CODE]

2007-04-08,16:51:00

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <FlashGet><"C:\Program Files\FlashGet\FlashGet.exe" /min>  [(Verified)Trend Media Corporation Limited]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  []
    <runeip><d:\Program Files\Rising\AntiSpyware\runiep.exe>  []
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  []
    <winform><C:\WINDOWS\SMSS.EXE>  []
    <upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe>  []
    <mppds><C:\WINDOWS\RUNDLL32.exe>  [N/A]
    <msccrt><C:\WINDOWS\CSRSS.exe>  []
    <cmdbcss><C:\WINDOWS\8Sy.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <wusttrs><C:\WINDOWS\9Sy.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\twunk32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><C:\WINDOWS\Resources\Themes\Login\logonui-3.1.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Basetdi / Basetdi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BDHlprObj Class]
  {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[番茄工具条3.1.5]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[番茄工具条3.1.5]
  {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <C:\WINDOWS\system32\IETool.dll, N/A>
[BDHlprObj Class]
  {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用超级旋风下载]
  <d:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <d:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <d:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <d:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <d:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1748][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1756][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,1918]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1918]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
[PID: 1764][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.07]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
[PID: 1772][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1720][D:\yuanchenxu\cidian\meddic\MedDic.exe]  [北京金叶天翔科技有限公司, 1, 4, 1, 1571]
    [D:\yuanchenxu\cidian\meddic\TCHook32.dll]  [（株）テクノクラフト, 5, 0, 4, 3]
    [D:\yuanchenxu\cidian\meddic\TcRmApi.dll]  [TechnoCraft Co.,Ltd., 5, 0, 6, 0]
    [D:\yuanchenxu\cidian\meddic\TCCOMLIB.dll]  [TechnoCraft Co.,Ltd., 5, 0, 3, 1]
    [D:\yuanchenxu\cidian\meddic\TCTxtLib.dll]  [（株）テクノクラフト, 5, 5, 0, 1]
    [D:\yuanchenxu\cidian\meddic\RWTTS.dll]  [N/A, ]
    [D:\yuanchenxu\cidian\meddic\MedUtils.dll]  [N/A, ]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [D:\yuanchenxu\cidian\meddic\AddWord.dll]  [, 1, 0, 0, 1]
    [D:\yuanchenxu\cidian\meddic\RWDicMan.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWDicApi.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWDICCOM.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWLanMan.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\rwlancom.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWTxtLib.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWVicLib.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWTFVIEW.dll]  [TechnoCraft Co.,Ltd., 5, 5, 0, 0]
    [D:\yuanchenxu\cidian\meddic\libpng.dll]  [, 1.2.1]
    [D:\yuanchenxu\cidian\meddic\zlib.dll]  [, 1.1.3]
    [D:\yuanchenxu\cidian\meddic\DicRes.dll]  [KingYee Co.,Ltd., 1, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\RWOption.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\TCLSTLIB.dll]  [TechnoCraft, 5, 0, 0, 1]
    [D:\yuanchenxu\cidian\meddic\RWComLib.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\TcChkSn.dll]  [TechnoCraft, 1.0]
    [D:\yuanchenxu\cidian\meddic\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\yuanchenxu\cidian\meddic\HtmlVWEx.dll]  [金叶天翔科技有限公司, 1, 0, 0, 39]
    [D:\yuanchenxu\cidian\meddic\RWCOMCTL.DLL]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17B.tmp]  [N/A, ]
    [D:\yuanchenxu\cidian\meddic\rwld_enu.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [D:\yuanchenxu\cidian\meddic\rwld_chs.dll]  [TechnoCraft Co.,Ltd., 6, 0, 0, 0]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [D:\yuanchenxu\cidian\meddic\mledit.dll]  [TechnoCraft, 4, 0, 3, 2]
    [D:\yuanchenxu\cidian\meddic\TcNls.dll]  [TechnoCraft, 4.0]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]

[PID: 1104][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\DOWNLO~1\BDHelper.dll]  [, 1, 0, 0, 6]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 1, 6, 61]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINDOWS\system32\tsd32.dll]  [, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
[PID: 3560][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\5.8.0.2469\wups.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [D:\yuanchenxu\cidian\meddic\RmNT.dll]  [TechnoCraft Inc., 4.0]
[PID: 1536][d:\Program Files\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
[PID: 3332][C:\Program Files\FlashGet\flashget.exe]  [FlashGet.com, 1, 8, 1, 1002]
    [C:\Program Files\FlashGet\FGBTCORE.dll]  [, 1, 0, 0, 36]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\FlashGet\fgupdate.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
[PID: 3208][d:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 36]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Tencent\QQDownload\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 35]
    [d:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
[PID: 2128][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2004][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 4, 3, 30]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\IETool.dll]  [N/A, ]
    [d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\WINDOWS\DOWNLO~1\BDHelper.dll]  [, 1, 0, 0, 6]
    [C:\WINDOWS\system32\IEBHO.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.5825.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3300][C:\WINDOWS\system32\systemt.exe]  [N/A, ]
    [C:\WINDOWS\system32\WPCAP.DLL]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [D:\yuanchenxu\cidian\meddic\RmNT.dll]  [TechnoCraft Inc., 4.0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]

[PID: 2720][C:\WINDOWS\9Sy.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wusttrs.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
[PID: 2784][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 216][C:\Downloads\sreng2(1)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
[PID: 1900][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [d:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\cmdbcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16414 (vista_gdr.070108-1520)]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[F:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[G:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng （就是你扫日志的软件）
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)

<load><C:\WINDOWS\uninstall\rundl132.exe> []
<winform><C:\WINDOWS\SMSS.EXE> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\RUNDLL32.exe> [N/A]
<msccrt><C:\WINDOWS\CSRSS.exe> []
<cmdbcss><C:\WINDOWS\8Sy.exe> []
<wusttrs><C:\WINDOWS\9Sy.exe> []
<twin><C:\WINDOWS\system32\twunk32.exe> []

把下面的 代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

双击1.reg把这个注册表项导入

双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后
右键选择 “打开” 打开C盘
(不一定都有）
清空C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
删除C:\WINDOWS\system32\cmdbcss.dll
C:\WINDOWS\system32\winform.dll
C:\WINDOWS\system32\tsd32.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\IETool.dll
C:\WINDOWS\system32\wusttrs.dll
C:\WINDOWS\uninstall\rundl132.exe
C:\WINDOWS\SMSS.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\CSRSS.exe
C:\WINDOWS\8Sy.exe
C:\WINDOWS\9Sy.exe
C:\WINDOWS\system32\twunk32.exe
右键选择 “打开” 打开E盘  F盘 G盘 删除autorun.inf sxs.exe
如果装有QQ请把QQ 安装文件夹中的Timplatform.exe删除 把Timplatfrom.exe重命名为Timplatform.exe
下载威金专杀 全盘杀毒
注：Documents and Settings=DOCUME~1  Administrator=ADMINI~1    Local Settings=LOCALS~1

把下面的 代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

双击1.reg把这个注册表项导入
这一部分在哪里做，是不是Windows Registry Editor Version 5.00是个软件？到哪下？
前面的做完了，那些都删了

stren里面提示Uihost被修改为非正常值，怀疑有病毒，要怎么处理呢？

最近这个鸟木马太多了，搞得无数的电脑，开机出现桌面背景图，桌面的图标什么都没有了，任务进程里差不多都有这个“wsttrs.exe”
<load><C:\WINDOWS\uninstall\rundl132.exe> []
winform []
upxdnd.exe> []
<mppds><C:\WINDOWS\RUNDLL32.exe> [N/A]
CSRSS.exe> []
8Sy.exe> []
9Sy.exe> []
twunk32.exe> []建议大家，打开“任务管理器“结束你看到的如同上的进程名任务，差不多都能进入桌面，但是比电脑反应一般很慢，因为病毒把你的CPU/内存资源都占用了；接下来呢，你最好是把你的“桌面上的/我的文档”的资料全部放到如D：E：盘里去，保证你的数据安全，接着呢，到：http://www.360safe.com里下载个“360安全卫士”查杀恶意代码木马，可以说都能够杀掉，很好用的，用它查杀完后再重启电脑，点击里的“修复”把你的爱机里的漏洞全补上，这些鸟木马可以绕过现在各种正版杀毒软件，瑞星等也不例外，搞好后再把你的正版杀毒软件更新到最新，在之后呢，可能用有新的木马进程会在右下角冒出来，“360安全卫士”会提示“允许”还是“拒绝”，建义大家点拒绝，要不然木马又会在开机启动，控制你的电脑，不得安宁；360安全卫士，是个很好用的工具，向大家推荐，还有就是“瑞星卡卡助手”，也是很好用的上网助手，大家可以把两个小小助手，同时安装，因为它们各有自已的长处，不信们试了就知道了；本人长期从事电脑的维护工作，在近期也深受此等病毒的毒害，搞得我没皮气，每天要处理类似的电脑病毒有好多好多台，年前吗当然是熊猫啰，我操，现在呢就是这些木马，真累，这期间总结出个经验：“正版杀毒软件不是万能的”，还是要靠大家日常的维护，多借助现目前你能见到的小小工具，处理你能处理的问题，相信在不久时间里你也变成了行家，还有就是“木马”比“常规病毒”更吓人、更害人！！！－－－我的理解是：”木马“就好比一条高速公路，让具有各种各样功能的病毒在你的电脑上放肆，盗取你各种信息或是为广告商服务，获取点击率，获得利益！！！一点见解，高手些，我如果说得不对的地方请指教！！！！