用熊猫烧香专杀杀出个richtx32.exe bbs.ikaka.com

eliasdaniel - 2007-3-25 14:56:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<xj3bfb69ctt><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
<wbugwt694><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<AGRSMMSG><AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HControl><C:\WINDOWS\ATK0100\HControl.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe> [SHHIC]
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<kernelmh><C:\WINDOWS\Kernelmh.exe> []
<AntiARPStandalone><D:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe> [www.AntiARP.com]
<upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zt.exe> [N/A]
<cmdbcs><C:\WINDOWS\SMSS.EXE> []
<load><; C:\WINDOWS\uninstall\rundl132.exe> []
<LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe> [Agere Systems]
<realplayer><; C:\WINDOWS\8Sy.exe> []
<SAMSUNG Keydefine><; C:\Program Files\Keydefine\KeyDefin.exe> []
<SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPLpr><; C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> []

eliasdaniel - 2007-3-25 14:56:00

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[huawei-3com EAD appendix service / H3C_EAD_APX_SVR][Stopped/Manual Start]
<C:\Program Files\Huawei-3Com\H3C Client\eadApxSvr.exe -startService ><N/A>
[huawei-3com protocol authentication service manage center / H3C_SVR_MNG_SERVICE][Running/Manual Start]
<C:\Program Files\Huawei-3Com\H3C Client\AuthenMngService.exe -startService ><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[SENS LT56ADW Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
<system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[AntiyNF / AntiyNF][Running/Auto Start]
<system32\drivers\AntiyNF.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
<System32\Drivers\usbdriver.sys><BHDC>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ATKACPI.sys><>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><N/A>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Running/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Auto Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R592 / R592][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\R592.sys><REDC>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SigmaTel C-Major Audio / STAC97][Running/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel? Corporation>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
<system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>

eliasdaniel - 2007-3-25 14:58:00

==================================
浏览器加载项
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DragSearch BHO]
{EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[一搜工具条]
{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <C:\Program Files\YiSou\yisou.dll, 3721>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[一搜工具条]
{115F6E46-FCBC-41ED-B3B5-3BDDD4AAB5E5} <C:\Program Files\YiSou\yisou.dll, 3721>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[DragSearch BHO]
{EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[!搜一搜]
<res://C:\Program Files\YiSou\yisou.dll/232, N/A>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================

eliasdaniel - 2007-3-25 14:59:00

正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4110]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1444][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[d:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 5.00.2000.3]
[C:\WINDOWS\RichDll.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\JJN.IME] [加加在线, 3.11.0.0]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\PROGRA~1\YiSou\yisoub.dll] [, 1, 2, 5, 1005]
[PID: 944][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[d:\program files\rising\rfw\PSAPI.DLL] [Microsoft Corporation, 4.00]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[PID: 1160][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5134]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5134]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5134]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5134]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 1180][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.46 2.1.46 07/22/2004 13:38:36]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 1204][C:\WINDOWS\ATK0100\HControl.exe] [, 1043, 2, 15, 43]
[C:\WINDOWS\ATK0100\CMSSC.dll] [N/A, ]
[C:\WINDOWS\ATK0100\inter_f2.dll] [ATK, 1043, 2, 15, 43]
[C:\WINDOWS\ATK0100\ATKWLIOC.DLL] [ACTIONTEC Electronics,Inc, 2.01.02]
[C:\WINDOWS\ATK0100\SiSPkt.dll] [Silicon Integrated Systems Corp., 1, 0, 0, 39]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 2060][C:\WINDOWS\system32\BHDCRegC.exe] [SHHIC, 1.01]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 2220][D:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe] [www.AntiARP.com, 4.0.0.1]
[D:\Program Files\AntiARP Stand-alone Edition\xantiarp.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[PID: 2272][C:\WINDOWS\ATK0100\ATKOSD.exe] [, 1043, 2, 15, 43]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 2300][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 3132][C:\Program Files\JJOL\IME\JJSvr.EXE] [加加在线, 3.11.0.1]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 3392][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[PID: 2356][C:\Program Files\Huawei-3Com\H3C Client\H3C Client.exe] [华为技术有限公司, CH V2.40-0143]
[C:\WINDOWS\system32\h3c_utility.dll] [N/A, ]
[C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.56]
[C:\Program Files\Huawei-3Com\H3C Client\SecurityAuth.dll] [N/A, ]
[C:\Program Files\Huawei-3Com\H3C Client\X1Face.dll] [N/A, ]
[C:\Program Files\Huawei-3Com\H3C Client\PortalFace.dll] [, 1, 0, 0, 1]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[PID: 1688][D:\Program Files\TheWorld 2.0\TheWorld.exe] [Phoenix Studio, 2, 0, 2, 2]
[D:\PROGRA~1\THEWOR~1.0\languages\chs.dll] [Phoenix Studio, 2, 0, 2, 2]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, ]
[PID: 2868][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
[d:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[d:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[d:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
[d:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[d:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[d:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[d:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[d:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[d:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
[d:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[d:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [, 1, 0, 1, 17]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 15]
[d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll] [　, 3, 2, 0, 63]
[d:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
[d:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
[d:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[d:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [, 1, 1, 0, 4]
[d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 1, 0, 4]
[d:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
[d:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
[d:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, ]
[PID: 3168][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\447376.exe] [北京江民新科技术有限公司, 4, 0, 7, 124]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[PID: 2520][E:\TDdownload\3\sreng2(1)\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
[D:\PROGRA~1\MICROS~1\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.6551]

eliasdaniel - 2007-3-25 14:59:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

eliasdaniel - 2007-3-25 15:00:00

请大家看看，谢谢

newcenturymoon - 2007-3-25 15:12:00

<upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zt.exe> [N/A]
<cmdbcs><C:\WINDOWS\SMSS.EXE> []
<load><; C:\WINDOWS\uninstall\rundl132.exe> []
<LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe> [Agere Systems]
<realplayer><; C:\WINDOWS\8Sy.exe> []
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom] [N/A, ]
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> []

紫墨蓝尘 - 2007-3-25 15:28:00

请这位兄弟加我QQ397005089 把这个文件发给偶不会操作加我远程协助
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\447376.exe
C:\WINDOWS\system32\BHDCRegC.exe
C:\WINDOWS\Kernelmh.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zt.exe
C:\WINDOWS\SMSS.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk
C:\WINDOWS\uninstall\rundl132.exe
=========================================================================================
1. 杀毒前关闭系统还原(Win2000系统可以忽略）：右键我的电脑，属性，系统还原，在所有驱动器上关闭系统还原打勾即可。
清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮，将删除所有脱机内容打勾，点确定删除。

关闭QQ等应用程序。进行如下操作前，请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。
==========================================================================================
工具有：
PowerRMV 下载地址:
http://ishare.sina.com.cn/cgi-bin/fileid.cgi?fileid=1020456

使用方法：
分别填入下面的文件（包括完整的路径），勾选“抑止杀灭对象再次生成”，点杀灭【有找不到提示的请忽略错误继续】如果有多个文件，重复上一步。

WINDOWS 清理助手：官方下载地址：http://www.arswp.com/download/arswp/arswp.rar

使用方法：
运行ArSwp.exe，然后按立即清理，扫描完毕后就按清理建议全部清理

恶意软件清理助手霏凡下载地址：http://www.crsky.com/soft/6251.html

使用方法：
运行RogueCleaner.exe，然后按检测恶意软件，扫描完毕后按清理选中的项目建议全部清理

360安全卫士官方下载地址：http://www.360safe.com/download.html

使用方法：
安装后，运行360安全卫士，然后按查杀恶意软件-》开始扫描扫描完毕后就按立即清理建议全部清理

注：还有去百度找个威金专杀杀一杀
==========================================================================================
1.用PowerRMV删除如下项目：
C:\WINDOWS\system32\BHDCRegC.exe
C:\WINDOWS\Kernelmh.exe
C:\WINDOWS\SMSS.EXE
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk
C:\WINDOWS\uninstall\rundl132.exe
C:\WINDOWS\system32\DRIVERS\npf.sys
C:\WINDOWS\system32\drivers\AntiyNF.sys
==========================================================================================
重启计算机然后再进入安全模式执行如下的操作（重启电脑连续按F8 选择第一项安全模式）
==========================================================================================
用工具 SREng 删除如下各项

在SREng中点启动项目 --> 注册表进入后用鼠标左键在对应要修复的项上单击然后点击"删除"
删除如下项目：
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
<xj3bfb69ctt><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
<wbugwt694><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe> []
<run><> [N/A]（有则删除没有就忽略）
<BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe> [SHHIC]
<kernelmh><C:\WINDOWS\Kernelmh.exe> [] （这个是啥？？如果你不知道就删除）
<upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zt.exe> [N/A]
<cmdbcs><C:\WINDOWS\SMSS.EXE> []
<realplayer><; C:\WINDOWS\8Sy.exe> []
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> []
按编辑把 <load><; C:\WINDOWS\uninstall\rundl132.exe> []改成<load><> 把里面的冬冬删除掉
==========================================================================================
在SERng中点启动项目 --> 服务 --> 驱动程序进入后（勾选隐藏已认证的微软项目），用鼠标左键在对应要修复的项上单击然后点“设置” 按钮即可（注意到最后弹出的窗口中要点 “NO 否”才是确认删除驱动。）
删除如下项目：
[AntiyNF / AntiyNF][Running/Auto Start]
<system32\drivers\AntiyNF.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><N/A>
==========================================================================================
好了最后在安全模式用 WINDOWS 清理助手、恶意软件清理助手、360安全卫士
回来后再扫日志上来
==========================================================================================

友情提醒：
1. 建议通过Windows Update安装好系统补丁程序（下不了补丁的用户可以用XP的换号器进行换号）
2. 给系统管理员帐户设置足够复杂的管理员密码，最好是10位以上，字母+数字+其它符号
3. 禁用自动播放，用U盘时候，不要双击打开，用右键打开
4. 安装杀毒软件+防火墙+规则包（有很多人都不用，那只会令一些病毒、蠕虫、木马等在你家的电脑上开Party）
5. 第5个也是最重要的一个就是养好上网习惯 "养成上网好习惯远离病毒就健康" ^_^

eliasdaniel - 2007-3-25 20:27:00

实在太感谢了，我正在按步骤查杀中

eliasdaniel - 2007-3-25 20:31:00

另外，我有个问题，我的电脑里还有arp病毒吗？网管说有，所以我昨天格式化过一次，结果今天就碰到了好多病毒（瑞星查不出啊）。而且刚才我开机的时候windows 进入硬盘检测，发现许多bad clusters，replace了许多dllcall里面的dll文件（但是null），好不容易才开了机，是我硬盘破损了，还是病毒呢？

eliasdaniel - 2007-3-25 21:16:00

根据紫墨蓝尘兄的建议修复后的日志：

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HControl><C:\WINDOWS\ATK0100\HControl.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<AntiARPStandalone><; D:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe> [www.AntiARP.com]
<LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe> [Agere Systems]
<SAMSUNG Keydefine><; C:\Program Files\Keydefine\KeyDefin.exe> []
<SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPLpr><; C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"d:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[huawei-3com EAD appendix service / H3C_EAD_APX_SVR][Stopped/Manual Start]
<C:\Program Files\Huawei-3Com\H3C Client\eadApxSvr.exe -startService ><N/A>
[huawei-3com protocol authentication service manage center / H3C_SVR_MNG_SERVICE][Stopped/Manual Start]
<C:\Program Files\Huawei-3Com\H3C Client\AuthenMngService.exe -startService ><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

eliasdaniel - 2007-3-25 21:17:00

==================================
驱动程序
[SENS LT56ADW Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
<system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
<System32\Drivers\usbdriver.sys><BHDC>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ATKACPI.sys><>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Auto Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R592 / R592][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\R592.sys><REDC>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SigmaTel C-Major Audio / STAC97][Running/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel? Corporation>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
<system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>

==================================
浏览器加载项
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================

eliasdaniel - 2007-3-25 21:18:00

==================================
正在运行的进程
[PID: 952][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4110]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1100][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2008][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 920][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[d:\program files\rising\rfw\PSAPI.DLL] [Microsoft Corporation, 4.00]
[PID: 720][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5134]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5134]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5134]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5134]
[PID: 728][C:\WINDOWS\ATK0100\HControl.exe] [, 1043, 2, 15, 43]
[C:\WINDOWS\ATK0100\CMSSC.dll] [N/A, ]
[C:\WINDOWS\ATK0100\inter_f2.dll] [ATK, 1043, 2, 15, 43]
[C:\WINDOWS\ATK0100\ATKWLIOC.DLL] [ACTIONTEC Electronics,Inc, 2.01.02]
[C:\WINDOWS\ATK0100\SiSPkt.dll] [Silicon Integrated Systems Corp., 1, 0, 0, 39]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1428][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1460][C:\WINDOWS\ATK0100\ATKOSD.exe] [, 1043, 2, 15, 43]
[PID: 1664][E:\TDdownload\3\sreng2(1)\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛