从新扫描日志上来

2006-11-14,16:04:30

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <RavMon><C:\Program Files\Rising\Rav\RavMon.exe>  [Beijing Rising Technology Co., Ltd.]
    <updatereal><C:\WINDOWS\realupdate.exe other>  [N/A]
    <CalSprite><; C:\Program Files\CalSprite\CalSprite.exe>  [SnowFox Studio.]
    <msnnt><C:\WINDOWS\winampi.exe>  [N/A]
    <NVIEW><; rundll32.exe nview.dll,nViewLoadHook>  [NVIDIA Corporation]
    <RealPlayer><; "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot>  [N/A]
    <updateMgr><; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CalSprite><C:\Program Files\CalSprite\CalSprite.exe>  [SnowFox Studio.]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <Alitalk><; C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE -hideframe>  [Alibaba]
    <Device Detector><; DevDetect.exe -autorun>  [N/A]
    <domino><; C:\WINDOWS\domino.exe>  []
    <helper.dll><; >  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <VMSnap1><; C:\WINDOWS\VMSnap1.exe>  [Vimicro]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <DTService><rundll32.exe C:\WINDOWS\system32\drivers\soundmix.dll,Load>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[WindowsNt Workstation / NTWorkStan]
  <C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Registry Protect / Popular]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ihjprx63.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[WindowsNt Network Engine / wnttech]
  <C:\WINDOWS\System32\svchost.exe -k wnttech-->c:\windows\system32\wnttech.dll><Microsoft Corporation>

==================================

驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Albus / Albus]
  <\SystemRoot\system32\drivers\Albus.SYS><N/A>
[BaseTDI / BaseTDI]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[bigbbajh / bigbbajh]
  <\??\C:\WINDOWS\system32\drivers\bigbbajh.sys><N/A>
[demiwc96 / demiwc96]
  <\SystemRoot\system32\drivers\demiwc96.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[GMSIPCI / GMSIPCI]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ifjajecf / ifjajecf]
  <\??\C:\WINDOWS\system32\drivers\ifjajecf.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[npkcrypt / npkcrypt]
  <\??\D:\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nuoz / nuozg]
  <\SystemRoot\System32\DRIVERS\nuozg.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[paraudio / paraudio]
  <\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[R2A / R2A]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[World Standard Teletext Codec / WSTCODEC]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[MMSAssist BHO]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNT.DLL, >
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559}? <D:\迅雷下载\Thunder.exe, Thunder Networking Technologies,LTD>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[MMSAssist BHO]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNT.DLL, >
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[&使用迅雷下载]
  <D:\迅雷下载\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷下载\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ2006\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ2006\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ2006\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ2006\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1048][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1508][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 6.0.000]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\system32\CNMLM6e.DLL]  [CANON INC., 1.80.2.50]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL]  [CANON INC., 1.80.2.50]
[PID: 1608][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1776][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1852][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.4072]
[PID: 176][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\axbmv.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\soundmix.dll]  [, 1, 4, 0, 0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 1.0.0.2003051500]
    [c:\windows\system32\advwhes.dll]  [N/A, N/A]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\ext\dtdl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\ext\dtsm.dll]  [N/A, N/A]
[PID: 200][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 228][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][c:\windows\system32\wbem\lsass.exe]  [Microsoft, 1.0.0.0]
[PID: 1372][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 352][C:\Program Files\CalSprite\CalSprite.exe]  [SnowFox Studio., 1.5.4.54]
[PID: 1096][C:\Program Files\Rising\Rav\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2096][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2104][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2500][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\CPUSH\cpush0.dll]  [N/A, 1.0.1.9]
    [C:\WINDOWS\POPNT.DLL]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\WNWBIO.IME]  [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [N/A, N/A]
[PID: 2784][C:\Program Files\wnwb2005\wnwb.exe]  [深圳世强软件开发部 www.wnwb.com , 2005, 11, 19, 1]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [N/A, N/A]
[PID: 3032][C:\Documents and Settings\Administrator\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\wnwb2005\WNMKEY.DLL]  [N/A, N/A]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM
127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM

==================================

刚才吃饭去了,

你先试试
重启F8选最后一次正确置什么的,能进安全模式吗

选最后一次正确配置，启动也是回到正常模式下启动的！在其它模式下启动不了！所以有些东西删也删不掉呀！

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
WindowsNt Workstation
Remote Registry Protect
WindowsNt Network Engine
，选择“删除服务”
点“设置”选择“否”
运行SREng2,使用“启动项目”－－注册表－－删除
C:\WINDOWS\realupdate.exe other
C:\WINDOWS\winampi.exe
C:\WINDOWS\domino.exe



去下载最新的冰刃强力删除：             
c:\windows\system32\ntworkstan.dll
C:\WINDOWS\system32\ihjprx63.dll
c:\windows\system32\wnttech.dll
  C:\WINDOWS\system32\drivers\ext\dtdl.dll
[C:\WINDOWS\system32\drivers\ext\dtsm.dll
C:\WINDOWS\realupdate.exe other
C:\WINDOWS\winampi.exe
C:\WINDOWS\domino.exe
c:\windows\system32\wbem\lsass.exe
C:\Program Files\Common Files\CPUSH\cpush0.dll
C:\WINDOWS\POPNT.DLL

冰刃强力在哪里有下载？？要是安全的网站！

Icesword v1.20（新手慎用）
①这是一斩断黑手的利刃，它适用于Windows 2000/XP/2003 操作系统，其内部功能是十分强大，用于查探系统中的幕后黑手-木马后门，并作出处理。可能您也用过很多类似功能的软件，比如一些进程工具、端口工具，但是现在的系统级后门功能越来越强，一般都可轻而易举地隐藏进程、端口、注册表、文件信息，一般的工具根本无法发现这些“幕后黑手”。IceSword 使用了大量新颖的内核技术，使得这些后门躲无所躲。当然使用它需要用户有一些操作系统的知识。使用前请详细阅读说明。
在对软件做讲解之前，首先说明第一注意事项：此程序运行时不要激活内核调试器(如softice)，否则系统可能即刻崩溃。另外使用前请保存好您的数据，以防万一未知的Bug带来损失。
IceSword目前只为使用32位的x86兼容CPU的系统设计，另外运行IceSword需要管理员权限。

IceSword1.20 功能改动不大..跟 1.18 没多大区别..

②最新版本下载地址：
中文：http://202.38.64.10/~jfpan/download/IceSword120_cn.zip MD5 :cfb8514add1fbfb510b0084e837e561c

英文：http://202.38.64.10/~jfpan/download/IceSword120_en.zip MD5: 14573e30abbbe576ed739ec7866e5939




此贴于2006-10-28 23:35:02被mopery修改