[CODE]

2007-06-10,22:30:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe>  [N/A]
    <jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe>  [N/A]
    <rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe>  [N/A]
    <wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe>  [N/A]
    <tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe>  [N/A]
    <dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe>  [N/A]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Local Security Authority Service><D:\WINNT\System32\lssas.exe>  [N/A]
    <Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe>  [N/A]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe>  [N/A]
    <jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe>  [N/A]
    <wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe>  [N/A]
    <wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe>  [N/A]
    <wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe>  [N/A]
    <qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe>  [N/A]
    <msccrt><D:\WINNT\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><D:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[tzlhwfqg / tzlhwfqg][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tzlhwfqg.sys><Yahoo! China Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.1408]
    [D:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 960][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [D:\WINNT\System32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\System32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 6, 1008]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 8, 1023]
[PID: 992][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [D:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1076][D:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1152][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 2, 1028]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1116][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1160][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1092][D:\WINNT\System32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1408][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [D:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

现在怎么样了？

为什么有的病毒重启电脑之后还有啊？刚刚瑞星又查出来52个病毒。现在还有盗QQ的病毒吗？

你让我找的那个文件没有了

003D7D8C push 003D7E50 /start
003D7D91 push 003D7E60 qquin:
003D7D99 push 003D7E70 pwdhash:
003D7DAC push 003D7E84 qqpwd:
003D7DBE mov ecx, 003D7E94 /stat:10
003D7DC3 mov edx, 003D7EA8 /stat:40
003D7EE2 mov edx, 003D7F20 登录
003D7F5B mov edx, 003D800C edit
003D7F95 mov edx, 003D8018 qqet
003D8055 mov edx, 003D80AC edit
003D810C mov edx, 003D8170 edit
003D8218 mov edx, 003D82EC edit
003D8261 mov edx, 003D82FC 服务器拒绝


是删这些吗？

谢谢了，我明天删试试，先下了

杀完毒后的最新日志，请帮我看一下还有没有病毒？还得怎么杀？
[CODE]

2007-06-11,20:16:00

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <msccrt><D:\WINNT\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><D:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kcniunpe / kcniunpe][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\kcniunpe.sys><Yahoo! China Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.1408]
    [D:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 956][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [D:\WINNT\System32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\System32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
    [D:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 6, 1008]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 8, 1023]
[PID: 984][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [D:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1048][D:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1136][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 2, 1028]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1124][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1160][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1212][D:\WINNT\System32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]
[PID: 1544][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\fagsaa.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [D:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

还有没有盗QQ的木马了？