.520.9041.40]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[D:\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\windows\System32\shdoclc.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\windows\System32\zipfldr.dll] [Microsoft Corporation, 6.00.2800.1126 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewTemp.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\windows\System32\scandisk.dll] [N/A, ]
[C:\windows\System32\checkfile.dll] [N/A, ]
[C:\windows\System32\csv.dll] [N/A, ]
[C:\windows\System32\weftl.dll] [N/A, ]
[C:\windows\System32\wtfsm.dll] [N/A, ]
[C:\windows\System32\htysx.dll] [N/A, ]
[C:\windows\System32\wuhdd.dll] [N/A, ]
[C:\windows\System32\zwgfx.dll] [N/A, ]
[C:\windows\System32\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\rasman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\rtutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[d:\WinRAR\rarext.dll] [N/A, ]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]

小小企鹅 - 2007-6-16 20:53:00

[PID: 9952][C:\windows\System32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1254 (xpsp2.030801-1834)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1255 (xpsp2.030804-1745)]
[C:\windows\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1276]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1233 (xpsp2.030604-1804)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\VDMDBG.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\windows\system32\oleaut32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\system32\OLE32.DLL] [Microsoft Corporation, 5.1.2600.1263 (xpsp2.030819-2129)]
[C:\windows\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\zwgfx.dll] [N/A, ]
[C:\windows\System32\WSOCK32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\wuhdd.dll] [N/A, ]
[C:\windows\System32\htysx.dll] [N/A, ]
[C:\windows\System32\wtfsm.dll] [N/A, ]
[C:\windows\System32\weftl.dll] [N/A, ]
[C:\windows\System32\checkfile.dll] [N/A, ]
[C:\windows\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 11888][J:\常用软件原文件\新的\扫描日志\g.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\windows\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1217 (xpsp2.030429-2131)]
[C:\windows\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1255 (xpsp2.030804-1745)]
[C:\windows\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1254 (xpsp2.030801-1834)]
[C:\windows\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1276]
[C:\windows\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\windows\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1233 (xpsp2.030604-1804)]
[C:\windows\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.010817-1148)]
[C:\windows\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1263 (xpsp2.030819-2129)]
[C:\windows\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\windows\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\windows\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1240 (xpsp2.030618-0119)]
[C:\windows\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1211]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\windows\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\zwgfx.dll] [N/A, ]
[C:\windows\System32\WSOCK32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\wuhdd.dll] [N/A, ]
[C:\windows\System32\htysx.dll] [N/A, ]
[C:\windows\System32\wtfsm.dll] [N/A, ]
[C:\windows\System32\weftl.dll] [N/A, ]
[C:\windows\System32\checkfile.dll] [N/A, ]
[C:\windows\System32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Sensapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\windows\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\windows\System32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

==================================

小小企鹅 - 2007-6-16 20:54:00

STS 文件
202.109.114.142 survey88.allyes.com
202.109.114.142 adtaobao.allyes.com
202.109.114.142 code.qihoo.com
202.109.114.142 union.mop.com
202.109.114.142 js.kkunion.com
202.109.114.142 v.kkunion.com
202.109.114.142 v.21cn.com
202.109.114.142 iplusms.allyes.com
202.109.114.142 mms.t2t2.com
202.109.114.142 ivr.dobig.net
202.109.114.142 www.u8u.com
202.109.114.142 u.u8u.com
202.109.114.142 img.zhangxiu.com
202.109.114.142 tl.linktone.com
202.109.114.142 channel.e78.com
202.109.114.142 u.7town.com
202.109.114.142 union.95ol.com.cn
202.109.114.142 mms1.95ol.com.cn
202.109.114.142 mfs.95ol.com.cn
202.109.114.142 tl.a8.com
202.109.114.142 ad01.a8.com
202.109.114.142 u2.caiku.com
202.109.114.142 mms.caiku.com
202.109.114.142 code1.caiku.com
202.109.114.142 pub.lele.com
202.109.114.142 u.lele.com
202.109.114.142 7town.com
202.109.114.142 tvsend.7town.com
202.109.114.142 ivrsend.7town.com
202.109.114.142 tlt.7town.com
202.109.114.142 gsend.7town.com
202.109.114.142 smssend.7town.com
202.109.114.142 mmssend.moyu.com
202.109.114.142 91ivr.com
202.109.114.142 myad.91ivr.com
202.109.114.142 u.91ivr.com
202.109.114.142 union.91ivr.com
202.109.114.142 cm.p4p.cn.yahoo.com
202.109.114.142 un.265.com
202.109.114.142 union.qq.com
202.109.114.142 view.aliunion.cn.yahoo.com
202.109.114.142 union.narrowad.com
202.109.114.142 ln.heima8.com
202.109.114.142 www.fboat.cn
202.109.114.142 cpro.baidu.com
202.109.114.142 unstat.baidu.com
202.109.114.142 y.cnxad.com
202.109.114.142 www.ewowo.com
202.109.114.142 template.union.163.com
202.109.114.142 new.is686.com
202.109.114.142 creative.unionsys.bolaa.com
202.109.114.142 www.qyule.com
202.109.114.142 99e.cc
202.109.114.142 www.91ivr.com
202.109.114.142 mg.ukaka.com
202.109.114.142 kooxoo2.ad4all.net
202.109.114.142 www.8fff.com
202.109.114.142 union.pomoho.com
202.109.114.142 202.107.233.211
202.109.114.142 www.end123.com
202.109.114.142 w1.7clink.com
202.109.114.142 w2.7clink.com
202.109.114.142 union01.com
202.109.114.142 click.8le8le.com
202.109.114.142 stbanner.allyes.com
202.109.114.142 mms1.moyu.com
202.109.114.142 u.moyu.com
202.109.114.142 mmsu.moyu.com
202.109.114.142 show.moyu.com
202.109.114.142 ivrsend.moyu.com
202.109.114.142 ivru.moyu.com
202.109.114.142 ivr1.moyu.com
203.191.146.205 corep.dmcast.com
203.191.146.205 m081.dmcast.com
203.191.146.205 dcww.dmcast.com
203.191.146.205 renren.dmcast.com
203.191.146.205 files.henbang.net
203.191.146.205 bannerbox.cn
203.191.146.205 www.bannerbox.cn
203.191.146.205 action.coopen.cn
203.191.146.205 u4.sky99.cn
203.191.146.205 u1.sky99.cn
203.191.146.205 u2.sky99.cn
203.191.146.205 u3.sky99.cn
203.191.146.205 sky99.cn
203.191.146.205 u.sky99.cn
203.191.146.205 u.ete.cn
203.191.146.205 ip.alexaanywhere.com
203.191.146.205 www.365tan.com
203.191.146.205 www.winopen.cn
203.191.146.205 www.tanip.com
203.191.146.205 alexaanywhere.com
203.191.146.205 jssb.alexaanywhere.com
203.191.146.205 ns250.alexaanywhere.com
203.191.146.205 sb.alexaanywhere.com
203.191.146.205 ip.alexaanywhere.com
203.191.146.205 pop.9v.cn
203.191.146.205 xuni.myad.cn
203.191.146.205 iebar.t2t2.com
203.191.146.205 error.newcell.cn
203.191.146.205 auto.search.msn.com
203.191.146.205 cns.3721.com
203.191.146.205 seek.3721.com
203.191.146.205 name.cnnic.cn
203.191.146.205 toolsbar.kuaiso.com
203.191.146.205 www.kuaiso.com
203.191.146.205 kuaiso.com
203.191.146.205 www.copyso.com
203.191.146.205 union.copyso.com
203.191.146.205 auto.search.msn.com
203.191.146.205 ok.mop-hz.com
203.191.146.205 www.ncast.cn
203.191.146.205 www.ads3721.com
203.191.146.205 360.ads3721.com
203.191.146.205 www.maohehe.com
203.191.146.205 www.5566.net
203.191.146.205 5566.net
203.191.146.205 www.gjj.cc
203.191.146.205 gjj.cc
203.191.146.205 www.9495.com
203.191.146.205 9495.com
203.191.146.205 my123.com
203.191.146.205 www.my123.com
203.191.146.205 7b.com.cn
203.191.146.205 www.7b.com.cn
203.191.146.205 www.3567.com
203.191.146.205 3567.com
203.191.146.205 www.37021.com
203.191.146.205 37021.com
203.191.146.205 k369.com
203.191.146.205 www.k369.com
203.191.146.205 www.haourl.com
203.191.146.205 haourl.com
203.191.146.205 www.37021.net
203.191.146.205 37021.net
203.191.146.205 www.4199.com
203.191.146.205 4199.com
203.191.146.205 www.9505.com
203.191.146.205 9505.com
203.191.146.205 7939.com
203.191.146.205 www.7939.com
203.191.146.205 www.3448.com
203.191.146.205 3448.com
203.191.146.205 8925.com
203.191.146.205 www.8925.com
203.191.146.205 www.ttmp3.com
203.191.146.205 ttmp3.com
203.191.146.205 www.3tg.cn
203.191.146.205 3tg.cn
203.191.146.205 www.ttjj.com
203.191.146.205 ttjj.com
203.191.146.205 www.59178.com
203.191.146.205 59178.com
203.191.146.205 www.987654.com
203.191.146.205 987654.com
203.191.146.205 www.zhao123.com
203.191.146.205 zhao123.com
203.191.146.205 123wa.com
203.191.146.205 www.123wa.com
203.191.146.205 www.159.com
203.191.146.205 soft.159.com
203.191.146.205 www.v111.com
203.191.146.205 v111.com
203.191.146.205 www.855.com
203.191.146.205 855.com
203.191.146.205 www.wu123.com
203.191.146.205 wu123.com
203.191.146.205 www.haodx.com
203.191.146.205 haodx.com
203.191.146.205 19ku.com
203.191.146.205 www.19ku.com
203.191.146.205 www.t2t2.com
203.191.146.205 t2t2.com
203.191.146.205 www.ku8.com
203.191.146.205 ku8.com
203.191.146.205 www.v23.com
203.191.146.205 v23.com
203.191.146.205 www.51115.com
203.191.146.205 www.52.com
203.191.146.205 52.com
203.191.146.205 www.qu123.com
203.191.146.205 qu123.com
203.191.146.205 www.haokan123.com
203.191.146.205 haokan123.com
203.191.146.205 www.kan123.com
203.191.146.205 kan123.com
203.191.146.205 hang123.com
203.191.146.205 www.hang123.com
203.191.146.205 3tom.com
203.191.146.205 www.3tom.com
203.191.146.205 www.anyso.com
203.191.146.205 anyso.com
203.191.146.205 59178.com
203.191.146.205 www.59178.com
203.191.146.205 t3j4.com
203.191.146.205 www.t3j4.com
203.191.146.205 www.zh130.com
203.191.146.205 zh130.com
203.191.146.205 www.8757.com
203.191.146.205 8757.com
203.191.146.205 www.7667.com
203.191.146.205 7667.com
203.191.146.205 ie.union123.com
203.191.146.205 www.daohangtu.com
203.191.146.205 daohangtu.com
203.191.146.205 www.ld123.com
203.191.146.205 ld123.com
203.191.146.205 www.369.com
203.191.146.205 369.com
203.191.146.205 91ni.com
203.191.146.205 www.91ni.com
203.191.146.205 www.17995.com
203.191.146.205 17995.com
203.191.146.205 www.sha123.com
203.191.146.205 sha123.com
203.191.146.205 www.lethot.com
203.191.146.205 lethot.com
203.191.146.205 www.8757.com
203.191.146.205 8757.com
203.191.146.205 4533.cn
203.191.146.205 6h.com.cn
203.191.146.205 www.6h.com.cn
203.191.146.205 www.jjol.cn
203.191.146.205 jjol.cn
203.191.146.205 wangzhiku.com
203.191.146.205 www.wangzhiku.com
203.191.146.205 www.1zhan.com
203.191.146.205 1zhan.com
203.191.146.205 www.262.com
203.191.146.205 262.com
203.191.146.205 www.365.com
203.191.146.205 365.com
203.191.146.205 www.4533.cn
203.191.146.205 4533.cn
203.191.146.205 31tg.com
203.191.146.205 www.31tg.com
203.191.146.205 tomatolei.com
203.191.146.205 www.tomatolei.com
203.191.146.205 999cha.com
203.191.146.205 www.999cha.com
127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com
127.0.0.1 360safe.com
127.0.0.1 bbs.360safe.com
127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com
127.0.0.1 up.rising.com.cn
127.0.0.1 scan.kingsoft.com
127.0.0.1 kvup.jiangmin.com
127.0.0.1 reg.rising.com.cn
127.0.0.1 update.rising.com.cn
127.0.0.1 update7.jiangmin.com
127.0.0.1 download.rising.com.cn
127.0.0.1 dnl-us1.kaspersky-labs.com
127.0.0.1 dnl-us2.kaspersky-labs.com
127.0.0.1 dnl-us3.kaspersky-labs.com
127.0.0.1 dnl-us4.kaspersky-labs.com
127.0.0.1 dnl-us5.kaspersky-labs.com
127.0.0.1 dnl-us6.kaspersky-labs.com
127.0.0.1 dnl-us7.kaspersky-labs.com
127.0.0.1 dnl-us8.kaspersky-labs.com
127.0.0.1 dnl-us9.kaspersky-labs.com
127.0.0.1 dnl-us10.kaspersky-labs.com
127.0.0.1 dnl-eu1.kaspersky-labs.com
127.0.0.1 dnl-eu2.kaspersky-labs.com
127.0.0.1 dnl-eu3.kaspersky-labs.com
127.0.0.1 dnl-eu4.kaspersky-labs.com
127.0.0.1 dnl-eu5.kaspersky-labs.com
127.0.0.1 dnl-eu6.kaspersky-labs.com
127.0.0.1 dnl-eu7.kaspersky-labs.com
127.0.0.1 dnl-eu8.kaspersky-labs.com
127.0.0.1 dnl-eu9.kaspersky-labs.com
127.0.0.1 dnl-eu10.kaspersky-labs.com
203.191.146.205 www.ab365.com
203.191.146.205 ab365.com
203.191.146.205 www.5235.net
203.191.146.205 5235.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

newcenturymoon - 2007-6-16 23:06:00

安全模式下(开机后不断按F8键然后出来一个高级菜单选择第一项安全模式进入系统)

打开sreng （就是你扫日志的软件）
启动项目注册表删除如下项目 (如果有哪项你认识或者确认不是病毒请不要删除)
<sm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\Rav.exe> [N/A]
<6shrc9i0w><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp1ore.exe> [N/A]
<7zj4ei><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\crasos.exe> [N/A]
<f2xfhc><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp10re.exe> [N/A]
<li4gm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\c0nime.exe> [N/A]
<6qwbjm4e8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<z49><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\1explore.exe> [N/A]
<822><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\exp10rer.exe> [N/A]
<qs2c657w1ut58><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexplorer.exe> [N/A]
<jx><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\explorei.exe> [N/A]
<hcjid8bxskf8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\winlog0n.exe> [N/A]
<MS Reporter(dont disable)><; C:\WINDOWS\W1NL0GON.EXE> []
<Service Pack 1><; C:\WINDOWS\System32\vexg6ame4.exe> []
<sm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\Rav.exe> [N/A]
<6shrc9i0w><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp1ore.exe> [N/A]
<7zj4ei><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\crasos.exe> [N/A]
<f2xfhc><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexp10re.exe> [N/A]
<li4gm><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\c0nime.exe> [N/A]
<6qwbjm4e8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<z49><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\1explore.exe> [N/A]
<822><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\exp10rer.exe> [N/A]
<qs2c657w1ut58><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\iexplorer.exe> [N/A]
<jx><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\explorei.exe> [N/A]
<hcjid8bxskf8><; C:\DOCUME~1\Fantasy\LOCALS~1\Temp\winlog0n.exe> [N/A]
<MS Reporter(dont disable)><; C:\WINDOWS\W1NL0GON.EXE> []
<Service Pack 1><; C:\WINDOWS\System32\vexg6ame4.exe> []
<qqkwha><%systemroot%\system32\Rundll32.exe %systemroot%\system32\qqkwha.dll,DllUnregisterServer> []
<bthaq><%systemroot%\system32\Rundll32.exe %systemroot%\system32\bthaq.dll,DllUnregisterServer> []
<visin><; C:\WINDOWS\System32\visin.exe> [Microsoft Corporation]
双击Userinit 把其键值改为空
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewTemp.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\windows\System32\scandisk.dll> []

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
[4E98AB0C / 4E98AB0C][Stopped/Auto Start]

[6DCA4309 / 6DCA4309][Stopped/Auto Start]

[840F1C4B / 840F1C4B][Stopped/Auto Start]
<C:\windows\System32\1E954C5F.EXE -k><Microsoft Corporation>
[Messenger Accelerator / Accelerator Tools][Stopped/Auto Start]

[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Stopped/Auto Start]

[at2.810810.org / at2.810810.org][Stopped/Auto Start]

[B76DD14A / B76DD14A][Stopped/Auto Start]
<C:\windows\System32\39E6A229.EXE -g><Microsoft Corporation>
[EJOTZFLPVAGLRWC / BGLQWCHMSXDINT][Stopped/Auto Start]

[Windows Install Helper / BKMARKS][Stopped/Auto Start]

[Client IP-IPX / Client IP-IPX][Stopped/Disabled]

[EA0A5D0B / EA0A5D0B][Stopped/Auto Start]

[Remote Route Service / Hardware][Stopped/Auto Start]

[System Local Kernel Service / kernel][Stopped/Auto Start]

[kernl32 / kernl32][Stopped/Auto Start]

[Fax 2Client / ms_2fax][Stopped/Auto Start]

[Navoct / Navoct][Stopped/Disabled]

[Net Login Helper / netlog][Stopped/Auto Start]

[Windows pgsd RunThem / pgsd][Stopped/Auto Start]

[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]

[svchost / svchost][Stopped/Auto Start]

[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)][Stopped/Auto Start]

[Telephonyl / WindowsDown][Stopped/Auto Start]

[wljs0001.3322.org / wljs0001.3322.org][Stopped/Auto Start]

[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]

[WMI Performance API / WMIApiSrv][Stopped/Auto Start]

双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除
c:\documents and settings\all users\documents\settings\bot.dll
c:\windows\system32\scandisk.dll
c:\program files\internet explorer\iexplore.win
c:\program files\internet explorer\iexplore.dat
c:\program files\internet explorer\iexplore.sys
c:\program files\internet explorer\plugins\system64.sys
c:\program files\common files\microsoft shared\msinfo\newtemp.dll
c:\windows\system32\userinit.exe,c:\windows\system32\wintemp.exe
c:\windows\system32\bthaq.dll
c:\windows\system32\qqkwha.dll
c:\windows\system32\ravasktao.exe
c:\windows\system32\nrbnve71.dll
c:\windows\system32\wdynyi12.dll
c:\windows\system32\spoolsvv.exe
c:\program files\internet explorer\sploue.exe
c:\program files\common files\services\svchost.exe
c:\windows\retadpu321.exe
c:\windows\system32\autoc0nv.exe
c:\program files\installshield installation information\thjcghi.exe
c:\program files\common files\system\updaterun.exe
c:\docume~1\fantasy\locals~1\temp\wgso.exe
c:\docume~1\fantasy\locals~1\temp\tlso.exe
c:\docume~1\fantasy\locals~1\temp\rxso.exe
c:\docume~1\fantasy\locals~1\temp\woso.exe
c:\windows\system32\mydata.exe
c:\docume~1\fantasy\locals~1\temp\win15.exe
c:\windows\system32\nwizzhuxians.exe
c:\docume~1\fantasy\locals~1\temp\daso.exe
c:\windows\system32\mosou.exe
c:\windows\upxdnd.exe
c:\windows\uninstall\rundl132.exe
c:\docume~1\fantasy\locals~1\temp\qjso.exe
c:\docume~1\fantasy\locals~1\temp\mhso.exe
c:\docume~1\fantasy\locals~1\temp\wlso.exe
c:\windows\system32\vexg6ame4.exe
c:\windows\w1nl0gon.exe
c:\docume~1\fantasy\locals~1\temp\winlog0n.exe
c:\docume~1\fantasy\locals~1\temp\explorei.exe
c:\docume~1\fantasy\locals~1\temp\iexplorer.exe
c:\docume~1\fantasy\locals~1\temp\exp10rer.exe
c:\docume~1\fantasy\locals~1\temp\1explore.exe
c:\docume~1\fantasy\locals~1\temp\iexpl0re.exe
c:\docume~1\fantasy\locals~1\temp\c0nime.exe
c:\docume~1\fantasy\locals~1\temp\iexp10re.exe
c:\docume~1\fantasy\locals~1\temp\crasos.exe
c:\docume~1\fantasy\locals~1\temp\iexp1ore.exe
c:\docume~1\fantasy\locals~1\temp\rav.exe
c:\windows\system32\visin.exe
c:\windows\system32\hncsbe79.dll
c:\windows\system32\744eb526.exe
c:\windows\system32\a8ccb330.exe
c:\windows\system32\1e954c5f.exe
c:\windows\system32\mdn.exe
c:\windows\system32\wmiapisrv.dll
c:\windows\system32\wljs0001.3322.org.exe
c:\windows\system32\servet.exe
c:\windows\svchost.exe
c:\windows\system32\rpcs.exe
c:\program files\iesnap\navoct.dll
c:\windows\system32\86aa1.exe
c:\windows\system32\kernl32.exe
c:\documents and settings\all users\application data\microsoft\office\system\8honjqghmr.exe
c:\windows\system32\njldc.dll
c:\windows\system32\2386ee1d.exe
c:\windows\system32\svchosts.exe
c:\windows\system32\rundllforour.exe
c:\windows\system32\wbem\njfqz.dll
c:\windows\anyjtb1001.dll
c:\windows\system32\39e6a229.exe
c:\windows\system32\at2.810810.org.exe
c:\windows\system32\upnpsvc.exe
c:\progra~1\kbny\ulxi.dll
c:\windows\system32\drivers\ygqijx43.sys
c:\windows\system32\drivers\rysqhe.sys
c:\windows\system32\drivers\qqkwha.sys
c:\windows\system32\drivers\ornux.sys
c:\windows\system32\drivers\lqfxxy29.sys
c:\windows\system32\drivers\hncsbe79.sys
D:\rising.exe
E:\rising.exe
F:\rising.exe
c:\windows\kb9279o2.log
c:\windows\system32\zwgfx.dll
c:\windows\system32\wuhdd.dll
c:\windows\system32\wtfsm.dll

小小企鹅 - 2007-6-17 12:20:00

按照你说的我做了，发现即使显示隐藏文件和取消隐藏系统保护文件还是有一些文件没显示出来，我在删除文件的时候是用的搜索找的文件，才发现这个问题，在搜索文件的时候有机个文件不只在你列的目录有，在C盘下还有个名字一样的压缩包。
我按照你的做了，机器现在启动速度明显快了，可是，输入密码回车后马上注销，安全模式也是这样。试过好多次了。这是怎么回事啊？

火影忍者 - 2007-6-17 13:24:00

汗,这么多...

火影忍者 - 2007-6-17 13:27:00

补充一点点。
打开SREng->启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[acpidisk / acpidisk][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[hncsbe7 / hncsbe79][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hncsbe79.sys><N/A>
[lqfxxy2 / lqfxxy29][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[ornu / ornux][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ornux.sys><N/A>
[qqkwh / qqkwha][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qqkwha.sys><N/A>
[rysqhe / rysqhe][Stopped/Disabled]
<\SystemRoot\system32\drivers\rysqhe.sys><N/A>
[ygqijx4 / ygqijx43][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[wdynyi1 / wdynyi12][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\wdynyi12.sys><Microsoft Corporation>
[nrbnve7 / nrbnve71][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nrbnve71.sys><Microsoft Corporation>
[zufupbxd / zufupbxd][Stopped/Disabled]
<\SystemRoot\System32\DRIVERS\zufupbxd.sys><Yahoo! China Corporation>

用xdelbox(http://www.i170.com/attach/92EB2ED9-6D11-441D-8A28-2A9B08F0452E 下载)删除以下文件:
使用说明：删除时复制所有要删除文件的路径，选中抑制再生，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。
C:\WINDOWS\System32\drivers\acpidisk.sys
C:\WINDOWS\System32\DRIVERS\hncsbe79.sys
C:\WINDOWS\System32\DRIVERS\lqfxxy29.sys
C:\WINDOWS\System32\DRIVERS\ornux.sys
C:\WINDOWS\System32\DRIVERS\qqkwha.sys
C:\WINDOWS\System32\drivers\rysqhe.sys
C:\WINDOWS\System32\DRIVERS\ygqijx43.sys
C:\WINDOWS\System32\DRIVERS\wdynyi12.sys
C:\WINDOWS\System32\DRIVERS\nrbnve71.sys
C:\WINDOWS\System32\DRIVERS\zufupbxd.sys

服了。。。这么多。。

瑞星卡卡安全论坛