瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 版主求救!中了password和onlinegame的木马,请帮忙,附冰刀报告
小小dada - 2008-12-4 11:50:00
卡卡论坛也被封,我用SSM把木马禁止了,不知道影不影响扫描结果[code]2008-12-04,11:46:21

[CODE]

2008-12-04,11:46:21

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  []
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTimer><VTTimer.exe>  [S3 Graphics, Inc.]
    <VTTrayp><VTtrayp.exe>  [S3 Graphics Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Lexmark 4200 Series><"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe">  [Lexmark International, Inc.]
    <FaxCenterServer4_in_1><"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s>  []
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <BrMfcWnd><C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN>  []
    <SetDefPrt><C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe>  [Brother Industories, Ltd.]
    <ControlCenter3><C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun>  [Brother Industries, Ltd.]
    <HBService32><System.exe>  [HB Software]
    <搜狐电视机网页版><C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "19ae5b7da09bb38b823bde6ed0302152" "1.0.0.10" "">  [File is missing]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; >  [N/A]
    <PHIME2002ASync><; >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{D7C79813-9233-4AE0-832C-99B2E8019673}><D7C79813.dll>  []
    <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  []
    <{A55F538E-9E65-4706-9458-852BF6592063}><A55F538E.dll>  []
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  []
    <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll>  []
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  []
    <{E0D39066-96D7-4891-8527-488ADAFCD60F}><E0D39066.dll>  []
    <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll>  []
    <{EA44A26D-DDC8-46C0-AFE1-A529FE014E3F}><EA44A26D.dll>  []
    <{93DEE065-EC9B-4505-ADD3-19880AD3C38F}><93DEE065.dll>  []
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  []
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  []
    <{D82C0336-583E-468B-B46A-0897FAB9D5A2}><D82C0336.dll>  []
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll>  []
    <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll>  []
    <{01AFE3DC-2242-436E-9B44-6DD1C664E828}><01AFE3DC.dll>  []
    <{A93061FE-464A-4E95-8E96-A54CD948B0F7}><C:\Program Files\Internet Explorer\Sys_NtMe.Zys>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LexBce Server / LexBceS][Running/Auto Start]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Task Scheduler / Schedule][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\schedsvc.dll><N/A>
[System Restore Service / srservice][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\srsvc.dll><N/A>
[Windows Image Acquisition (WIA) / stisvc][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><N/A>
[StyleXPService / StyleXPService][Running/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[Windows Time / W32Time][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\w32time.dll><N/A>

==================================
驱动程序
[6457aed / 6457aed][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\6457aed.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[b71fe93 / b71fe93][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\b71fe93.sys><N/A>
[Brother USB Still Image driver / BrScnUsb][Running/Manual Start]
  <system32\DRIVERS\BrScnUsb.sys><Brother Industries Ltd.>
[Brother MFC Serial Port Interface WDM Driver / BrSerIf][Running/Manual Start]
  <System32\Drivers\BrSerIf.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Running/Manual Start]
  <System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[f28907d / f28907d][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\f28907d.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\HBKernel32.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[internet service / internet service][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
  <system32\drivers\NPF.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[NsDlRK250 / NsDlRK250][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Nskhelper2.sys><N/A>
[NsPsDk00 / NsPsDk00][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass0.sys><N/A>
[NsPsDk01 / NsPsDk01][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass1.sys><N/A>
[NsPsDk02 / NsPsDk02][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass2.sys><N/A>
[NsPsDk03 / NsPsDk03][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass3.sys><N/A>
[NsPsDk04 / NsPsDk04][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass4.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[StyleXPHelper / StyleXPHelper][Running/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[viagfx / viagfx][Running/Manual Start]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[wmpobj / wmpobj][Running/Auto Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys><N/A>
[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )
小小dada - 2008-12-4 11:51:00
==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[]
  {A93061FE-464A-4E95-8E96-A54CD948B0F7} <C:\Program Files\Internet Explorer\Sys_NtMe.Zys, N/A>
[SunsetBrowser Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2234.dll, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\sohutv_web\MMCShell.dll, (Signed) Sohu.com Inc.>
[]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, (Signed) Microsoft Corporation>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <D:\tencent\QQLive\QQLiveInstaller.dll, (Signed) >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <, >
[]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {38928D50-8A48-44C2-945F-D2F23F771410} <, >
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BitComet\tools\BitCometBHO.dll, N/A>
[]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <, >
[]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <, >
[]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <, >
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {A93061FE-464A-4E95-8E96-A54CD948B0F7} <C:\Program Files\Internet Explorer\Sys_NtMe.Zys, N/A>
[SunsetBrowser Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2234.dll, >
[]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\ADMINI~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) CCTV.COM>
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <, >
[]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\tencent\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <, >
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\tencent\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBJTLQ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSHQ.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\SSMWinlogonEx.dll]  [System Safety Limited, 2.0.8.585]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 816 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 876 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / SYSTEM][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe]  [, 0, 20, 0, 3000]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1032 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1132 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 1140 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
小小dada - 2008-12-4 11:52:00
[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBJTLQ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSHQ.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [c:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [c:\program files\rising\rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1196 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.29]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBJTLQ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSHQ.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1592 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1856 / Administrator][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [c:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 1892 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE]  [Lexmark International, Inc., 9.41]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\lexp2p32.dll]  [Lexmark International, Inc., 9.41]
    [C:\WINDOWS\system32\lex2kusb.dll]  [Lexmark International, Inc., 9.41]
[PID: 1976 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE]  [Lexmark International, Inc., 9.41]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\LEXBCE.DLL]  [Lexmark International, Inc., 9.41]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1984 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBSO2.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBKDXY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBZHUXIAN.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBDNF.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQSG.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBYY.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBQQXX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWD.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBJTLQ.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\LXBRPMON.DLL]  [N/A, ]
    [C:\WINDOWS\system32\IMGMAN32.dll]  [Data Techniques, Inc.,  7.20 ]
    [C:\WINDOWS\system32\IM31IMG.DIL]  [Data Techniques, Inc.,  7.20 ]
    [C:\WINDOWS\system32\LXBRPMRC.DLL]  [Lexmark International, Inc., 1, 0, 0, 1]
    [C:\WINDOWS\system32\LEXLMPM.DLL]  [Lexmark International, Inc., 96.9.41]
    [C:\WINDOWS\system32\LexBce.dll]  [Lexmark International, Inc., 9.41]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBMPP5C.dll]  [, 1.0.0.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
    [C:\WINDOWS\system32\LXBMpwr.dll]  [Lexmark International, Inc., 0, 1, 61, 1]
[PID: 1368 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2468 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2972 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 2988 / Administrator][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.01-0307]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3000 / Administrator][C:\WINDOWS\system32\VTtrayp.exe]  [S3 Graphics Co., Ltd., 2.00.41-1031]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\VTDisply.dll]  [S3 Graphics Co., Ltd., 2.00.58-0523]
    [C:\WINDOWS\system32\VTGamma2.dll]  [S3 Graphics Co., Ltd., 2.00.28-1128]
    [C:\WINDOWS\system32\VTInfo2.dll]  [S3 Graphics Co., Ltd., 2.00.35-1031]
    [C:\WINDOWS\system32\VTOvrlay.dll]  [S3 Graphics Co., Ltd., 2.00.38-1117B]
[PID: 3012 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3020 / Administrator][C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe]  [Lexmark International, Inc., 0.1.25.0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3072 / Administrator][C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe]  [Lexmark International, Inc., 2, 0, 0, 1]
    [C:\Program Files\Lexmark 4200 Series\JetScan.dll]  [Lexmark International, Inc., 0.1.25.0]
    [C:\Program Files\Lexmark 4200 Series\JetDecmp.dll]  [, 1, 0, 0, 1]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3148 / Administrator][C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe]  [, 2, 0, 0, 13]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Brother\Brmfcmon\BRMFCWNDChn.dll]  [Brother Industries, Ltd., 2, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3208 / Administrator][C:\Program Files\Brother\ControlCenter3\brccMCtl.exe]  [Brother Industries, Ltd., 3, 0, 89, 89]
    [C:\Program Files\Brother\ControlCenter3\brccDCtl.dll]  [Brother Industries, Ltd., 3, 0, 62, 62]
    [C:\Program Files\Brother\ControlCenter3\brccFCtl.dll]  [Brother Industries, Ltd., 3, 0, 13, 42]
    [C:\Program Files\Brother\ControlCenter3\LTDIS12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
    [C:\Program Files\Brother\ControlCenter3\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
    [C:\Program Files\Brother\ControlCenter3\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.073]
    [C:\Program Files\Brother\ControlCenter3\BrImgPDF.dll]  [Brother Industries,LTD., 1, 0, 0, 1]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Brother\ControlCenter3\brccchn.dll]  [Brother Industries, Ltd., 3, 0, 4, 4]
小小dada - 2008-12-4 11:52:00
[C:\Program Files\Brother\ControlCenter3\brccimg.dll]  [Brother Industries, Ltd., 3, 0, 0, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3256 / Administrator][C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe]  [Brother Industries, Ltd., 2, 0, 0, 0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Brother\Brmfcmon\brlmw03a.dll]  [Brother Industries, Ltd., 1, 0, 0, 182]
    [C:\Program Files\Brother\Brmfcmon\brlm03a.dll]  [brother Industries Ltd, 1, 0, 5, 1]
[PID: 3388 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wiaservc.dll]  [N/A, ]
[PID: 3500 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3632 / Administrator][C:\Program Files\sohutv_web\SysTrayIcon.exe]  [Sohu.com Inc., 1, 0, 0, 26]
    [C:\Program Files\sohutv_web\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\sohutv_web\vodclient.dll]  [Sohu.com Inc., 4, 0, 0, 79]
    [C:\Program Files\sohutv_web\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\sohutv_web\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3640 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3648 / Administrator][C:\Program Files\TGTSoft\StyleXP\StyleXP.exe]  [, 0, 30, 10, 0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
[PID: 3852 / Administrator][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\WINDOWS\system32\appwinproc.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\D7C79813.dll]  [N/A, ]
    [C:\WINDOWS\system32\DA63E650.dll]  [N/A, ]
    [C:\WINDOWS\system32\A55F538E.dll]  [N/A, ]
    [C:\WINDOWS\system32\9CA963CA.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D023DE9.dll]  [N/A, ]
    [C:\WINDOWS\system32\B3721C07.dll]  [N/A, ]
    [C:\WINDOWS\system32\E0D39066.dll]  [N/A, ]
    [C:\WINDOWS\system32\201476D0.dll]  [N/A, ]
    [C:\WINDOWS\system32\EA44A26D.dll]  [N/A, ]
    [C:\WINDOWS\system32\93DEE065.dll]  [N/A, ]
    [C:\WINDOWS\system32\E4814792.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\D82C0336.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\3D144530.dll]  [N/A, ]
    [C:\WINDOWS\system32\01AFE3DC.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Sys_NtMe.Zys]  [N/A, ]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
[PID: 1344 / Administrator][C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 2844 / Administrator][C:\Documents and Settings\Administrator\桌面\SRE7c456bda.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Documents and Settings\Administrator\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2560 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\WINDOWS\system32\IMSC40W.IME]  [Microsoft Corporation, 6.0.0.2524]
    [C:\Program Files\Common Files\PushWare\cpush.dll]  [, 1.1.1.5]
    [C:\Program Files\Internet Explorer\Sys_NtMe.Zys]  [N/A, ]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2234.dll]  [, 3, 9, 7, 0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40W\MSCAND20.DLL]  [Microsoft Corporation, 9.0.4913.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2988, C:\WINDOWS\SYSTEM32\VTTIMER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2988, C:\WINDOWS\SYSTEM32\VTTIMER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3000, C:\WINDOWS\SYSTEM32\VTTRAYP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3000, C:\WINDOWS\SYSTEM32\VTTRAYP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3012, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3012, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3020, C:\PROGRAM FILES\LEXMARK 4200 SERIES\LXBMBMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3020, C:\PROGRAM FILES\LEXMARK 4200 SERIES\LXBMBMGR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3148, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFCWND.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3148, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFCWND.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3208, C:\PROGRAM FILES\BROTHER\CONTROLCENTER3\BRCCMCTL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3208, C:\PROGRAM FILES\BROTHER\CONTROLCENTER3\BRCCMCTL.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3256, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFCMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3256, C:\PROGRAM FILES\BROTHER\BRMFCMON\BRMFCMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3648, C:\PROGRAM FILES\TGTSOFT\STYLEXP\STYLEXP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3648, C:\PROGRAM FILES\TGTSOFT\STYLEXP\STYLEXP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1344, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1344, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
小小dada - 2008-12-4 11:54:00
这是hijackthis 的报告,

Logfile of HijackThis v1.99.1
Scan saved at 11:56:23, on 2008-12-4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwstub.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\sohutv_web\SysTrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE
C:\Documents and Settings\Administrator\桌面\SRE7c456bda.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\PushWare\cpush.dll
O2 - BHO: (no name) - {A93061FE-464A-4E95-8E96-A54CD948B0F7} - C:\Program Files\Internet Explorer\Sys_NtMe.Zys
O2 - BHO: SunsetBrowser Class - {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2234.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKLM\..\Run: [搜狐电视机网页版] C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "19ae5b7da09bb38b823bde6ed0302152" "1.0.0.10" ""
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ;
O4 - HKLM\..\Run: [PHIME2002ASync] ;
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\tencent\AddEmotion.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: easyabc.95599.cn
O15 - Trusted Zone: www.95599.cn
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.95588.com/left/IcbcSslCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E8E0C5B-C92F-410C-ACFE-F2D048BF9137}: NameServer = 221.228.225.1,218.2.135.1
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

求救!!
backway - 2008-12-4 12:33:00
1.建议使用XDelBox(下载地址:http://bbs.ikaka.com/attachment.aspx?attachmentid=446806
删除以下文件:(使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择剪贴板导入不检查路径,导入后记得勾选抑制其再生,按住shift键选第一个和最后一个文件路径,这样就全选了,在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备)

    C:\WINDOWS\system32\HBmhly.dll
    C:\WINDOWS\system32\HBSO2.dll
    C:\WINDOWS\system32\HBKDXY.dll
    C:\WINDOWS\system32\HBASKTAO.dll
    C:\WINDOWS\system32\HBZHUXIAN.dll
    C:\WINDOWS\system32\HBWOW.dll
    C:\WINDOWS\system32\HBDNF.dll
    C:\WINDOWS\system32\HBTL.dll
    C:\WINDOWS\system32\HBQQSG.dll
    C:\WINDOWS\system32\HBYY.dll
    C:\WINDOWS\system32\HBQQXX.dll
    C:\WINDOWS\system32\HBWD.dll
    C:\WINDOWS\system32\HBJTLQ.dll
    C:\WINDOWS\system32\HBSHQ.dll
C:\WINDOWS\system32\LXBRPMON.DLL
    C:\WINDOWS\system32\appwinproc.dll
    C:\WINDOWS\system32\DFB3DAC5.dll
    C:\WINDOWS\system32\D7C79813.dll
    C:\WINDOWS\system32\DA63E650.dll
    C:\WINDOWS\system32\A55F538E.dll
    C:\WINDOWS\system32\9CA963CA.dll
    C:\WINDOWS\system32\4D023DE9.dll
    C:\WINDOWS\system32\B3721C07.dll
    C:\WINDOWS\system32\E0D39066.dll
    C:\WINDOWS\system32\201476D0.dll
    C:\WINDOWS\system32\EA44A26D.dll 
    C:\WINDOWS\system32\93DEE065.dll
    C:\WINDOWS\system32\E4814792.dll
    C:\WINDOWS\system32\122B901E.dll
    C:\WINDOWS\system32\D82C0336.dll
    C:\WINDOWS\system32\2EF0D734.dll
    C:\WINDOWS\system32\3D144530.dll
    C:\WINDOWS\system32\01AFE3DC.dll
C:\Program Files\Internet Explorer\Sys_NtMe.Zys

C:\WINDOWS\system32\6457aed.sys
C:\WINDOWS\system32\b71fe93.sys
C:\WINDOWS\system32\cdcd.sys
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.sys
C:\WINDOWS\system32\NsPass4.sys
C:\WINDOWS\system32\drivers\NPF.sys



2.启动项目 -- 注册表之如下项删除:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D7C79813-9233-4AE0-832C-99B2E8019673}><D7C79813.dll>  []
    <{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  []
    <{A55F538E-9E65-4706-9458-852BF6592063}><A55F538E.dll>  []
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  []
    <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll>  []
    <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}><B3721C07.dll>  []
    <{E0D39066-96D7-4891-8527-488ADAFCD60F}><E0D39066.dll>  []
    <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll>  []
    <{EA44A26D-DDC8-46C0-AFE1-A529FE014E3F}><EA44A26D.dll>  []
    <{93DEE065-EC9B-4505-ADD3-19880AD3C38F}><93DEE065.dll>  []
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  []
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  []
    <{D82C0336-583E-468B-B46A-0897FAB9D5A2}><D82C0336.dll>  []
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll>  []
    <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll>  []
    <{01AFE3DC-2242-436E-9B44-6DD1C664E828}><01AFE3DC.dll>  []
  <{A93061FE-464A-4E95-8E96-A54CD948B0F7}><C:\Program Files\Internet Explorer\Sys_NtMe.Zys>  []


3.启动项目 -- 服务-- 驱动程序之如下项删除:
SREng-在"启动项目->服务->驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后,点"删除服务",点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置):

[6457aed / 6457aed][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\6457aed.sys><N/A>
[b71fe93 / b71fe93][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\b71fe93.sys><N/A>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\HBKernel32.sys><N/A>
[internet service / internet service][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2.sys><N/A>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
  <system32\drivers\NPF.sys><N/A>
[NsPsDk04 / NsPsDk04][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NsPass4.sys><N/A>


4.系统修复——浏览器加载项之如下项删除:

[]
  {A93061FE-464A-4E95-8E96-A54CD948B0F7} <C:\Program Files\Internet Explorer\Sys_NtMe.Zys, N/A>



5.运行services.msc,将以下服务停止:
[Application Management / AppMgmt][Stopped/Manual Start]
[Task Scheduler / Schedule][Running/Auto Start]
[System Restore Service / srservice][Running/Auto Start]
[Windows Image Acquisition (WIA) / stisvc][Running/Manual Start]
[Windows Time / W32Time][Running/Auto Start]

之后从别的相同系统的机子上拷贝如下文件到C:\WINDOWS\System32和dllcache目录下:appmgmts.dll,schedsvc.dll,srsvc.dll,wiaservc.dll,w32time.dll
再将以上服务程序启动类型改为 手动。

6.用下载的“清理临时文件工具ATF-Cleaner-cn”,全选所有项目,点击“立即清理”
下载:http://bbs.ikaka.com/attachment.aspx?attachmentid=447126
用W i n d o w s 清理助手 ,清理系统。
W i n d o w s 清理助手 下载:http://www.arswp.com/
backway - 2008-12-4 12:40:00
处理完后再上传sreng日志。
1
查看完整版本: 版主求救!中了password和onlinegame的木马,请帮忙,附冰刀报告
© 2000 - 2026 Rising Corp. Ltd.