风云小站 » 『 求助专区 』 » 中了两个毒,怎么都删不掉,请高手看看
本页主题: 中了两个毒,怎么都删不掉,请高手看看 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

liutao8688
级别: 新手上路


精华: 0
发帖: 21
威望: 67 点
风云币: 2978 元
专家分: 0 分
在线时间:2(小时)
注册时间:2007-10-06
最后登录:2008-02-22
引用 推荐 编辑 只看 复制

 中了两个毒,怎么都删不掉,请高手看看

图片:
中毒之后所有的软件都不能运行,必须重启才行。但是过一段时间又不行了,在安全模式下杀也不行。
顶端 Posted: 2007-10-07 22:03 | [楼 主]
水蜜桃
退休中....
优秀斑竹奖 技术专家奖
级别: 风云元老


精华: 2
发帖: 4630
威望: 2074 点
风云币: 2314 元
专家分: 14 分
论坛群: ★桃源胜地★
在线时间:1507(小时)
注册时间:2007-05-03
最后登录:2018-03-14
引用 推荐 编辑 只看 复制

 

用 360 扫描,或者用超级兔子清理,看看能不能行~~
顶端 Posted: 2007-10-07 22:06 | 1 楼
xfei
应用区临时组精英
级别: 风云精英


精华: 0
发帖: 302
威望: 535 点
风云币: 148207 元
专家分: 0 分
在线时间:61(小时)
注册时间:2007-10-03
最后登录:2008-04-28
引用 推荐 编辑 只看 复制

 

进入安全模式,杀毒,或则在任务管理器中终止相关程序,拔下网线,再杀毒
顶端 Posted: 2007-10-07 22:39 | 2 楼
a1630016900
级别: 资深会员


精华: 0
发帖: 2281
威望: 1338 点
风云币: 2119 元
专家分: 0 分
在线时间:383(小时)
注册时间:2007-01-13
最后登录:2008-04-28
引用 推荐 编辑 只看 复制

 

b]使用方法:SREng2.5 常用操作
1、Sreng2.5 
2、运行SREngPS.EXE                 
3、智能扫描=》扫描=》保存报告 勾选旁边那两个选项
4、把日志SREngLOG.log中的报告完整***粘贴上来 [全选(Ctrl+a) >>***(Ctrl+c) >>粘贴(Ctrl+v)]

友情提示
a.扫描前关闭所有手工打开的软件窗口 扫描后将日志粘贴上来
b.请不要以附件形式上传 注意在没有进一步提示前 不要做任何形式的修改
本帖最近评分记录:
  • 风云币:+4(刘彬) 您的贴子很精彩!希望很 ..
    • 顶端 Posted: 2007-10-08 00:11 | 3 楼
    hmlenovo
    级别: 高级会员


    精华: 0
    发帖: 532
    威望: 666 点
    风云币: 2143 元
    专家分: 0 分
    在线时间:74(小时)
    注册时间:2007-10-05
    最后登录:2008-04-14
    引用 推荐 编辑 只看 复制

     

    用木马客星查杀吧
    顶端 Posted: 2007-10-08 00:17 | 4 楼
    hanqing
    级别: 风云贵宾


    精华: 0
    发帖: 267
    威望: 967 点
    风云币: 2362 元
    专家分: 0 分
    在线时间:178(小时)
    注册时间:2006-10-01
    最后登录:2007-12-08
    引用 推荐 编辑 只看 复制

     

    最好安全模式下杀毒.建议使用卡巴
    相信我,支持我,我的博客
    顶端 Posted: 2007-10-08 00:39 | 5 楼
    断翼
    吃鱼党
    级别: 资深会员


    精华: 0
    发帖: 5014
    威望: 1072 点
    风云币: 5390 元
    专家分: 0 分
    论坛群: 北北FANS小队
    在线时间:439(小时)
    注册时间:2007-01-02
    最后登录:2008-04-23
    引用 推荐 编辑 只看 复制

     

    用unloker或冰刃直接删
    顶端 Posted: 2007-10-08 09:34 | 6 楼
    hmlenovo
    级别: 高级会员


    精华: 0
    发帖: 532
    威望: 666 点
    风云币: 2143 元
    专家分: 0 分
    在线时间:74(小时)
    注册时间:2007-10-05
    最后登录:2008-04-14
    引用 推荐 编辑 只看 复制

     

    Quote:
    引用第6楼断翼于2007-10-08 09:34发表的  :
    用unloker或冰刃直接删

    删除不能解决问题 重要是病毒没删除啊  病毒没清除 他又会自动生成的
    顶端 Posted: 2007-10-08 09:39 | 7 楼
    alan05
    级别: 初级会员


    精华: 0
    发帖: 419
    威望: 167 点
    风云币: 2000 元
    专家分: 0 分
    在线时间:60(小时)
    注册时间:2007-10-06
    最后登录:2008-04-11
    引用 推荐 编辑 只看 复制

     

    关键是找到病毒的母本啊

    建议你搜一下那个文件名
    No man is worth your tears, and the one who is, won't make you cry.
    顶端 Posted: 2007-10-08 09:41 | 8 楼
    liutao8688
    级别: 新手上路


    精华: 0
    发帖: 21
    威望: 67 点
    风云币: 2978 元
    专家分: 0 分
    在线时间:2(小时)
    注册时间:2007-10-06
    最后登录:2008-02-22
    引用 推荐 编辑 只看 复制

     

    [CODE]

    2007-10-07,22:31:49

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

    以下内容被选中:
        所有的启动项目(包括注册表、启动文件夹、服务等)
        浏览器加载项
        正在运行的进程(包括进程模块信息)
        文件关联
        Winsock 提供者
        Autorun.inf
        HOSTS 文件
        进程特权扫描


    启动项目
    注册表
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
        <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
        <load><>  [N/A]
        <run><>  [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
        <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
        <CWserver><d:\anyiv6\CWserver.exe>  []
        <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
        <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
        <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
        <AppInit_DLLs><>  [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
        <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
        <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
        <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
        <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
        <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
        <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
        <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
        <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
        <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
        <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

    ==================================
    启动文件夹
    N/A

    ==================================
    服务
    [Application Management / AppMgmt][Stopped/Manual Start]
      <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
      <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
    [Google Updater Service / gusvc][Stopped/Manual Start]
      <><N/A>
    [Human Interface Device Access / HidServ][Stopped/Disabled]
      <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
      <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
    [Fax 2Client / ms_2fax][Running/Auto Start]
      <C:\WINDOWS\system32\27f51.exe><N/A>
    [MySql / MySql][Stopped/Auto Start]
      <C:/mysql/bin/mysqld-nt.exe><N/A>
    [Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
      <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
    [Rising Personal Firewall Service / RfwService][Running/Auto Start]
      <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
    [Rising Process Communication Center / RsCCenter][Running/Auto Start]
      <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
    [Rising RealTime Monitor / RsRavMon][Running/Auto Start]
      <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

    ==================================
    驱动程序
    [ADProt / ADProt][Stopped/System Start]
      <\SystemRoot\system32\drivers\ADProt.sys><N/A>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
      <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [amdfix / amdfix][Running/Auto Start]
      <\??\C:\WINDOWS\system32\drivers\amdfix.sys><Microsoft Corporation>
    [Rising TDI Base Driver / BaseTDI][Running/Auto Start]
      <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
    [CdaC15BA / CdaC15BA][Running/Auto Start]
      <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
    [中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start]
      <System32\Drivers\cidcusb.sys><CIDC.>
    [Team MFP Comm Driver / DgiVecp][Running/Auto Start]
      <System32\Drivers\DgiVecp.sys><DeviceGuys, Inc.>
    [ExpScaner / ExpScaner][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
    [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
      <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
    [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
      <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
    [HookCont / HookCont][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
    [HookReg / HookReg][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
    [HookSys / HookSys][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
    [HookUrl / HookUrl][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
    [MEMSCAN / MEMSCAN][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
    [mProcRs / mProcRs][Running/Auto Start]
      <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
    [mxdispdr / mxdispdr][Running/Auto Start]
      <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
    [NAVENG / NAVENG][Stopped/Manual Start]
      <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040213.016\naveng.sys><N/A>
    [NAVEX15 / NAVEX15][Stopped/Manual Start]
      <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040213.016\navex15.sys><N/A>
    [npkcrypt / npkcrypt][Stopped/Manual Start]
      <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
    [npkycryp / npkycryp][Stopped/Manual Start]
      <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
    [NTSIM / NTSIM][Stopped/Manual Start]
      <\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
    [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
      <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [QKeyServiceDisplay / QKeyService][Running/Boot Start]
      <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
    [RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
      <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
    [RsFwDrv / RsFwDrv][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
    [RsNTGDI / RsNTGDI][Running/Boot Start]
      <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
    [RSPPSYS / RSPPSYS][Running/Auto Start]
      <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
    [Secdrv / Secdrv][Stopped/Manual Start]
      <system32\DRIVERS\secdrv.sys><N/A>
    [TesSafe / TesSafe][Stopped/Manual Start]
      <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
    [viagfx / viagfx][Running/Manual Start]
      <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
    [ViaIde / ViaIde][Running/Boot Start]
      <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
    [xinstall / xinstall][Running/Auto Start]
      <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>
    [xqijegv / xqijegvq][Running/Boot Start]
      <\SystemRoot\System32\DRIVERS\xqijegvq.sys><N/A>

    ==================================
    浏览器加载项
    [启动迅雷5]
      {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
    [CKAVWebScan Object]
      {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
    [PhotoDraw Class]
      {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
    [PwdEdit Control]
      {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINDOWS\DOWNLO~1\PwdEdit.ocx, adtec>
    [TypingCtrl2 Class]
      {630491D1-BD27-4D0B-86AF-1EE9532207AC} <C:\WINDOWS\Downloaded Program Files\TypingContest2.dll, Sogou.com>
    [Symantec RuFSI Utility Class]
      {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
    [HnCtrl Class]
      {8DD9C2E0-50B6-46BC-BB00-2D252282BFCA} <, N/A>
    [SysMonOCX Control]
      {9BDBC41E-C335-4263-83C0-ECE78EE28A33} <C:\WINDOWS\DOWNLO~1\SYSMON~1.OCX, AhnLab>
    [WebActivater Control]
      {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
    [PasswordEditCtrl Class]
      {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
    [ThunderAtOnce Class]
      {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
    [Adobe PDF Reader Link Helper]
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
    [PeerDraw Class]
      {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
    [Windows Media Player]
      {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [&Google]
      {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
    [PhotoDraw Class]
      {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
    [HTML Document]
      {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
    [DHTML Edit Control Safe for Scripting for IE5]
      {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
    [FGCatchUrl]
      {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, N/A>
    [Tabular Data Control]
      {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
    [XML Document]
      {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
    [PwdEdit Control]
      {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINDOWS\DOWNLO~1\PwdEdit.ocx, adtec>
    [PowerPlayer Control]
      {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\PPStream\POWERP~1.DLL, PPStream Inc.>
    [TypingCtrl2 Class]
      {630491D1-BD27-4D0B-86AF-1EE9532207AC} <C:\WINDOWS\Downloaded Program Files\TypingContest2.dll, Sogou.com>
    [Microsoft 外壳 UI 帮助程序]
      {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
    [Windows Media Player]
      {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [CCtInf Class]
      {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
    [Active Desktop Mover]
      {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
    [Microsoft Web 浏览器]
      {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw32.dll, Microsoft Corporation>
    [Thunder Browser Helper]
      {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
    [SearchAssistantOC]
      {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
    [RDS.DataSpace]
      {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
    [WebActivater Control]
      {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
    [AUDIO__MP3 Moniker Class]
      {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__X_MS_WMA Moniker Class]
      {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_ASF Moniker Class]
      {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
      {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [RealPlayer G2 Control]
      {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
    [Shockwave Flash Object]
      {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
    [TencentVmpCtl Class]
      {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
    [PasswordEditCtrl Class]
      {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
    [Vod Class]
      {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
    [FGCatchUrl]
      {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, N/A>
    [使用迅雷下载]
      <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
    [导出到 Microsoft Office Excel(&X)]
      <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
    [添加到QQ表情]
      <D:\qq\AddEmotion.htm, N/A>

    ==================================
    正在运行的进程
    [PID: 720 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 852 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 876 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
        [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
        [C:\WINDOWS\system32\msplrct.dll]  [N/A, ]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 920 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 932 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1088 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1152 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1240 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [PID: 1256 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1304 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1500 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1536 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
        [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
        [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
        [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
        [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
        [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
        [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
        [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
        [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
        [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
        [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
        [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
        [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
        [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
        [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
        [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
        [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
        [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
        [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
        [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
        [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
        [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
        [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
        [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
        [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
        [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
        [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
        [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
        [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
        [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
        [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
        [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 22]
        [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 59]
        [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
        [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
        [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [PID: 1620 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
        [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
        [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
        [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
        [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
        [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
        [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
        [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [PID: 1796 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
        [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
    [PID: 1892 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
        [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
        [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [PID: 148 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
    [PID: 180 / SYSTEM][C:\WINDOWS\system32\27f51.exe]  [N/A, ]
    [PID: 1396 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 2184 / Owner][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
        [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
        [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
        [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
        [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
        [D:\qq\qdshm.dll]  [, 1, 0, 101, 20]
        [D:\qq\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
        [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
        [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [PID: 2220 / Owner][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
        [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
        [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
        [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
        [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
        [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [PID: 2896 / Owner][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
        [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
        [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
        [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
        [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [PID: 2904 / Owner][D:\anyiv6\CWserver.exe]  [, ]
        [D:\anyiv6\PBVM90.dll]  [Sybase Inc., 9.0.0.5507]
        [D:\anyiv6\libjcc.dll]  [N/A, ]
        [D:\anyiv6\libjsybheap.dll]  [N/A, ]
        [D:\anyiv6\pslib21.dll]  [N/A, ]
        [D:\anyiv6\dw.dat]  [SafeNet China Ltd., 3, 1, 10, 0]
        [D:\anyiv6\et_api.dll]  [ft, 1, 0, 6, 704]
    [PID: 2920 / Owner][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
        [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
        [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
        [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
        [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
        [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
        [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
        [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
        [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [PID: 2948 / Owner][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 3200 / Owner][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
        [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [PID: 3220 / Owner][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 3784 / Owner][D:\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 3, 4643]
        [D:\Maxthon2\MxExt.dll]  [N/A, ]
        [D:\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 61]
        [D:\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
        [D:\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 3531]
        [D:\Maxthon2\IMxWebBoost.dll]  [Maxthon, 1, 0, 0, 67]
        [D:\Maxthon2\mxdb.dll]  [N/A, ]
        [D:\Maxthon2\mxsafe.dll]  [Maxthon, 1, 0, 0, 477]
        [D:\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 220]
        [D:\Maxthon2\maxzlib.dll]  [, 1.2.3]
        [D:\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
        [D:\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 82]
        [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
        [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
        [C:\WINDOWS\Downloaded Program Files\rufsi.dll]  [Symantec Corporation, 2006.02.15.043]
        [C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll]  [Kaspersky Lab, 5.1.26.6]
        [C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavss.dll]  [Kaspersky Lab., 4, 0, 2, 28]
        [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
        [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
        [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
        [D:\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
        [C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 20]
    [PID: 2860 / Owner][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 8, 329]
        [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 26]
        [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 16, 2, 108]
        [C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
        [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 16, 2, 108]
        [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 29]
        [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
        [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 0, 18]
        [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
        [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 0, 19]
        [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 36]
        [C:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 3, 18]
        [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 4, 15]
        [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 2, 60]
        [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 20]
        [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
        [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 4, 72]
        [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [XunLei, 1, 2, 0, 10]
        [C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
        [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 16]
        [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed10.dll]  [ , 3, 3, 1, 83]
        [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
        [C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
        [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
        [C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
        [C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
        [C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 0, 4]
        [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll]  [XunLei, 1, 0, 1, 44]
        [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 11]
        [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
        [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 18]
        [C:\WINDOWS\system32\msdmo.dll]  [, ]
        [C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [PID: 4852 / Owner][D:\qq\QQ.exe]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQBaseClassInDll.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQHelperDll.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\BasicCtrlDll.dll]  [TENCENT, 7, 0, 431, 1723]
        [D:\qq\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
        [D:\qq\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
        [D:\qq\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
        [D:\qq\QQAPI.dll]  [TENCENT, 7,0,431,1723]
        [D:\tm2008\Bin\TXPFProxy.dll]  [N/A, ]
        [D:\qq\LoginCtrl.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\LoginCtrlRes.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQRes.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQMainFrame.dll]  [N/A, ]
        [D:\qq\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
        [D:\qq\UnReadMsgMgr.dll]  [N/A, ]
        [D:\qq\CQQApplication.dll]  [N/A, ]
        [D:\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
        [D:\qq\NewSkin.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\MailSummary.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQKnowledgeSearch.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQAllInOne.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
        [D:\qq\CameraDll.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQSpace.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
        [C:\WINDOWS\system32\msdmo.dll]  [, ]
        [D:\qq\QQGroupMng.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\UserDefinedHead.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQPlugin.dll]  [N/A, ]
        [D:\qq\QQConfigPlugin.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQAvatar.dll]  [N/A, ]
        [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
        [D:\qq\QQCustomFace.dll]  [N/A, ]
        [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
        [D:\qq\QRingMng.dll]  [N/A, ]
        [D:\qq\QQSysMsgMng.dll]  [N/A, ]
        [D:\qq\ImageOle.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQLiveQMng.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\QQSceneMng.dll]  [N/A, ]
        [D:\qq\QQPet.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\LongConnection.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\PhoneAPI.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
        [D:\qq\BQQApplication.dll]  [N/A, ]
        [D:\qq\GroupConnection.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\CommercesMng.dll]  [TENCENT, 7,0,431,1723]
        [D:\qq\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
        [D:\qq\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
        [D:\qq\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 95]
        [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
        [D:\qq\QQMagicFace.dll]  [TENCENT, 7,0,431,1723]
        [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
        [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
        [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
        [D:\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
        [D:\qq\QQFileTransfer.dll]  [TENCENT, 7,0,431,1723]
    [PID: 4932 / Owner][D:\qq\TIMPlatform.exe]  [TENCENT, 7,0,431,1723]
        [D:\tm2008\Bin\TXPFProxy.dll]  [N/A, ]
    [PID: 4472 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 6868 / Owner][F:\gequ\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
        [F:\gequ\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    文件关联
    .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE  OK. ["%1" %*]
    .COM  OK. ["%1" %*]
    .PIF  OK. ["%1" %*]
    .REG  OK. [regedit.exe "%1"]
    .BAT  OK. ["%1" %*]
    .SCR  OK. ["%1" /S]
    .CHM  Error. ["hh.exe" %1]
    .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
    .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS  Error. []
    .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock 提供者
    N/A

    ==================================
    Autorun.inf
    N/A

    ==================================
    HOSTS 文件
    127.0.0.1      localhost

    ==================================
    进程特权扫描
    特殊特权被允许: SeDebugPrivilege [PID = 2896, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
    特殊特权被允许: SeDebugPrivilege [PID = 2904, D:\ANYIV6\CWSERVER.EXE]
    特殊特权被允许: SeLoadDriverPrivilege [PID = 2904, D:\ANYIV6\CWSERVER.EXE]
    特殊特权被允许: SeDebugPrivilege [PID = 2920, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
    特殊特权被允许: SeDebugPrivilege [PID = 3200, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
    特殊特权被允许: SeLoadDriverPrivilege [PID = 3200, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
    特殊特权被允许: SeDebugPrivilege [PID = 2860, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
    特殊特权被允许: SeLoadDriverPrivilege [PID = 2860, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    隐藏进程
    N/A

    ==================================


    [/CODE]
    [ 此贴被liutao8688在2007-10-08 11:51重新编辑 ]
    顶端 Posted: 2007-10-08 11:25 | 9 楼
    magic1
    蚊香
    级别: F.Y.C成员


    精华: 0
    发帖: 2168
    威望: 667 点
    风云币: 3219 元
    专家分: 81 分
    在线时间:319(小时)
    注册时间:2007-01-12
    最后登录:2008-04-30
    引用 推荐 编辑 只看 复制

     

    http://magic659117852.atedu.net 下载强制删除工具,,删除以下文件(对于会重生的病毒文件则使用抑制再生功能重新删一次,,有提示不存在的文件忽略,,,继续后面的操作)。

    c:\windows\system32\27f51.exe
    c:\windows\system32\msplrct.dll
    c:\windows\system32\drivers\xqijegvq.sys

    2.删除后重启:

      SREng-启动项目--服务--Win32服务应用程序 勾选"隐藏已认证的微软项目" 选中下面列出的项,点"删除服务",点“设置”  弹出的窗口中点 否(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置)

    [Fax 2Client / ms_2fax]<C:\WINDOWS\system32\27f51.exe>

          SREng-启动项目--服务--驱动程序  勾选"隐藏已认证的微软项目"  选中下面列出的项,点"删除服务",点“设置”  弹出的窗口中点 否(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置)

    [xqijegv / xqijegvq]    <\SystemRoot\System32\DRIVERS\xqijegvq.sys>

    下载windows清理助手升级到最新清理下系统
    http://www.arswp.com/download/arswp2/arswp2.zip
    WwW.XPi386.Com.CN
    顶端 Posted: 2007-10-08 12:34 | 10 楼
    bobo520
    级别: 荣誉会员


    精华: 5
    发帖: 295
    威望: 6453 点
    风云币: 3796 元
    专家分: 21 分
    在线时间:51(小时)
    注册时间:2006-10-02
    最后登录:2008-04-23
    引用 推荐 编辑 只看 复制

     

    又是WIN32的呀,断开网络清除,查找相关的注册表启动加载项,从安全模式里查找C:\windows
    及system32多了文件。
    个人BLOG:http://www.bobo520.cn/
    顶端 Posted: 2007-10-09 09:41 | 11 楼
    a1630016900
    级别: 资深会员


    精华: 0
    发帖: 2281
    威望: 1338 点
    风云币: 2119 元
    专家分: 0 分
    在线时间:383(小时)
    注册时间:2007-01-13
    最后登录:2008-04-28
    引用 推荐 编辑 只看 复制

     

    1.建议使用XDelBox删除以下文件:(XDelBox1.5下载) C盘以外建议使用费尔木马强力清除助手删除以下文件:(费尔木马强力清除助手下载) 或者Icesword
    使用说明:删除时***所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,重启计算机以后会有一个系统菜单选择选择Go Xdelbox To Del Files。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。如果提示文件不存在,添加其它文件,继续后面的SREng的操作即可

    c:\windows\system32\27f51.exe
    c:\windows\system32\msplrct.dll
    c:\windows\system32\drivers\adprot.sys
    c:\windows\system32\drivers\xqijegvq.sys
    c:\windows\system32\drivers\xinstall.sys

    2.删除重启后使用SREng修复下面各项:

        启动项目 -- 服务 -- Win32服务应用程序之如下项删除:
    [Fax 2Client / ms_2fax]    <C:\WINDOWS\system32\27f51.exe>

        启动项目 -- 服务-- 驱动程序之如下项删除:
    [ADProt / ADProt]    <\SystemRoot\system32\drivers\ADProt.sys>
    [xqijegv / xqijegvq]    <\SystemRoot\System32\DRIVERS\xqijegvq.sys>
    [xinstall / xinstall]    <\??\C:\WINDOWS\system32\drivers\xinstall.sys>
    顶端 Posted: 2007-10-09 12:43 | 12 楼
    manbuze126
    级别: 新手上路


    精华: 0
    发帖: 23
    威望: 67 点
    风云币: 3146 元
    专家分: 0 分
    在线时间:0(小时)
    注册时间:2007-10-07
    最后登录:2008-04-24
    引用 推荐 编辑 只看 复制

     

    最简单的办法是换个杀毒软件试试
    顶端 Posted: 2007-10-09 12:49 | 13 楼
    magic1
    蚊香
    级别: F.Y.C成员


    精华: 0
    发帖: 2168
    威望: 667 点
    风云币: 3219 元
    专家分: 81 分
    在线时间:319(小时)
    注册时间:2007-01-12
    最后登录:2008-04-30
    引用 推荐 编辑 只看 复制

     

    Quote:
    引用第12楼a1630016900于2007-10-09 12:43发表的  :
    1.建议使用XDelBox删除以下文件:(XDelBox1.5下载) C盘以外建议使用费尔木马强力清除助手删除以下文件:(费尔木马强力清除助手下载) 或者Icesword
    使用说明:删除时***所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,重启计算机以后会有一个系统菜单选择选择Go Xdelbox To Del Files。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。如果提示文件不存在,添加其它文件,继续后面的SREng的操作即可

    c:windowssystem3227f51.exe
    c:windowssystem32msplrct.dll
    .......


    [ADProt / ADProt][Stopped/System Start]
      <\SystemRoot\system32\drivers\ADProt.sys><N/A>

    TX的东西,,,

    [xinstall / xinstall]    <\??\C:\WINDOWS\system32\drivers\xinstall.sys>

    流氓类,,不建议强删,,清理即可。。
    WwW.XPi386.Com.CN
    顶端 Posted: 2007-10-09 16:49 | 14 楼
    lxf801031
    级别: 中级会员


    精华: 0
    发帖: 69
    威望: 466 点
    风云币: 2814 元
    专家分: 0 分
    在线时间:6(小时)
    注册时间:2007-01-12
    最后登录:2008-01-01
    引用 推荐 编辑 只看 复制

     

    同意换个杀软  
    顶端 Posted: 2007-10-09 17:57 | 15 楼
    竹无心
    级别: 超级会员


    精华: 0
    发帖: 1905
    威望: 1572 点
    风云币: 2056 元
    专家分: 0 分
    在线时间:256(小时)
    注册时间:2007-01-12
    最后登录:2024-02-27
    引用 推荐 编辑 只看 复制

     

    Quote:
    引用第14楼magic1于2007-10-09 16:49发表的  :


    [ADProt / ADProt][Stopped/System Start]
      <SystemRootsystem32driversADProt.sys><N/A>

    .......



    怎么着都行, 用清理助手也可以的
    2000G网通FTP存放电影仓库很强不是吹的点击图标进入论坛
    顶端 Posted: 2007-10-09 18:36 | 16 楼
    lature00
    级别: 新手上路


    精华: 0
    发帖: 18
    威望: 67 点
    风云币: 3029 元
    专家分: 0 分
    在线时间:8(小时)
    注册时间:2007-05-02
    最后登录:2008-04-21
    引用 推荐 编辑 只看 复制

     

    简单一点,要么换杀毒软件,比方说NOD32,要么
    在线杀毒http://shadu.baidu.com/freetools/index.jsp
    顶端 Posted: 2007-10-12 02:39 | 17 楼
    卡卡@
    级别: 中级会员


    精华: 0
    发帖: 136
    威望: 371 点
    风云币: 2438 元
    专家分: 0 分
    在线时间:27(小时)
    注册时间:2007-10-05
    最后登录:2021-10-10
    引用 推荐 编辑 只看 复制

     

    又是WIN32的呀,  我 是用 SREng修复的  然后 杀毒
    顶端 Posted: 2007-10-12 07:45 | 18 楼
    帖子浏览记录 版块浏览记录
    风云小站 » 『 求助专区 』
    感谢,曾经的版主
    Total 0.017486(s) query 6, Time now is:09-29 20:38, Gzip enabled 渝ICP备20004412号-1

    Powered by PHPWind v6.3.2 Certificate Code © 2003-07 PHPWind.com Corporation     Skin by Chen Bo