应用程序都被更改了（附日志）【求助】 bbs.ikaka.com

覆雨あ翻云 - 2006-10-23 15:20:00

下面是我刚扫的日志
2006-10-23,15:01:32

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\rundl132.exe> []
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
<DAEMON Tools><; "D:\Program Files\虚拟光驱\DAEMON Tools\daemon.exe" -lang 1033> [N/A]
<wdfmgr32><C:\WINDOWS\system32\wdfmgr32.exe> [N/A]
<kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ms95348e-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\h5348e66.log> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AVP / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r"><Kaspersky Lab>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda]
<system32\drivers\cmuda.sys><C-Media Inc>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[giveio / giveio]
<\SystemRoot\system32\giveio.sys><N/A>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[ooeldod / ooeldodu]
<\SystemRoot\System32\DRIVERS\ooeldodu.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SetupNT / SetupNT]
<\SystemRoot\system32\SetupNT.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03]
<\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[speedfan / speedfan]
<\SystemRoot\system32\speedfan.sys><Windows (R) 2000 DDK provider>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================
浏览器加载项
[]
{500911F3-16C7-4120-BBEF-DF82FDCD2149} <C:\WINDOWS\system32\ATIDEMGRED.dll, N/A>
[XBTP03129 Class]
{71E000D6-C63D-4d95-85A0-76DF890982A3} <C:\PROGRA~1\SEARCH~1\tbu03346\SEARCH~1.DLL, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ltmenu Class]
{78C21EFD-53BA-406C-AF1A-33A38ABD3958} <C:\Program Files\LtUcx\1002\c0.dll, 北京莲塘软件技术有限公司>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\Program Files\下载工具\Thunder Network\Thunder\Thunder.exe, >
[视频聊天]
{6924091F-CD97-41E1-B1D4-D9079409D413} <http://www.liantang.net, N/A>
[寻论网--中学作业解答]
{6924091F-CD97-41E1-B1D4-D9079409D423} <http://www.xunlun.com, N/A>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\Program Files\下载工具\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SearchCar]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\SearchCar\tbu03346\SearchCar.dll, N/A>
[VTPlug3 Class]
{0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, >
[GetMac.GetMacAddress]
{515B4F43-DBB0-414B-9109-A0EBA02C661D} <C:\WINDOWS\system32\GetMac.ocx, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.liantang.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[BitComet工具栏]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <D:\Program Files\下载工具\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, N/A>
[]
{500911F3-16C7-4120-BBEF-DF82FDCD2149} <C:\WINDOWS\system32\ATIDEMGRED.dll, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.liantang.cn)>
[XBTP03129 Class]
{71E000D6-C63D-4D95-85A0-76DF890982A3} <C:\PROGRA~1\SEARCH~1\tbu03346\SEARCH~1.DLL, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ltmenu Class]
{78C21EFD-53BA-406C-AF1A-33A38ABD3958} <C:\Program Files\LtUcx\1002\c0.dll, 北京莲塘软件技术有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\下载工具\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[星空极速]
{8A03D6E7-7FDA-4CE9-95D0-988790911BF0} <C:\Program Files\ChinaNet\uact1.dll, gd.vnet.cn>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\播放软件\KuGoo3\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SearchCar]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\SearchCar\tbu03346\SearchCar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<D:\Program Files\下载工具\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\下载工具\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

覆雨あ翻云 - 2006-10-23 15:21:00

==================================
正在运行的进程
[PID: 528][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 692][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 868][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 1528][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 1656][C:\WINDOWS\rundl132.exe] [, 1.0.0.0]
[PID: 1664][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 4.3. 625.61]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 1688][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 1736][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 328][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2576][C:\WINDOWS\system32\cmd.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2592][C:\Program Files\ChinaNet\VnetClient.exe] [, 2006, 4, 27, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 3, 8, 18]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 6, 2, 14]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\SETUPP~1.DLL] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2006, 6, 2, 14]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 5, 26, 11]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2005, 12, 22, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 5, 26, 16]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2006, 5, 26, 16]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, N/A]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 6, 8, 15]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2006, 6, 12, 9]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [ , 2006, 5, 10, 14]
[C:\PROGRA~1\ChinaNet\Favorite.ocx] [, 1, 0, 0, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 2800][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 2708][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 3740][C:\WINDOWS\system32\cmd.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3788][d:\Program Files\Maxthon\Max.exe] [Maxthon International Ltd., 1, 5, 3, 18]
[d:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[D:\Program Files\下载工具\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[d:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 3264][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\ms95348e.dll] [N/A, N/A]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 3228][F:\安装\系统工具\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
203.171.236.215 www.17173.com
203.171.236.215 www.wowchina.com
203.171.236.215 www.ztgame.com.cn
203.171.236.215 rxjh.17game.com
203.171.236.215 www.17game.com
203.171.236.215 www.kd171.cn
203.171.236.215 www.72g.com
203.171.236.215 www.muchina.com
203.171.236.215 xyq.163.com
203.171.236.215 xy2.163.com
203.171.236.215 www.the9.com
203.171.236.215 www.5173.com
203.171.236.215 www.tkgame.com
59.34.197.239 www.baidu.com
59.34.197.239 baidu.com
59.34.197.239 www.sohu.com
59.34.197.239 sohu.com
59.34.197.239 www.sina.com
59.34.197.239 sina.com
59.34.197.239 www.sina.com.cn
59.34.197.239 sina.com.cn
59.34.197.239 www.163.com
59.34.197.239 163.com
59.34.197.239 www.google.com
59.34.197.239 google.com
59.34.197.239 www.qq.com
59.34.197.239 qq.com
59.34.197.239 www.hao123.com
59.34.197.239 hao123.com
59.34.197.239 ttlttt.com
59.34.197.239 www.ddspn.com

==================================

覆雨あ翻云 - 2006-10-23 16:12:00

一直在线等大侠们解答,可为什么就没人肯帮忙呢,难道说没人能解决这问题

水树雨下 - 2006-10-23 16:16:00

威金啊……
用专杀，杀不干净全盘格
我的e盘里有专杀，可以试试mizuki.ys168.com

終生學習 - 2006-10-23 16:17:00

wdfmgr32><C:\WINDOWS\system32\wdfmgr32.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ms95348e-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\h5348e66.log> [N/A]
[C:\WINDOWS\system32\dumprepx.dll] [N/A, N/A]
[PID: 1656][C:\WINDOWS\rundl132.exe] [, 1.0.0.0]
==================================
HOSTS 文件
203.171.236.215 www.17173.com
203.171.236.215 www.wowchina.com
203.171.236.215 www.ztgame.com.cn
203.171.236.215 rxjh.17game.com
203.171.236.215 www.17game.com
203.171.236.215 www.kd171.cn
203.171.236.215 www.72g.com
203.171.236.215 www.muchina.com
203.171.236.215 xyq.163.com
203.171.236.215 xy2.163.com
203.171.236.215 www.the9.com
203.171.236.215 www.5173.com
203.171.236.215 www.tkgame.com
59.34.197.239 www.baidu.com
59.34.197.239 baidu.com
59.34.197.239 www.sohu.com
59.34.197.239 sohu.com
59.34.197.239 www.sina.com
59.34.197.239 sina.com
59.34.197.239 www.sina.com.cn
59.34.197.239 sina.com.cn
59.34.197.239 www.163.com
59.34.197.239 163.com
59.34.197.239 www.google.com
59.34.197.239 google.com
59.34.197.239 www.qq.com
59.34.197.239 qq.com
59.34.197.239 www.hao123.com
59.34.197.239 hao123.com
59.34.197.239 ttlttt.com
59.34.197.239 www.ddspn.com

==================================

覆雨あ翻云 - 2006-10-23 17:05:00

我用瑞星威金专杀在安全模式下杀过了,可是没有查到病毒啊.

覆雨あ翻云 - 2006-10-23 18:18:00

我用江民威金专杀过再在安全模式下用KillBox把5楼所说的那几项都删除了,现在我重新扫了份日志,请帮我看还有没毒,谢谢
2006-10-23,18:02:21

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
<DAEMON Tools><; "D:\Program Files\虚拟光驱\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<9><; C:\WINDOWS\system32\vpcrm.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\systemy.sys> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AVP / AVP]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r"><Kaspersky Lab>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda]
<system32\drivers\cmuda.sys><C-Media Inc>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[giveio / giveio]
<\SystemRoot\system32\giveio.sys><N/A>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[ooeldod / ooeldodu]
<\SystemRoot\System32\DRIVERS\ooeldodu.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SetupNT / SetupNT]
<\SystemRoot\system32\SetupNT.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03]
<\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[speedfan / speedfan]
<\SystemRoot\system32\speedfan.sys><Windows (R) 2000 DDK provider>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================

覆雨あ翻云 - 2006-10-23 18:21:00

==================================
浏览器加载项
[]
{500911F3-16C7-4120-BBEF-DF82FDCD2149} <C:\WINDOWS\system32\ATIDEMGRED.dll, N/A>
[XBTP03129 Class]
{71E000D6-C63D-4d95-85A0-76DF890982A3} <C:\PROGRA~1\SEARCH~1\tbu03346\SEARCH~1.DLL, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ltmenu Class]
{78C21EFD-53BA-406C-AF1A-33A38ABD3958} <C:\Program Files\LtUcx\1002\c0.dll, 北京莲塘软件技术有限公司>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <D:\Program Files\下载工具\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[视频聊天]
{6924091F-CD97-41E1-B1D4-D9079409D413} <http://www.liantang.net, N/A>
[寻论网--中学作业解答]
{6924091F-CD97-41E1-B1D4-D9079409D423} <http://www.xunlun.com, N/A>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <D:\Program Files\下载工具\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SearchCar]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\SearchCar\tbu03346\SearchCar.dll, N/A>
[VTPlug3 Class]
{0400AC1C-EEF0-4638-A501-31D5A0DC2002} <C:\WINDOWS\system32\gxd\VTrans3.dll, >
[GetMac.GetMacAddress]
{515B4F43-DBB0-414B-9109-A0EBA02C661D} <C:\WINDOWS\system32\GetMac.ocx, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.liantang.cn)>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[BitComet工具栏]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <D:\Program Files\下载工具\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, N/A>
[]
{500911F3-16C7-4120-BBEF-DF82FDCD2149} <C:\WINDOWS\system32\ATIDEMGRED.dll, N/A>
[IMCv1 Control]
{6924091F-CD97-41E1-B1D4-D9079409D413} <C:\PROGRA~1\LtUcx\1003\c1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.liantang.cn)>
[XBTP03129 Class]
{71E000D6-C63D-4D95-85A0-76DF890982A3} <C:\PROGRA~1\SEARCH~1\tbu03346\SEARCH~1.DLL, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\系统工具\MagicSet\haokanbar.dll, Xiang Feng Technology>
[ltmenu Class]
{78C21EFD-53BA-406C-AF1A-33A38ABD3958} <C:\Program Files\LtUcx\1002\c0.dll, 北京莲塘软件技术有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\下载工具\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[星空极速]
{8A03D6E7-7FDA-4CE9-95D0-988790911BF0} <C:\Program Files\ChinaNet\uact1.dll, gd.vnet.cn>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\播放软件\KuGoo3\KUGOO3~1.OCX, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SearchCar]
{BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\SearchCar\tbu03346\SearchCar.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<D:\Program Files\下载工具\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\下载工具\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 528][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 688][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 860][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1012][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1400][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]
[PID: 1448][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1]
[C:\Program Files\LtUcx\1002\c0.dll] [北京莲塘软件技术有限公司, 1, 8, 0, 60]
[C:\Program Files\LtUcx\ucx0.dll] [北京莲塘软件技术有限公司, 1, 0, 3, 21]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 1596][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1868][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 4.3. 625.61]
[PID: 1876][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]
[PID: 1896][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]
[PID: 268][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1248][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096][F:\安装\系统工具\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Internet Explorer\PLUGINS\systemy.sys] [N/A, N/A]

瑞星卡卡安全论坛