****
2008-08-25,09:45:39
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <DAEMON Tools Lite><; "D:\软件\虚拟光驱\daemon4301\DAEMON Tools Lite\daemon.exe" -autorun>  [(Verified)DAEMON Tools Code Signing Services]
    <OlympicExpress><; "D:\软件\搜狗拼音\SogouInput\OlympicNews.exe">  [(Verified)Sogou.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <S3Trayp><S3trayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [File is missing]
    <Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Access Connection Application Program Interface / Rasapi][Others/Auto Start]
  <C:\Program Files\Common Files\Winras\Windins.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Others/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Security Control / seuictol][Others/Auto Start]
  <c:\windows\system32\rundll32.exe dbii00.dll,scan><Microsoft Corporation>
==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[S3GIGP / S3GIGP][Running/Manual Start]
  <system32\DRIVERS\S3gIGPm.sys><S3 Graphics Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[ViBus / ViBus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {B03F8B48-7A62-4C22-A5DD-A4F24A1531A8} <C:\Program Files\Internet Explorer\ExplorePv.Sys, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\game\Platform\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(988).dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {B03F8B48-7A62-4C22-A5DD-A4F24A1531A8} <C:\Program Files\Internet Explorer\ExplorePv.Sys, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\软件\qq\QzoneMusic.dll, (Signed) 腾讯科技>
[]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\软件\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.986.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(988).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\软件\qq\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 612][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 740][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 1104][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1164][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1300][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1360][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur023.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[PID: 1512 / Owner][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1600 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1936 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 288 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 456 / Owner][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.05-0616]
[PID: 468 / Owner][C:\WINDOWS\system32\S3trayp.exe]  [S3 Graphics Co., Ltd., 2.00.41-1031]
    [C:\WINDOWS\system32\S3Cfg3d.dll]  [S3 Graphics Co., Ltd., 2.00.30-1212]
    [C:\WINDOWS\system32\S3Disply.dll]  [S3 Graphics Co., Ltd., 2.00.85-0421]
    [C:\WINDOWS\system32\S3Gamma2.dll]  [S3 Graphics Co., Ltd., 2.00.34-0504]
    [C:\WINDOWS\system32\S3Info2.dll]  [S3 Graphics Co., Ltd., 2.00.42-0330]
    [C:\WINDOWS\system32\S3Ovrlay.dll]  [S3 Graphics Co., Ltd., 2.00.39-0330]
[PID: 484 / Owner][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6,0,6000,82]
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 6000, 007]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 492 / Owner][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 2, 0, 44]
[PID: 500 / Owner][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / Owner][C:\Documents and Settings\Owner\桌面\新建文件夹\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 1160 / Owner][C:\Documents and Settings\Owner\桌面\新建文件夹\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 1188 / Owner][C:\Documents and Settings\Owner\桌面\新建文件夹\sreng2\SRE1296365a.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\Documents and Settings\Owner\桌面\新建文件夹\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1148 / Owner][C:\DOCUME~1\Owner\LOCALS~1\Temp\SRE1.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1       localhost
219.235.3.16    search.114.vnet.cn
219.235.3.16    keyword.vnet.cn
219.235.3.16    auto.search.msn.com
219.235.3.16    search.msn.com
219.235.3.16    cnweb.search.live.com
219.235.3.16    www.k369.com
219.235.3.16    www.5566.net
219.235.3.16    360safe.com
219.235.3.16    360.cn
219.235.3.16    360.qihoo.com
219.235.3.16    360safe.qihoo.com
219.235.3.16    forum.ikaka.com
219.235.3.16    www.ikaka.com
202.165.102.243 update.ikaka.com
219.235.3.16    forum.jiangmin.com
202.165.102.243 update.jiangmin.com
219.235.3.16    tieba.baidu.com
219.235.3.16    post.baidu.com
219.235.3.16    zhidao.baidu.com
219.235.3.16    www.baidu.com
202.165.102.243 update.rising.com.cn
219.235.3.16    online.rising.com.cn
202.165.102.243 center.rising.com.cn
219.235.3.16    up.duba.net
219.235.3.16    vi.duba.net
219.235.3.16    shadu.baidu.com
219.235.3.16    du.baidu.com
219.235.3.16    security.symantec.com
219.235.3.16    shadu.duba.net
219.235.3.16    bbs.duba.net
219.235.3.16    www.duba.net
219.235.3.16    online.jiangmin.com
219.235.3.16    cn.mcafee.com
219.235.3.16    www.ahn.com.cn
219.235.3.16    www.kaspersky.com.cn
219.235.3.16    www.pcav.cn
219.235.3.16    www.luosoft.com
219.235.3.16    www.im286.com
219.235.3.16    an.baidu.com
219.235.3.16    ma.baidu.com
219.235.3.16    bbs.htmlman.net
202.165.102.243 download.rising.com.cn
202.165.102.243 rsup08.rising.com.cn
219.235.3.16    10000.286er.com
219.235.3.16    im286.net
219.235.3.16    ju.qihoo.com
219.235.3.16    bbs.chinaz.com
219.235.3.16    www.qihoo.com
202.165.102.243 dnl-cn1.kaspersky-labs.com
202.165.102.243 dnl-cn2.kaspersky-labs.com
202.165.102.243 dnl-cn3.kaspersky-labs.com
202.165.102.243 dnl-cn4.kaspersky-labs.com
202.165.102.243 dnl-cn5.kaspersky-labs.com
202.165.102.243 dnl-cn6.kaspersky-labs.com
202.165.102.243 dnl-cn7.kaspersky-labs.com
202.165.102.243 dnl-cn8.kaspersky-labs.com
202.165.102.243 dnl-cn9.kaspersky-labs.com
202.165.102.243 dnl-cn10.kaspersky-labs.com
202.165.102.243 dnl-cn11.kaspersky-labs.com
202.165.102.243 dnl-cn12.kaspersky-labs.com
202.165.102.243 dnl-cn13.kaspersky-labs.com
202.165.102.243 dnl-cn14.kaspersky-labs.com
202.165.102.243 dnl-cn15.kaspersky-labs.com
202.165.102.243    dnl-eu1.kaspersky-labs.com
202.165.102.243    dnl-eu2.kaspersky-labs.com
202.165.102.243    dnl-eu3.kaspersky-labs.com
202.165.102.243    dnl-eu4.kaspersky-labs.com
202.165.102.243    dnl-eu5.kaspersky-labs.com
202.165.102.243    dnl-eu6.kaspersky-labs.com
202.165.102.243    dnl-eu7.kaspersky-labs.com
202.165.102.243    dnl-eu8.kaspersky-labs.com
202.165.102.243    dnl-eu9.kaspersky-labs.com
202.165.102.243    dnl-eu10.kaspersky-labs.com
202.165.102.243    dnl-eu11.kaspersky-labs.com
202.165.102.243    dnl-eu12.kaspersky-labs.com
202.165.102.243    dnl-eu13.kaspersky-labs.com
202.165.102.243    dnl-eu14.kaspersky-labs.com
202.165.102.243    dnl-eu15.kaspersky-labs.com
202.165.102.243    dnl-us1.kaspersky-labs.com
202.165.102.243    dnl-us2.kaspersky-labs.com
202.165.102.243    dnl-us3.kaspersky-labs.com
202.165.102.243    dnl-us4.kaspersky-labs.com
202.165.102.243    dnl-us5.kaspersky-labs.com
202.165.102.243    dnl-us6.kaspersky-labs.com
202.165.102.243    dnl-us7.kaspersky-labs.com
202.165.102.243    dnl-us8.kaspersky-labs.com
202.165.102.243    dnl-us9.kaspersky-labs.com
202.165.102.243    dnl-us10.kaspersky-labs.com
202.165.102.243    dnl-us11.kaspersky-labs.com
202.165.102.243    dnl-us12.kaspersky-labs.com
202.165.102.243    dnl-us13.kaspersky-labs.com
202.165.102.243    dnl-us14.kaspersky-labs.com
202.165.102.243    dnl-us15.kaspersky-labs.com
202.165.102.243    dnl-ru1.kaspersky-labs.com
202.165.102.243    dnl-ru2.kaspersky-labs.com
202.165.102.243    dnl-ru3.kaspersky-labs.com
202.165.102.243    dnl-ru4.kaspersky-labs.com
202.165.102.243    dnl-ru5.kaspersky-labs.com
202.165.102.243    dnl-ru6.kaspersky-labs.com
202.165.102.243    dnl-ru7.kaspersky-labs.com
202.165.102.243    dnl-ru8.kaspersky-labs.com
202.165.102.243    dnl-ru9.kaspersky-labs.com
202.165.102.243    dnl-ru10.kaspersky-labs.com
202.165.102.243    dnl-ru11.kaspersky-labs.com
202.165.102.243    dnl-ru12.kaspersky-labs.com
202.165.102.243    dnl-ru13.kaspersky-labs.com
202.165.102.243    dnl-ru14.kaspersky-labs.com
202.165.102.243    dnl-ru15.kaspersky-labs.com
202.165.102.243    dnl-jp1.kaspersky-labs.com
202.165.102.243    dnl-jp2.kaspersky-labs.com
202.165.102.243    dnl-jp3.kaspersky-labs.com
202.165.102.243    dnl-jp4.kaspersky-labs.com
202.165.102.243    dnl-jp5.kaspersky-labs.com
202.165.102.243    dnl-jp6.kaspersky-labs.com
202.165.102.243    dnl-jp7.kaspersky-labs.com
202.165.102.243    dnl-jp8.kaspersky-labs.com
202.165.102.243    dnl-jp9.kaspersky-labs.com
202.165.102.243    dnl-jp10.kaspersky-labs.com
202.165.102.243    dnl-jp11.kaspersky-labs.com
202.165.102.243    dnl-jp12.kaspersky-labs.com
202.165.102.243    dnl-jp13.kaspersky-labs.com
202.165.102.243    dnl-jp14.kaspersky-labs.com
202.165.102.243    dnl-jp15.kaspersky-labs.com
202.165.102.243    dnl-kr1.kaspersky-labs.com
202.165.102.243    dnl-kr2.kaspersky-labs.com
202.165.102.243    dnl-kr3.kaspersky-labs.com
202.165.102.243    dnl-kr4.kaspersky-labs.com
202.165.102.243    dnl-kr5.kaspersky-labs.com
202.165.102.243    dnl-kr6.kaspersky-labs.com
202.165.102.243    dnl-kr7.kaspersky-labs.com
202.165.102.243    dnl-kr8.kaspersky-labs.com
202.165.102.243    dnl-kr9.kaspersky-labs.com
202.165.102.243    dnl-kr10.kaspersky-labs.com
202.165.102.243    dnl-kr11.kaspersky-labs.com
202.165.102.243    dnl-kr12.kaspersky-labs.com
202.165.102.243    dnl-kr13.kaspersky-labs.com
202.165.102.243    dnl-kr14.kaspersky-labs.com
202.165.102.243    dnl-kr15.kaspersky-labs.com
202.165.102.243    dnl-cd1.kaspersky-labs.com
202.165.102.243    dnl-cd2.kaspersky-labs.com
202.165.102.243    dnl-cd3.kaspersky-labs.com
202.165.102.243    dnl-cd4.kaspersky-labs.com
202.165.102.243    dnl-cd5.kaspersky-labs.com
202.165.102.243    dnl-cd6.kaspersky-labs.com
202.165.102.243    dnl-cd7.kaspersky-labs.com
202.165.102.243    dnl-cd8.kaspersky-labs.com
202.165.102.243    dnl-cd9.kaspersky-labs.com
202.165.102.243    dnl-cd10.kaspersky-labs.com
202.165.102.243    dnl-cd11.kaspersky-labs.com
202.165.102.243    dnl-cd12.kaspersky-labs.com
202.165.102.243    dnl-cd13.kaspersky-labs.com
202.165.102.243    dnl-cd14.kaspersky-labs.com
202.165.102.243    dnl-cd15.kaspersky-labs.com
202.165.102.243    downloads1.kaspersky-labs.com
202.165.102.243    downloads2.kaspersky-labs.com
202.165.102.243    downloads3.kaspersky-labs.com
202.165.102.243    downloads4.kaspersky-labs.com
202.165.102.243    downloads5.kaspersky-labs.com
219.235.3.16       ishare.sina.com.cn
219.235.3.16       search.cn.yahoo.com
219.235.3.16       www.google.com
219.235.3.16       google.com
219.235.3.16       www.google.cn
219.235.3.16       www.yahoo.com.cn
219.235.3.16       cn.yahoo.com
219.235.3.16       search.tom.com
219.235.3.16       zhuansha.duba.net
219.235.3.16       buy.duba.net
219.235.3.16       kad.www.duba.net
219.235.3.16       cu001.www.duba.net
219.235.3.16       cu002.www.duba.net
219.235.3.16       cu003.www.duba.net
219.235.3.16       cu004.www.duba.net
219.235.3.16       cu005.www.duba.net
219.235.3.16       cu010.www.duba.net
219.235.3.16       client.download.duba.net
219.235.3.16       page.so.163.com
219.235.3.16       www.soso.com
219.235.3.16       sou.china.com
219.235.3.16       test.591jx.com
219.235.3.16       a.topxxxx.cn
219.235.3.16       picon.chinaren.com
219.235.3.16       www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1  p.etimes888.com
127.0.0.1  hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 down.nihao29.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1   down.nihao29.cn
127.0.0.1   www.mzd020.cn
127.0.0.1   jzm015.cn
127.0.0.1   down.hs7yue.cn
127.0.0.1   new.doups.cn
127.0.0.1   w.qq-uc.cn
127.0.0.1   down.nihao69.cn
127.0.0.1   www.rty456.cn
127.0.0.1   www.werqwer.cn
127.0.0.1   www.jjyyzmj.cn
127.0.0.1   1.360-1.cn
127.0.0.1   5.360-5.cn
127.0.0.1   user1.23-16.net
127.0.0.1   user1.23-18.net
127.0.0.1   www.guccia.net
127.0.0.1   www.interoo.net
127.0.0.1   upa.netsool.net
127.0.0.1   pua.lianxiac.net
127.0.0.1   js.users.51.la
127.0.0.1   vip2.51.la
127.0.0.1   web.51.la
127.0.0.1   qq.gong2008.com
127.0.0.1   2008tl.copyip.com
127.0.0.1   tla.laozihuolaile.cn
127.0.0.1   www.tx6868.cn
127.0.0.1   p001.tiloaiai.com
127.0.0.1   s1.tl8tl.com
127.0.0.1   s1.gong2008.com
127.0.0.1   mm1.laozihuolaile.cn
127.0.0.1   mm2.laozihuolaile.cn
127.0.0.1   tlbm2.laozihuolaile.cn
127.0.0.1   tlbm3.laozihuolaile.cn
127.0.0.1   www.6161q1.cn
127.0.0.1   www.6161q2.cn
127.0.0.1   www.6161h1.cn
127.0.0.1   www.6161h2.cn
127.0.0.1   user1.23-21.net
127.0.0.1   www.skpoot.net
127.0.0.1   user1.kao-360.net
127.0.0.1   user1.23-22.net
127.0.0.1   www.keysooa.net
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 492, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1132, C:\DOCUMENTS AND SETTINGS\OWNER\桌面\新建文件夹\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1160, C:\DOCUMENTS AND SETTINGS\OWNER\桌面\新建文件夹\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1148, C:\DOCUME~1\OWNER\LOCALS~1\TEMP\SRE1.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
****

下面项目不认识
==================================
服务
[Remote Access Connection Application Program Interface / Rasapi][Others/Auto Start]
  <C:\Program Files\Common Files\Winras\Windins.exe><N/A>

[Security Control / seuictol][Others/Auto Start]
  <c:\windows\system32\rundll32.exe dbii00.dll,scan><Microsoft Corporation>

==================================
浏览器加载项
[]
  {B03F8B48-7A62-4C22-A5DD-A4F24A1531A8} <C:\Program Files\Internet Explorer\ExplorePv.Sys, N/A>
[]
  {B03F8B48-7A62-4C22-A5DD-A4F24A1531A8} <C:\Program Files\Internet Explorer\ExplorePv.Sys, N/A>
——————————————————————————————————————————————
HOSTS 文件那里，你没去看你原贴？

都有问题吧，lz用sreng把hosts文件重置一下吧

天月看了。。偶就不看了HOHO
补充一点：上述步骤完成后开你的杀软全盘扫描
一些常用的软件比如说QQ 快车等等在完成前暂时先别用了

引用:

原帖由 jessemy 于 2008-8-25 10:18 发表
都有问题吧，lz用sreng把hosts文件重置一下吧

hosts已经重置过了，发现里面是有很多陌生的网站。其他的帮忙看下还有啥子问题不，thankyou

用powerRMV 填入下面路径，勾选抑制杀灭对象再次生成，点杀灭
c:\program files\common files\winras\windins.exe
c:\windows\system32\dbii00.dll
c:\program files\internet explorer\explorepv.sys

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
[Remote Access Connection Application Program Interface / Rasapi]    <C:\Program Files\Common Files\Winras\Windins.exe>
[Security Control / seuictol]    <c:\windows\system32\rundll32.exe dbii00.dll,scan>

    系统修复－－　浏览器加载项之如下项删除：
[]    <C:\Program Files\Internet Explorer\ExplorePv.Sys>
[]    <C:\Program Files\Internet Explorer\ExplorePv.Sys>

在清理一下临时文件吧

恩。。按楼上说的做
PS：别忘了我4楼说的全盘扫。。。。

感谢楼上的诸位，下午再扫一下，现在同事在用电脑呢呵呵，不能再扫。中午弄
基本上应该是差不多了。。有点小强的病毒哈

[ 本帖最后由 ysx168 于 2008-8-25 11:09 编辑 ]