各位大虾进来下~为何我一上QQ就会蓝屏,过会电脑就重启了,不上QQ的话不会重启,我删了QQ也重装过了,还是老问题,我用瑞新2006杀毒,没杀出病毒,然后用HijackThis扫描了,东西太多发不出来,我MSN是adonis@8163.net.cn,QQ是113130701求助~~~跪谢!!!!!!!!!
然后用HijackThis扫描了,东西太多发不出来
一段一段复制到本贴下面
Logfile of HijackThis v1.99.1
Scan saved at 11:04:38, on 2006-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Yahoo!\Assistant\yassistse.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\jj4\jjsvr4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\WINDOWS\wincup\wincup.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\msiexec.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\gt\桌面\ha_hijackthis_1991\HijackThis.exe
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - {22F808E2-D50B-4A95-B8B4-B77334103AB4} - C:\WINDOWS\System32\Ezko.dll
R3 - URLSearchHook: (no name) - {C6311274-BD1A-4F04-A6FF-FC2A810ED3BA} - C:\WINDOWS\System32\Zbhsbx.dll
R3 - URLSearchHook: (no name) - {FCC377F2-D499-40A2-B4D4-9206262F9BBE} - C:\WINDOWS\System32\Izjlyx.dll
R3 - URLSearchHook: (no name) - {9AE83A27-A9EE-4539-9C62-F6E25B927E41} - C:\WINDOWS\System32\Naty.dll
R3 - URLSearchHook: (no name) - {42917041-7B65-40CC-9571-57E26182363B} - C:\WINDOWS\System32\Izwrv.dll
R3 - URLSearchHook: (no name) - {EFF2A0A0-3707-452C-94D9-745E6C098C1E} - C:\WINDOWS\System32\Slszx.dll
R3 - URLSearchHook: (no name) - {4A07E847-252A-4260-AA52-F0EFB148A7E2} - C:\WINDOWS\System32\Cznc.dll
R3 - URLSearchHook: (no name) - {3DF6BFB7-874C-44C7-AD11-FC6DE59D7A6D} - C:\WINDOWS\System32\Gvnw.dll
R3 - URLSearchHook: (no name) - {59DD073B-0A64-4BF9-AD9A-AEE4C09184AB} - C:\WINDOWS\System32\Yvrkxf.dll (file missing)
R3 - URLSearchHook: (no name) - {1578673E-E7A1-42FE-92D6-85675EC0004C} - C:\WINDOWS\System32\Uxxpfh.dll
R3 - URLSearchHook: (no name) - {92AECE8D-A74C-4064-BFAD-BE08600491DE} - C:\WINDOWS\System32\Rgxldc.dll
R3 - URLSearchHook: (no name) - {10F61B45-164B-43BF-B8C8-CBFDCAD0D557} - C:\WINDOWS\System32\Ougy.dll
R3 - URLSearchHook: (no name) - {17DC458E-6897-4D5D-B497-8A95443F6027} - C:\WINDOWS\System32\Pimk.dll
R3 - URLSearchHook: (no name) - {F3191A86-9EFF-4D07-87E2-308E6EC33103} - C:\WINDOWS\System32\Ysst.dll
R3 - URLSearchHook: (no name) - {4A2472A2-7F94-453F-B0E9-1E476DBDE959} - C:\WINDOWS\System32\Zcsbn.dll
R3 - URLSearchHook: (no name) - {FB8ECF62-8A73-4BAC-A623-D0D37B9D32B7} - C:\WINDOWS\System32\Yddr.dll
R3 - URLSearchHook: (no name) - {FE3673D7-C2B7-4161-9D7B-8AC85F62FB2F} - C:\WINDOWS\System32\Jfdba.dll
R3 - URLSearchHook: (no name) - {E74A839C-9120-431A-B89A-2B207185C73A} - C:\WINDOWS\System32\Isyf.dll
R3 - URLSearchHook: (no name) - {C8B44B0F-17C2-4135-AE4C-36ACCD0DAA70} - C:\WINDOWS\System32\Nobi.dll
R3 - URLSearchHook: (no name) - {34C5BE45-D419-491A-B680-234DAD23852C} - C:\WINDOWS\System32\Rlfw.dll
R3 - URLSearchHook: (no name) - {5DDF56FA-4CCD-489E-8847-E81B797072F5} - C:\WINDOWS\System32\Biwd.dll
R3 - URLSearchHook: (no name) - {1B3A86FA-AE12-4293-B2A3-0FD2721C880E} - C:\WINDOWS\System32\Pujj.dll
R3 - URLSearchHook: (no name) - {8A181EE8-C8E9-4F9F-84E9-CB8B22F84D80} - C:\WINDOWS\System32\Oapn.dll
R3 - URLSearchHook: (no name) - {F04338D6-B281-43D9-8207-430CA4150D5A} - C:\WINDOWS\System32\Kdfqn.dll
R3 - URLSearchHook: (no name) - {BFFBF7EA-296D-4F89-8AA1-6AAEDAE111C7} - C:\WINDOWS\System32\Zdppq.dll
R3 - URLSearchHook: (no name) - {5641A34A-83AD-4581-8A48-C254F34597F9} - C:\WINDOWS\System32\Bisgak.dll
R3 - URLSearchHook: (no name) - {74663220-BF49-43A9-9531-F869E6CE7260} - C:\WINDOWS\System32\Leziai.dll
R3 - URLSearchHook: (no name) - {05D658FB-7E7C-4235-AD83-4E52100B5AE2} - C:\WINDOWS\System32\Snxx.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: (no name) - {05D658FB-7E7C-4235-AD83-4E52100B5AE2} - C:\WINDOWS\System32\Snxx.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {10F61B45-164B-43BF-B8C8-CBFDCAD0D557} - C:\WINDOWS\System32\Ougy.dll
O2 - BHO: (no name) - {1578673E-E7A1-42FE-92D6-85675EC0004C} - C:\WINDOWS\System32\Uxxpfh.dll
O2 - BHO: (no name) - {17DC458E-6897-4D5D-B497-8A95443F6027} - C:\WINDOWS\System32\Pimk.dll
O2 - BHO: (no name) - {1B3A86FA-AE12-4293-B2A3-0FD2721C880E} - C:\WINDOWS\System32\Pujj.dll
O2 - BHO: (no name) - {22F808E2-D50B-4A95-B8B4-B77334103AB4} - C:\WINDOWS\System32\Ezko.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: (no name) - {34C5BE45-D419-491A-B680-234DAD23852C} - C:\WINDOWS\System32\Rlfw.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: (no name) - {3DF6BFB7-874C-44C7-AD11-FC6DE59D7A6D} - C:\WINDOWS\System32\Gvnw.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: (no name) - {42917041-7B65-40CC-9571-57E26182363B} - C:\WINDOWS\System32\Izwrv.dll
O2 - BHO: (no name) - {4A07E847-252A-4260-AA52-F0EFB148A7E2} - C:\WINDOWS\System32\Cznc.dll
O2 - BHO: (no name) - {4A2472A2-7F94-453F-B0E9-1E476DBDE959} - C:\WINDOWS\System32\Zcsbn.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5641A34A-83AD-4581-8A48-C254F34597F9} - C:\WINDOWS\System32\Bisgak.dll
O2 - BHO: (no name) - {59DD073B-0A64-4BF9-AD9A-AEE4C09184AB} - C:\WINDOWS\System32\Yvrkxf.dll (file missing)
O2 - BHO: (no name) - {5DDF56FA-4CCD-489E-8847-E81B797072F5} - C:\WINDOWS\System32\Biwd.dll
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\DOCUME~1\gt\LOCALS~1\Temp\SSLive.dll (file missing)
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: (no name) - {74663220-BF49-43A9-9531-F869E6CE7260} - C:\WINDOWS\System32\Leziai.dll
O2 - BHO: (no name) - {8A181EE8-C8E9-4F9F-84E9-CB8B22F84D80} - C:\WINDOWS\System32\Oapn.dll
O2 - BHO: (no name) - {92AECE8D-A74C-4064-BFAD-BE08600491DE} - C:\WINDOWS\System32\Rgxldc.dll
O2 - BHO: (no name) - {9AE83A27-A9EE-4539-9C62-F6E25B927E41} - C:\WINDOWS\System32\Naty.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {BFFBF7EA-296D-4F89-8AA1-6AAEDAE111C7} - C:\WINDOWS\System32\Zdppq.dll
O2 - BHO: (no name) - {C6311274-BD1A-4F04-A6FF-FC2A810ED3BA} - C:\WINDOWS\System32\Zbhsbx.dll
O2 - BHO: (no name) - {C8B44B0F-17C2-4135-AE4C-36ACCD0DAA70} - C:\WINDOWS\System32\Nobi.dll
O2 - BHO: (no name) - {E74A839C-9120-431A-B89A-2B207185C73A} - C:\WINDOWS\System32\Isyf.dll
O2 - BHO: (no name) - {EFF2A0A0-3707-452C-94D9-745E6C098C1E} - C:\WINDOWS\System32\Slszx.dll
O2 - BHO: (no name) - {F04338D6-B281-43D9-8207-430CA4150D5A} - C:\WINDOWS\System32\Kdfqn.dll
O2 - BHO: (no name) - {F3191A86-9EFF-4D07-87E2-308E6EC33103} - C:\WINDOWS\System32\Ysst.dll
O2 - BHO: (no name) - {FB8ECF62-8A73-4BAC-A623-D0D37B9D32B7} - C:\WINDOWS\System32\Yddr.dll
O2 - BHO: (no name) - {FCC377F2-D499-40A2-B4D4-9206262F9BBE} - C:\WINDOWS\System32\Izjlyx.dll
O2 - BHO: (no name) - {FE3673D7-C2B7-4161-9D7B-8AC85F62FB2F} - C:\WINDOWS\System32\Jfdba.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP> C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX> "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz> nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck> C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTask> "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YLive.exe> C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse> "C:\Program Files\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [IMSCMig> C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG8.1> "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1> C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon> RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [stup.exe> C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [HP Software Update> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck> %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS> "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pyjj> C:\Program Files\jj4\jjsvr4.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\TENCENT\QQ\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone 快速启动 .lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\TENCENT\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\TENCENT\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\TENCENT\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\TENCENT\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O11 - Options group: [TBH> 搜搜地址栏搜索
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
O23 - Service: winaua - Unknown owner - C:\DOCUME~1\gt\LOCALS~1\Temp\aua1\aua1.exe (file missing)
O23 - Service: winmum - Unknown owner - C:\DOCUME~1\gt\LOCALS~1\Temp\mum1\mum1.exe (file missing)
O23 - Service: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
请大虾看一下~~跪谢~~~
下载置顶帖子中推荐的汉化版killbox,删除下面所有dll文件(删除的时候勾选先反注册这dll文件),后缀为(file missing)的不用管,直接用hijckthis修复。
R3 - URLSearchHook: (no name) - {22F808E2-D50B-4A95-B8B4-B77334103AB4} - C:\WINDOWS\System32\Ezko.dll
R3 - URLSearchHook: (no name) - {C6311274-BD1A-4F04-A6FF-FC2A810ED3BA} - C:\WINDOWS\System32\Zbhsbx.dll
R3 - URLSearchHook: (no name) - {FCC377F2-D499-40A2-B4D4-9206262F9BBE} - C:\WINDOWS\System32\Izjlyx.dll
R3 - URLSearchHook: (no name) - {9AE83A27-A9EE-4539-9C62-F6E25B927E41} - C:\WINDOWS\System32\Naty.dll
R3 - URLSearchHook: (no name) - {42917041-7B65-40CC-9571-57E26182363B} - C:\WINDOWS\System32\Izwrv.dll
R3 - URLSearchHook: (no name) - {EFF2A0A0-3707-452C-94D9-745E6C098C1E} - C:\WINDOWS\System32\Slszx.dll
R3 - URLSearchHook: (no name) - {4A07E847-252A-4260-AA52-F0EFB148A7E2} - C:\WINDOWS\System32\Cznc.dll
R3 - URLSearchHook: (no name) - {3DF6BFB7-874C-44C7-AD11-FC6DE59D7A6D} - C:\WINDOWS\System32\Gvnw.dll
R3 - URLSearchHook: (no name) - {59DD073B-0A64-4BF9-AD9A-AEE4C09184AB} - C:\WINDOWS\System32\Yvrkxf.dll (file missing)
R3 - URLSearchHook: (no name) - {1578673E-E7A1-42FE-92D6-85675EC0004C} - C:\WINDOWS\System32\Uxxpfh.dll
R3 - URLSearchHook: (no name) - {92AECE8D-A74C-4064-BFAD-BE08600491DE} - C:\WINDOWS\System32\Rgxldc.dll
R3 - URLSearchHook: (no name) - {10F61B45-164B-43BF-B8C8-CBFDCAD0D557} - C:\WINDOWS\System32\Ougy.dll
R3 - URLSearchHook: (no name) - {17DC458E-6897-4D5D-B497-8A95443F6027} - C:\WINDOWS\System32\Pimk.dll
R3 - URLSearchHook: (no name) - {F3191A86-9EFF-4D07-87E2-308E6EC33103} - C:\WINDOWS\System32\Ysst.dll
R3 - URLSearchHook: (no name) - {4A2472A2-7F94-453F-B0E9-1E476DBDE959} - C:\WINDOWS\System32\Zcsbn.dll
R3 - URLSearchHook: (no name) - {FB8ECF62-8A73-4BAC-A623-D0D37B9D32B7} - C:\WINDOWS\System32\Yddr.dll
R3 - URLSearchHook: (no name) - {FE3673D7-C2B7-4161-9D7B-8AC85F62FB2F} - C:\WINDOWS\System32\Jfdba.dll
R3 - URLSearchHook: (no name) - {E74A839C-9120-431A-B89A-2B207185C73A} - C:\WINDOWS\System32\Isyf.dll
R3 - URLSearchHook: (no name) - {C8B44B0F-17C2-4135-AE4C-36ACCD0DAA70} - C:\WINDOWS\System32\Nobi.dll
R3 - URLSearchHook: (no name) - {34C5BE45-D419-491A-B680-234DAD23852C} - C:\WINDOWS\System32\Rlfw.dll
R3 - URLSearchHook: (no name) - {5DDF56FA-4CCD-489E-8847-E81B797072F5} - C:\WINDOWS\System32\Biwd.dll
R3 - URLSearchHook: (no name) - {1B3A86FA-AE12-4293-B2A3-0FD2721C880E} - C:\WINDOWS\System32\Pujj.dll
R3 - URLSearchHook: (no name) - {8A181EE8-C8E9-4F9F-84E9-CB8B22F84D80} - C:\WINDOWS\System32\Oapn.dll
R3 - URLSearchHook: (no name) - {F04338D6-B281-43D9-8207-430CA4150D5A} - C:\WINDOWS\System32\Kdfqn.dll
R3 - URLSearchHook: (no name) - {BFFBF7EA-296D-4F89-8AA1-6AAEDAE111C7} - C:\WINDOWS\System32\Zdppq.dll
R3 - URLSearchHook: (no name) - {5641A34A-83AD-4581-8A48-C254F34597F9} - C:\WINDOWS\System32\Bisgak.dll
R3 - URLSearchHook: (no name) - {74663220-BF49-43A9-9531-F869E6CE7260} - C:\WINDOWS\System32\Leziai.dll
R3 - URLSearchHook: (no name) - {05D658FB-7E7C-4235-AD83-4E52100B5AE2} - C:\WINDOWS\System32\Snxx.dll
O2 - BHO: (no name) - {05D658FB-7E7C-4235-AD83-4E52100B5AE2} - C:\WINDOWS\System32\Snxx.dll
O2 - BHO: (no name) - {10F61B45-164B-43BF-B8C8-CBFDCAD0D557} - C:\WINDOWS\System32\Ougy.dll
O2 - BHO: (no name) - {1578673E-E7A1-42FE-92D6-85675EC0004C} - C:\WINDOWS\System32\Uxxpfh.dll
O2 - BHO: (no name) - {17DC458E-6897-4D5D-B497-8A95443F6027} - C:\WINDOWS\System32\Pimk.dll
O2 - BHO: (no name) - {1B3A86FA-AE12-4293-B2A3-0FD2721C880E} - C:\WINDOWS\System32\Pujj.dll
O2 - BHO: (no name) - {22F808E2-D50B-4A95-B8B4-B77334103AB4} - C:\WINDOWS\System32\Ezko.dll
O2 - BHO: (no name) - {BFFBF7EA-296D-4F89-8AA1-6AAEDAE111C7} - C:\WINDOWS\System32\Zdppq.dll
O2 - BHO: (no name) - {C6311274-BD1A-4F04-A6FF-FC2A810ED3BA} - C:\WINDOWS\System32\Zbhsbx.dll
O2 - BHO: (no name) - {C8B44B0F-17C2-4135-AE4C-36ACCD0DAA70} - C:\WINDOWS\System32\Nobi.dll
O2 - BHO: (no name) - {E74A839C-9120-431A-B89A-2B207185C73A} - C:\WINDOWS\System32\Isyf.dll
O2 - BHO: (no name) - {EFF2A0A0-3707-452C-94D9-745E6C098C1E} - C:\WINDOWS\System32\Slszx.dll
O2 - BHO: (no name) - {F04338D6-B281-43D9-8207-430CA4150D5A} - C:\WINDOWS\System32\Kdfqn.dll
O2 - BHO: (no name) - {F3191A86-9EFF-4D07-87E2-308E6EC33103} - C:\WINDOWS\System32\Ysst.dll
O2 - BHO: (no name) - {FB8ECF62-8A73-4BAC-A623-D0D37B9D32B7} - C:\WINDOWS\System32\Yddr.dll
O2 - BHO: (no name) - {FCC377F2-D499-40A2-B4D4-9206262F9BBE} - C:\WINDOWS\System32\Izjlyx.dll
O2 - BHO: (no name) - {FE3673D7-C2B7-4161-9D7B-8AC85F62FB2F} - C:\WINDOWS\System32\Jfdba.dll
修复下面项目,直接用hijackthis:
O4 - HKLM\..\Run: [KernelFaultCheck> %systemroot%\system32\dumprep 0 -k
卸载:搜搜地址栏搜索
关闭下面服务:
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
O23 - Service: winaua - Unknown owner - C:\DOCUME~1\gt\LOCALS~1\Temp\aua1\aua1.exe (file missing)
O23 - Service: winmum - Unknown owner - C:\DOCUME~1\gt\LOCALS~1\Temp\mum1\mum1.exe (file missing)
O23 - Service: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
借助汉化版killbox删除下面文件
C:\DOCUME~1\gt\LOCALS~1\Temp\aua1
C:\WINDOWS\wincup\wincup.exe
C:\Program Files\Common Files\COMM\Network.exe
最后用置顶帖子里面推荐的 恶意软件清理工具清理 一次
以上处理后,重新扫描一次 直接用hijackthis修复所有后缀为(no file )(file missing),,然后再发扫描报告上来。
估计处理时间大约40~50分钟(看熟练程度)
好家伙!看来是光知道用,不知道平时维护啊
这么多的,要清理清理垃圾了
清除好了
Logfile of HijackThis v1.99.1
Scan saved at 12:10:50, on 2006-7-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\gt\桌面\ha_hijackthis_1991\HijackThis.exe
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMAXPnP> C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX> "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz> nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck> C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTask> "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [IMSCMig> C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG8.1> "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1> C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon> RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe> C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS> "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\TENCENT\QQ\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
直接修复
O4 - HKLM\..\Run: [HP Software Update> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck> C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS> "C:\Program Files\Messenger\msmsgs.exe" /background
建议修复,没有必要占据启动项
楼主修复速度不错啊。
我的速度来源你的指导,嘎嘎~都修复好后,QQ要删了重装吗
大虾来了吗?我启动QQ还是会蓝屏,还是会重启。。我晕死了,,求救~~~~~~~~~~~
哪位大吓帮一下啊~~~~~~~~~~~~~~~谢啊~~~~~~~~~~~~~~~~
建议换置顶帖子里面的扫描工具SEeng扫描一个报告看看,直接把扫描报告贴这里面。
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run>
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation>
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation>
<pyjj><C:\Program Files\jj4\jjsvr4.exe> [加加开发组>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<load><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run>
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.>
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.>
<nwiz><nwiz.exe /install> [NVIDIA Corporation>
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh>
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.>
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation>
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation>
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation>
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [>
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation>
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation>
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation>
<Corel Reminder><> [>
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<shell><Explorer.exe> [Microsoft Corporation>
<Userinit><C:\WINDOWS\System32\Userinit.exe,> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows>
<AppInit_DLLs><> [>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon>
<UIHost><logonui.exe> [Microsoft Corporation>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks>
<{DD32EDBB-11E1-49FE-B1B7-A30119B43B0C}><> [>
==================================
启动文件夹
[腾讯QQ>
<C:\Documents and Settings\gt\「开始」菜单\程序\启动\腾讯QQ.lnk><N>
==================================
服务
[Adobe LM Service / Adobe LM Service>
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[NVIDIA Driver Helper Service / NVSvc>
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12>
<C:\WINDOWS\System32\HPZipm12.exe><HP>
[Rising Process Communication Center / RsCCenter>
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon>
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Print Manager / SOCEESe>
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)>
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[TabletService / TabletService>
<C:\WINDOWS\System32\Tablet.exe><Wacom Technology, Corp.>
[winaua / winaua>
<C:\DOCUME~1\gt\LOCALS~1\Temp\aua1\aua1.exe -R><N/A>
[winmum / winmum>
<C:\DOCUME~1\gt\LOCALS~1\Temp\mum1\mum1.exe -R><N/A>
[WinWrCup / WinWrCup>
<C:\WINDOWS\wincup\wincup.exe -R><MsWinCup>
==================================
浏览器加载项
[@shdoclc.dll,-866>
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)>
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[AxInputControl Class>
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MsnMessengerSetupDownloadControl Class>
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object>
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘>
<C:\Program Files\TENCENT\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载>
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接>
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)>
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板>
<C:\Program Files\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情>
<C:\Program Files\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片>
<C:\Program Files\TENCENT\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 600>[\SystemRoot\System32\smss.exe> <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 656>[\??\C:\WINDOWS\system32\csrss.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 680>[\??\C:\WINDOWS\system32\winlogon.exe> <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 724>[C:\WINDOWS\system32\services.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 744>[C:\WINDOWS\system32\lsass.exe> <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 928>[C:\WINDOWS\system32\svchost.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1028>[C:\Program Files\Rising\Rav\CCenter.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1044>[C:\WINDOWS\System32\svchost.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1212>[C:\WINDOWS\System32\svchost.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1244>[C:\WINDOWS\System32\svchost.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1256>[C:\Program Files\Rising\Rav\Ravmond.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
[C:\Program Files\Rising\Rav\BWList.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsLog.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[C:\Program Files\Rising\Rav\HOOKSYS.dll> <Rising><18, 1, 0, 9>
[C:\Program Files\Rising\Rav\Scanner.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[C:\Program Files\Rising\Rav\libload.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\VirusLib.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\regmon.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\HookWeb.dll> <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\expscan.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\mPorts.dll> <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[C:\Program Files\Rising\Rav\MailMon.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\SpamEng.dll> <N/A><18, 0, 0, 6>
[C:\Program Files\Rising\Rav\engine.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[C:\Program Files\Rising\Rav\UnExe.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanExec.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[C:\Program Files\Rising\Rav\ScanEx.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[C:\Program Files\Rising\Rav\PostTrt.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[C:\Program Files\Rising\Rav\NvFile.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanMac.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[C:\Program Files\Rising\Rav\Unpacker.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\Program Files\Rising\Rav\ScanNet.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\Program Files\Rising\Rav\ExtOLE.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1488>[C:\WINDOWS\system32\spoolsv.exe> <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\HpTcpMon.dll> <Hewlett Packard><5.01.00.011>
[C:\WINDOWS\system32\hpzjrd01.dll> <Hewlett Packard><2.01.00.001>
[C:\WINDOWS\system32\HPTcpMUI.dll> <Microsoft Corporation><5.01.00.011>
[C:\WINDOWS\system32\hptcpmib.dll> <Hewlett Packard><5.01.00.011>
[C:\WINDOWS\system32\hpzsnt12.dll> <HP><14.00.00.41711>
[PID: 1784>[C:\WINDOWS\Explorer.EXE> <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[C:\Program Files\Corel\Corel Graphics 11\Programs\CdrIco110.dll> <Corel Corporation><11.633>
[C:\Program Files\WinRAR\rarext.dll> <N/A><N/A>
[C:\WINDOWS\system32\RhinoShExt.dll> <Robert McNeel & Associates><3, 0, 0, 1>
[C:\WINDOWS\system32\RavExt.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[PID: 1892>[C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> <Analog Devices, Inc.><4, 0, 4, 11>
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll> <Analog Device, Inc.><1, 0, 22, 26>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 1924>[C:\Program Files\Rising\Rav\RavTask.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 1944>[C:\Program Files\Rising\Rav\Ravmon.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[C:\Program Files\Rising\Rav\RsGuiLib.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[C:\Program Files\Rising\Rav\BWList.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[C:\Program Files\Rising\Rav\CfgDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\PngDll.dll> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 204>[C:\WINDOWS\System32\nvsvc32.exe> <NVIDIA Corporation><6.14.10.4403>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 240>[C:\WINDOWS\System32\HPZipm12.exe> <HP><9, 0, 0, 0>
[PID: 276>[C:\WINDOWS\System32\ctfmon.exe> <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 312>[C:\Program Files\Messenger\msmsgs.exe> <Microsoft Corporation><4.7.2010>
[C:\WINDOWS\System32\msdmo.dll> <N/A><N/A>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 352>[C:\Program Files\jj4\jjsvr4.exe> <加加开发组><4.0.0.20>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 992>[C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe> <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1008>[C:\WINDOWS\System32\svchost.exe> <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1020>[C:\WINDOWS\System32\Tablet.exe> <Wacom Technology, Corp.><4.75-9>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[PID: 1576>[C:\Program Files\Rising\Rav\RavStub.exe> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\Program Files\Rising\Rav\RsCommX.dll> <rising><18, 0, 0, 1>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL> <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 336>[D:\Program Files\Maxthon\Maxthon.exe> <MY Soft Technology><1, 3, 3, 23>
[D:\Program Files\Maxthon\maxzlib.dll> < ><1, 0, 0, 2>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[D:\Program Files\Maxthon\Services\RealTime\real_time.dll> <><1, 0, 0, 1>
[D:\Program Files\Storm Codec\Codecs\VSFilter.dll> <Gabest><1, 0, 1, 3>
[D:\Program Files\Storm Codec\Codecs\empgdmx.ax> <Elecard Ltd.><1, 0, 19, 51017>
[D:\Program Files\Storm Codec\Codecs\RMSplt.ax> <Gabest><1, 0, 1, 1>
[C:\WINDOWS\System32\ffdshow.ax> <N/A><1.0.2.2003>
[D:\Program Files\Storm Codec\Codecs\mlcom.ax> <Moonlight Cordless Ltd><1, 5, 173, 41217>
[D:\Program Files\Storm Codec\Codecs\TRLDRP6.ax> <N/A><4, 7, 2, 9>
[PID: 3512>[C:\Documents and Settings\gt\My Documents\SREng2\SREng.exe> <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\System32\tabhook.dll> <Wacom Technology, Corp.><4.75-9>
[C:\Documents and Settings\gt\My Documents\SREng2\Plugins\SREngPluginDemo.SRE> <Smallfrogs Studio><1, 1, 1, 0>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1>
.EXE OK. ["%1" %*>
.COM OK. ["%1" %*>
.PIF OK. ["%1" %*>
.REG OK. [regedit.exe "%1">
.BAT OK. ["%1" %*>
.SCR OK. ["%1" /S>
.CHM OK. ["C:\WINDOWS\hh.exe" %1>
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1>
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1>
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*>
.LNK OK. [{00021401-0000-0000-C000-000000000046}>
[winaua / winaua>
<C:\DOCUME~1\gt\LOCALS~1\Temp\aua1\aua1.exe -R><N/A>
[winmum / winmum>
<C:\DOCUME~1\gt\LOCALS~1\Temp\mum1\mum1.exe -R><N/A>
[WinWrCup / WinWrCup>
<C:\WINDOWS\wincup\wincup.exe -R><MsWinCup>
[Print Manager / SOCEESe>
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[AxInputControl Class>
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MsnMessengerSetupDownloadControl Class>
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
貌似还没清理干净 |
|
设为首页
加入收藏
联系我们
打印本文 
返回顶部 
加入收藏 
关闭窗口
