瑞星卡卡安全论坛

[CODE]

2005-06-27,18:47:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe>  []
    <Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe>  []
    <Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <imekrmig7.0><; "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE">  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
Startup Folders
N/A

==================================
Services
[2CFD8674 / 2CFD8674][Stopped/Auto Start]
  <C:\WINDOWS\system32\60819B72.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
Drivers
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\E:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星?件有限公司>
[MSICPL / MSICPL][Stopped/Manual Start]
  <\??\E:\install4\MSICPL.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\E:\NTACCESS.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\E:\NTGLM7X.sys><N/A>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[리서치(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Microsoft Excel로 내보내기(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 548][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 1556][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh2104.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]
[PID: 296][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 328][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 1088][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 2236][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 2268][C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HWGJ510D\kakasetupv3[2].exe]  [Beijing Rising Technology Co., Ltd., 17, 0, 0, 8]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [RsHide]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.765\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[리서치(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Microsoft Excel로 내보내기(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 548][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 1556][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh2104.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3943]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]
[PID: 296][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 328][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 1088][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 2236][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
[PID: 2268][C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HWGJ510D\kakasetupv3[2].exe]  [Beijing Rising Technology Co., Ltd., 17, 0, 0, 8]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [RsHide]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv3.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.765\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
    [C:\WINDOWS\system32\88856D14.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\slopdu.dll]  [N/A, ]

=================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS File
127.0.0.1      localhost

==================================
API HOOK
Entrypoint Error: RegCreateKeyExA (Dangerous Level: High,  Hooked by Module: Dest Addr: 0x00E61FE5)
Entrypoint Error: RegCreateKeyExW (Dangerous Level: High,  Hooked by Module: Dest Addr: 0x00E620B5)
Entrypoint Error: Process32NextW (Dangerous Level: High,  Hooked by Module: Dest Addr: 0x00E62325)
Entrypoint Error: Module32FirstW (Dangerous Level: High,  Hooked by Module: Dest Addr: 0x00E638ED)
Entrypoint Error: TerminateProcess (Dangerous Level: High,  Hooked by Module: Dest Addr: 0x00E6403D)
Entrypoint Error: CreateProcessA (Dangerous Level: Generic,  Hooked by Module: Dest Addr: 0x00E62185)
Entrypoint Error: CreateProcessW (Dangerous Level: Generic,  Hooked by Module: Dest Addr: 0x00E62255)

==================================
Hidden Process
N/A

==================================


[/CODE]

auto.exe
压缩一个 发送 bin59420@yahoo.com.cn

用sreng
删除启动项目=>注册表
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe> []
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> []
<Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe> []

删除启动项目=>服务
[2CFD8674 / 2CFD8674][Stopped/Auto Start]
<C:\WINDOWS\system32\60819B72.EXE -k><Microsoft Corporation>

删除
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\nwizwlwzs.exe
C:\WINDOWS\system32\nwizdh.exe
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system32\60819B72.EXE
C:\WINDOWS\system32\nwizwlwzs.dll
C:\WINDOWS\system32\dh2104.dll
C:\WINDOWS\system32\MOSOU.dll

给你小窗了，按里面说的杀就好了，我刚试过
http://zhidao.baidu.com/question/27827156.html?si=3

按修改注册表删除病毒文件的方法做就可以

引用:

【mopery的贴子】auto.exe 压缩一个 发送 bin59420@yahoo.com.cn 用sreng 删除启动项目=>注册表 <AVPSrv><C:\WINDOWS\AVPSrv.exe> [] <Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe> [] <Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> [] <Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe> [] 删除启动项目=>服务 [2CFD8674 / 2CFD8674][Stopped/Auto Start] <C:\WINDOWS\system32\60819B72.EXE -k><Microsoft Corporation> 删除 C:\WINDOWS\AVPSrv.exe C:\WINDOWS\system32\nwizwlwzs.exe C:\WINDOWS\system32\nwizdh.exe C:\WINDOWS\system32\mosou.exe C:\WINDOWS\system32\60819B72.EXE C:\WINDOWS\system32\nwizwlwzs.dll C:\WINDOWS\system32\dh2104.dll C:\WINDOWS\system32\MOSOU.dll ………………

我怎么压缩给你啊...那是隐藏文件..我根本看不到.....

开打隐藏文件查看..

或者 直接用 winrar 到D盘根目录也能看见.. 右键 直接压缩..

不行啊  我试过了  找不到  或者 你用QQ给我发远程 试试
231396655