瑞星卡卡安全论坛
ElliottMars - 2007-1-13 17:41:00
详细内容2007-01-13 10:44:41, Explorer.EXE>>D:\WINDOWS\Explorer.EXE ->Trojan.DL.Inject.ab 因为我玩网游所以用了瑞星防火墙并且 用了密码保护 所以一玩网游就会弹出上面段字 我用了卡巴 只检查出Explorer.EXE为风险软件. 用木马杀客一样都没检查出. 请版竹帮我想想有什么办法杀
ElliottMars - 2007-1-13 17:41:00
我在线等!!!!!!!!!!!!!!1
ElliottMars - 2007-1-13 17:43:00
没人?....
ElliottMars - 2007-1-13 17:54:00
Logfile of HijackThis v1.99.1
Scan saved at 17:41:15, on 2007-1-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\VM_STI.EXE
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\360safe\safemon\360Tray.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\VIA\RAID\raid_tool.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Tencent\QQ\QQMusic.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Shomaru\桌面\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WebThunder] E:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\Program Files\SkyNet\FireWall\pfw.exe
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [360Safetray] D:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: 木马杀客2007.Lnk = ?
O8 - Extra context menu item: &使用BitComet下载 - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用Web迅雷下载 - E:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157391795828
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2532C5E-CCF1-4FFD-BDB2-EA64B06C4B35}: NameServer = 202.96.209.134 202.96.209.6
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
我D盘是系统盘
ElliottMars - 2007-1-13 17:56:00
来个人帮我解决下吧.... 今天晚上RAID 不能上了 5555....我的T3啊!!!!!!!1
ElliottMars - 2007-1-13 18:20:00
还没人来???
水树雨下 - 2007-1-13 18:22:00
扫sreng2日志
ElliottMars - 2007-1-13 18:23:00
啊?...
ElliottMars - 2007-1-13 18:24:00
100 - 未知 - Process: rfwmain.exe [Rising Personal FireWall Main Program] - C:\Program Files\Rising\Rfw\rfwmain.exe
100 - 未知 - Process: rfwsrv.exe [Rising Personal FireWall Service] - c:\program files\rising\rfw\rfwsrv.exe
100 - 未知 - Process: QQ.exe [QQ] - C:\Program Files\Tencent\QQ\QQ.exe
100 - 未知 - Process: TIMPlatform.exe [TIMPlatform] - C:\Program Files\Tencent\QQ\TIMPlatform.exe
100 - 未知 - Process: QQMusic.exe [QQ音乐播放器7.1] - C:\Program Files\Tencent\QQ\QQMusic.exe
O4 - 未知 - Startup folder: [木马杀客2007.Lnk] [] D:\Documents and Settings\All Users\「开始」菜单\程序\启动\木马杀客2007.Lnk
O8 - 未知 - Extra context menu item: &使用BitComet下载 - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - 未知 - Extra context menu item: &使用BitComet下载全部链接 - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - 未知 - Extra context menu item: &使用BitComet下载本页视频 - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 -
O8 - 未知 - Extra context menu item: 使用Web迅雷下载 - E:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - 未知 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 -
O8 - 未知 - Extra context menu item: 添加到QQ表情 -
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 -
O9 - 未知 - Extra button: 启动Web迅雷(HKLM) - http://my.xunlei.com
O23 - 未知 - Service: AVP [Provides protection against computer viruses and another dangerous software.] - "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r - (running)
O23 - 未知 - Service: RfwProxySrv [Rising Personal Proxy Service] - c:\program files\rising\rfw\rfwproxy.exe - (not running)
O23 - 未知 - Service: RfwService [Rising Personal Firewall Service] - c:\program files\rising\rfw\rfwsrv.exe - (running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - D:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - D:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - D:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - D:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: ati2evxx.exe [ati显卡相关后台程序。] - D:\WINDOWS\system32\Ati2evxx.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - D:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - D:\WINDOWS\Explorer.EXE
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - D:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - D:\WINDOWS\System32\alg.exe
100 - 安全 - Process: atiptaxx.exe [ati显卡相关工具软件。] - D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
100 - 安全 - Process: VM_STI.EXE [still image (sti) driver驱动程序,一般用于电脑摄像头。] - D:\WINDOWS\VM_STI.EXE
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - D:\WINDOWS\system32\RunDll32.exe
100 - 安全 - Process: issch.exe [installshield software 公司出品的相关软件更新程序。] - D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - D:\Program Files\360safe\safemon\360Tray.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - D:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: raid_tool.exe [via威盛公司出品的独立磁盘冗余阵列。] - D:\Program Files\VIA\RAID\raid_tool.exe
100 - 安全 - Process: VnetClient.exe [vnet虚拟拨号软件,用于adsl宽带拨号。] - D:\Program Files\ChinaNet\VnetClient.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - D:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - D:\Program Files\360safe\360safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O2 - 安全 - BHO: (NavigatMon Class) - [360safe实时保护功能模块,用于恶意网站拦截。] - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files\360safe\safemon\safemon.dll
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [PHIME2002ASync] [输入法软件相关程序。] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 安全 - HKLM\..\Run: [ATIPTA] [ati显卡驱动的系统托盘图标,可调节显卡属性] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 安全 - HKLM\..\Run: [BigDogPath] [网眼摄像头驱动] D:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - 安全 - HKLM\..\Run: [Cmaudio] [vxd驱动程序需要] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 安全 - HKLM\..\Run: [Super Rabbit SafeEdit] [超级兔子安全视窗。] C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - 安全 - HKLM\..\Run: [ISUSPM Startup] [installshield安装包服务计划任务升级程序。] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - 安全 - HKLM\..\Run: [ISUSScheduler] [installshield 公司出品的相关软件。] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 安全 - HKLM\..\Run: [WebThunder] [是迅雷公司推出的一款基于多资源超线程技术的下载工具。] E:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 安全 - HKLM\..\Run: [SKYNET Personal FireWall] [天网个人防火墙] E:\Program Files\SkyNet\FireWall\pfw.exe
O4 - 安全 - HKLM\..\Run: [AVP] [卡巴斯基杀毒软件相关程序。] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 安全 - HKLM\..\Run: [360Safetray] [360安全卫士实时保护模块。] D:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 安全 - HKLM\..\Run: [RfwMain] [瑞星防火墙程序,抵御黑客攻击。] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] D:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [MSMSGS] [是MSN Messenger网络聊天工具的主程序] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - 安全 - Startup folder: [VIA RAID TOOL.lnk] [威盛公司出品的独立磁盘冗余阵列。] D:\Documents and Settings\All Users\「开始」菜单\程序\启动\VIA RAID TOOL.lnk
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq:即时通讯软件] D:\Documents and Settings\Shomaru\「开始」菜单\程序\启动\腾讯QQ.lnk
O16 - 安全 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Windows升级工具V5) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157391795828
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O23 - 安全 - Service: Ati HotKey Poller [ati显卡相关后台程序。] - D:\WINDOWS\system32\Ati2evxx.exe - (running)
O23 - 安全 - Service: ATI Smart [是一个ati图形显示卡驱程的相关进程。] - D:\WINDOWS\system32\ati2sgag.exe - (not running)
ElliottMars - 2007-1-13 18:25:00
=======================================
O40 - Explorer.EXE - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll - Script Checker - e4f4b2a19754604fce54d33ac326cc1a
O40 - Explorer.EXE - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll - Windows Shell Extension - 836a580b5800c8070854060be5ca94c7
O40 - Explorer.EXE - - D:\Program Files\360safe\safemon\safemon.dll - 360安全卫士实时保护模块 - 72cb00a125c2ce57aa782c2e9cc70fdf
O40 - Explorer.EXE - - C:\Program Files\Tencent\QQ\qdshm.dll - QQDiskShellMenu Module - 3abe919a3c4426db72aa89a81e642f66
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Tencent\QQ\MFC42.DLL - MFCDLL Shared Library - Retail Version - c89eba9596771da3979a84fd425b8264
O40 - RunDll32.exe - - D:\Program Files\360safe\safemon\safemon.dll - 360安全卫士实时保护模块 - 72cb00a125c2ce57aa782c2e9cc70fdf
=======================================
O41 - BaseTDI - basetdi - D:\WINDOWS\system32\drivers\basetdi.sys - (running) - basetdi - Beijing Rising Technology Co., Ltd. - 0064810c1b03f2c889130b669a4ce937
O41 - HookUrl - HookUrl - C:\Program Files\Rising\Rfw\HookUrl.sys - (running) - HookUrl - Beijing Rising Technology Co., Ltd. - 93768ab1e576eef2de107eddbc586e9b
O41 - kl1 - Kaspersky Unified Driver - D:\WINDOWS\system32\drivers\kl1.sys - (running) - Kaspersky Unified Driver - Kaspersky Lab - bc02a8e0dd5dc266e5cc3636dd454403
O41 - klif - spuper-ptor - D:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - f0653e5e164123cad51edda22418c2a3
O41 - mProcRs - Rising Personal FireWall mprocrs.sys - c:\program files\Rising\Rfw\mProcRs.sys - (running) - Rising Personal FireWall mprocrs.sys - Beijing Rising Technology Co., Ltd. - f19fe6ccade903d285208247056daf6a
O41 - NPF - NPF Driver - TME extensions - D:\WINDOWS\system32\drivers\npf.sys - (running) - NPF Driver - TME extensions - Politecnico di Torino - f498c5c3399a60933196fc215ef074f9
O41 - npkcrypt - nProtect KeyCrypt Driver - c:\Program Files\Tencent\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - pfc - Padus(R) ASPI Shell - D:\WINDOWS\system32\drivers\pfc.sys - (running) - Padus(R) ASPI Shell - Padus, Inc. - 957b82ec80ad7ead64e5e47df6b0dc40
O41 - PxHelp20 - Px Engine Device Driver for Windows 2000/XP - D:\WINDOWS\system32\drivers\PxHelp20.sys - (running) - Px Engine Device Driver for Windows 2000/XP - Sonic Solutions - 86724469cd077901706854974cd13c3e
O41 - RsFwDrv - nt_fwdrv - C:\Program Files\Rising\Rfw\rsfwdrv.sys - (running) - nt_fwdrv - Beijing Rising Technology Co., Ltd. - 1869e55cfacff0ff786d4ba6d2340ee2
O41 - sptd - sptd - D:\WINDOWS\system32\drivers\sptd.sys - (running) - - -
O41 - ZSMC301b - Video streaming and Capture Device Driver - D:\WINDOWS\system32\drivers\usbVM31b.sys - (running) - Video streaming and Capture Device Driver - VM - db56abdf7708c78a6c9269791d878eef
O41 - kasda301b - Video streaming and Capture Device Driver - D:\WINDOWS\system32\drivers\usbVM31b.sys - (not running) - Video streaming and Capture Device Driver - VM - db56abdf7708c78a6c9269791d878eef
O41 - NTSIM - Network Device Monitor Utility - D:\WINDOWS\system32\ntsim.sys - (not running) - Network Device Monitor Utility - VIA Networking Technologies, Inc. - a568b9a9ffe2d9387222a5c90f86d731
O41 - SkyProcs - SkyProcs - E:\Program Files\SkyNet\FireWall\SkyProcs.sys - (not running) - - -
O41 - TSP - spuper-ptor - D:\WINDOWS\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Lab - f0653e5e164123cad51edda22418c2a3
O41 - VFILT - VFILT - E:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS - (not running) - - -
=======================================
360Safe.exe=3.0.1.1003
AntiAdwa.dll=2.2.1.2000
AntiEng.dll=3.0.1.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011
ElliottMars - 2007-1-13 18:25:00
是不是这个?...我对电脑不太懂...
ElliottMars - 2007-1-13 18:44:00
[CODE]
2007-01-13,18:31:51
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"D:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<ATIPTA><D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<BigDogPath><D:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera> [N/A]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<Super Rabbit SafeEdit><C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load> [Super Rabbit Soft]
<ISUSPM Startup><D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<WebThunder><E:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)RealNetworks, Inc.]
<SKYNET Personal FireWall><E:\Program Files\SkyNet\FireWall\pfw.exe> [N/A]
<AVP><"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
<360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
==================================
启动文件夹
[VIA RAID TOOL]
<D:\Documents and Settings\All Users\「开始」菜单\程序\启动\VIA RAID TOOL.lnk --> D:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [VIA Technologies]><N>
[木马杀客2007]
<D:\Documents and Settings\All Users\「开始」菜单\程序\启动\木马杀客2007.Lnk --> D:\PROGRA~1\木马杀客\mmsk.exe [N/A]><N>
[腾讯QQ]
<D:\Documents and Settings\Shomaru\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
ElliottMars - 2007-1-13 18:44:00
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<D:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<D:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
<"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[KCV30 USB PC Camera / kasda301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\c:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
<\??\E:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
ElliottMars - 2007-1-13 18:44:00
==================================
浏览器加载项
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\Program Files\Thunder Network\WebThunder\MediaAddin10.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用BitComet下载]
<res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[上传到QQ网络硬盘]
<, N/A>
[使用Web迅雷下载]
<E:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<E:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
<, N/A>
[添加到QQ表情]
<, N/A>
[用QQ彩信发送该图片]
<, N/A>
ElliottMars - 2007-1-13 18:47:00
==================================
正在运行的进程
[PID: 648][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1324][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1608][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1892][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.411]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[PID: 2024][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1432][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 232][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5090]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5090]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5090]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5090]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[PID: 1628][D:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[D:\WINDOWS\system32\VM31bPrp.Ax] [VM, 4.2.711.31]
[PID: 1868][D:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 41, 6]
[D:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
ElliottMars - 2007-1-13 18:47:00
[PID: 1024][D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 00, 100, 1161]
[PID: 384][D:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 1, 0, 0, 1001]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[D:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 1001]
[D:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 1, 2000]
[PID: 844][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 66]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rfw\PSAPI.DLL] [Microsoft Corporation, 4.00]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[PID: 1704][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[PID: 2092][D:\Program Files\VIA\RAID\raid_tool.exe] [VIA Technologies, 2, 2, 1, 0]
[D:\Program Files\VIA\RAID\drvInterface.dll] [VIA, 2, 0, 0, 0]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[PID: 2104][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 2172][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[C:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[D:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\VPortal.dll] [, 1, 0, 0, 4]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
ElliottMars - 2007-1-13 18:47:00
[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 3, 30]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[C:\Program Files\Tencent\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\videodevice.dll] [Tencent, 1, 6, 0, 0]
[C:\Program Files\Tencent\QQ\inplus.dll] [Tencent, 1, 6, 0, 0]
[D:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\Program Files\Tencent\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[C:\Program Files\Tencent\QQ\QQSettingCtrl.dll] [, 1, 0, 0, 1]
[PID: 2312][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2688][D:\Program Files\ChinaNet\VnetClient.exe] [, 2006, 3, 17, 1]
[D:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[D:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 3, 8, 18]
[D:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[D:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 2, 8, 1]
[D:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[D:\PROGRA~1\ChinaNet\PlugIns\SMSPLU~1\SMSPLU~1.DLL] [, 1, 0, 0, 1]
[D:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[D:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
[D:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2006, 2, 20, 1]
[D:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[D:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2006, 5, 29, 14]
[D:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 5, 26, 9]
[D:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 11, 14, 1]
[D:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[D:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 3, 24, 9]
[D:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[D:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2006, 5, 24, 16]
[D:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[D:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[D:\WINDOWS\system32\pthreadVC.dll] [N/A, N/A]
[D:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[D:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[D:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 5, 29, 11]
[D:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[D:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[D:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[D:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2006, 5, 24, 14]
[D:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2006, 3, 14, 10]
[D:\PROGRA~1\ChinaNet\MAGICD~1.OCX] [, 1, 0, 0, 1]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[D:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
ElliottMars - 2007-1-13 18:48:00
[PID: 528][C:\Program Files\Tencent\QQ\QQMusic.exe] [Tencent, 7, 3, 101, 40]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[C:\Program Files\Tencent\QQ\QQMusicUI.dll] [Tencent, 7, 3, 101, 40]
[C:\Program Files\Tencent\QQ\riched20.dll] [Microsoft Corporation, 5.31.23.1218]
[C:\Program Files\Tencent\QQ\QQMusicSkin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\PROGRA~1\Tencent\QQ\VQQPLA~1.OCX] [Tencent Technology (Shenzhen) Company Limited, 3, 0, 101, 10]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[C:\PROGRA~1\Tencent\QQ\vqqsdl.dll] [Tencent Technology (Shenzhen) Company Limited, 3, 0, 101, 10]
[C:\PROGRA~1\Tencent\QQ\TNProxy.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 10]
[D:\WINDOWS\system32\wmvcore.dll] [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
[D:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[D:\WINDOWS\system32\ac3filter.ax] [, 1.01a]
[D:\WINDOWS\system32\DVobSub.ax] [Gabest, 1, 0, 0, 9]
[D:\WINDOWS\system32\MMSwitch.ax] [Morgan Multimedia, 0, 9, 9, 0]
[PID: 1180][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.411]
[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3000][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.411]
[PID: 3208][E:\Program Files\Thunder Network\WebThunder\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 5, 0, 77]
[E:\Program Files\Thunder Network\WebThunder\taskmanage.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 77]
[E:\Program Files\Thunder Network\WebThunder\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 11, 3, 22]
[E:\Program Files\Thunder Network\WebThunder\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 11, 3, 22]
[E:\Program Files\Thunder Network\WebThunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 39]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[E:\Program Files\Thunder Network\WebThunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
[E:\Program Files\Thunder Network\WebThunder\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
[E:\Program Files\Thunder Network\WebThunder\UpdateExec.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 5]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.411]
[E:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll] [ , 1, 0, 0, 14]
[E:\Program Files\Thunder Network\WebThunder\iEmbed07.dll] [ , 3, 1, 0, 58]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.411]
[E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.411]
[e:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.411]
[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1116][E:\TDdownload\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [N/A, 1, 0, 0, 1001]
[E:\TDdownload\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]
ElliottMars - 2007-1-13 18:48:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP Error. [D:\WINDOWS\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
RVA 错误: LoadLibraryA
RVA 错误: LoadLibraryExA
RVA 错误: LoadLibraryExW
RVA 错误: LoadLibraryW
入口点错误:CreateProcessA
入口点错误:CreateProcessW
==================================
ElliottMars - 2007-1-13 18:48:00
终于发好了...
水树雨下 - 2007-1-13 18:53:00
用没用外挂?
ElliottMars - 2007-1-13 19:55:00
用饿....
ElliottMars - 2007-1-13 19:56:00
是不是很多病毒?...
ElliottMars - 2007-1-13 20:00:00
怎么办...
安全防卫 - 2007-1-13 20:09:00
日志看不出问题~~~~~
不用外挂看看会不会报
ElliottMars - 2007-1-13 20:10:00
问下怎么办..... 重装系统???
ElliottMars - 2007-1-13 20:26:00
我WG在一个星期前就删了
ElliottMars - 2007-1-13 20:27:00
但是还是报饿 难道这就是所谓的 千年难遇的隐藏病毒?
ElliottMars - 2007-1-13 20:31:00
水树雨下 - 2007-1-13 20:37:00
外挂本身就是后门
1
© 2000 - 2026 Rising Corp. Ltd.