瑞星卡卡安全论坛
sftc19900416 - 2007-8-29 10:17:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 10:03:27, 日期 2005-8-29
操作系统: Windows XP SP1 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2800.1106)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Program Files\KuGoo3\KuGoo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HelloNet\HNMainUI.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Tencent\QQ\QQ.exe
D:\游戏\浩方对战平台\GameClient.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\OCINS\idnsvr.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\游戏\梦幻西游\my.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - 启动项HKLM\\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - 启动项HKLM\\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - 启动项HKLM\\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavScanBD] "C:\Program Files\Rising\Rav\ScanBD.exe" /INST
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [popo2004] C:\Program Files\Netease\popo2004\start.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [KuGoo3] E:\Program Files\KuGoo3\KuGoo.exe
O4 - 启动项HKLM\\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "D:\游戏\三国志\daemon.exe" -lang 1033 -lock
O4 - 启动项HKLM\\Run: [Storm2Set] C:\WINDOWS\System32\rundll32.exe "E:\PROGRA~1\StormSet.dll",CheckEnv
O4 - 启动项HKLM\\Run: [WebThunder] "C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" /autostart
O4 - 启动项HKLM\\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KuGoo3] "E:\Program Files\KuGoo3\KuGoo.exe"
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGame\Accel.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 珊瑚虫超级搜索 - C:\PROGRA~1\yok\yoksch.htm
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\游戏\浩方对战平台\GameClient.exe
O9 - 浏览器额外的按钮: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://photo.qq.com/qzone_v4/QzoneMediaTools.cab
O16 - DPF: {32D72994-45B9-42B5-8980-FB561D1BE2D0} (nEdit Control) - https://ekey.163.com/nEdit.cab
O16 - DPF: {BAC112DD-C51E-4712-A622-77C1D8075072} (ChinaCache加速下载客户端) - http://p2spdownload.chinacache.com/p2spcp4ie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C9E79BE-2E42-4AA8-BA92-ADD8915866F0}: NameServer = 202.101.172.35 202.101.172.47
O18 - 列举现有的协议: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - E:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Poco 0.31; KuGooSoft)
sftc19900416 - 2007-8-29 10:53:00
谁来看下啊 经常乱跳出网站
╰☆不留名シ - 2007-8-29 11:08:00
请说清楚自己的症状
sftc19900416 - 2007-8-29 11:28:00
【回复“╰☆不留名シ”的帖子】
有网站经常跳出来
瑞星监控跳出删除文件
但是没用过会还是会出现相同情况
Leoooo - 2007-8-29 11:38:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以),不要修改(一次发不完请分次发上来)
6
扫日志的时候尽量把不必要的软件关闭 如QQ TM 迅雷等7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
sftc19900416 - 2007-8-29 11:47:00
瑞星卡卡电脑诊断日志 v1.30 (2005-8-29 11:31:31) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
35BD4A64
[A ] 1. c:\windows\system32\9b6cff74.exe
Microsoft Corporation
賞鵦0,賞鵦1,賞鵦2,
Ati HotKey Poller
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
ATI Smart
[A ] 3. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,
NetSvc
[A ] 4. c:\program files\intel\prosetwired\ncs\sync\netsvc.exe
Intel(R) Corporation
NetSvc Module
.text,.rdata,.data,.rsrc,
ose
[A ] 5. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
RfwProxySrv
[A ] 6. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 7. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
RsCCenter
[A ] 8. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 9. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
svchost
[A ] 10. c:\windows\system32\dllcache\svchost.exe
Microsoft Corporation
燿8D0,燿8D1,燿8D2,
UMWdf
[AM] 11. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
WmdmPmSN
[A ] 12. c:\windows\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ADIHdAudAddService
[A ] 13. c:\windows\system32\drivers\adihdaud.sys
Analog Devices, Inc.
High Definition Audio Function Driver(Release Candidate 1)
.text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
AEAudioService
[A ] 14. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Andrea Audio Noise Cancellation Driver
.text,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
aslm75
[A ] 15. c:\windows\system32\drivers\aslm75.sys
.text,INIT,.reloc,
BaseTDI
[A ] 16. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
BRPPPOE
[A ] 17. c:\windows\system32\drivers\brpppoe.sys
.text,.rdata,.data,INIT,.reloc,
cnprov
[A ] 18. c:\windows\system32\drivers\cnprov.sys
中国互联网络信息中心(CNNIC)
国际化域名辅助模块
.text,.data,INIT,.rsrc,.reloc,
d347bus
[A ] 19. c:\windows\system32\drivers\d347bus.sys
PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
d347prt
[A ] 20. c:\windows\system32\drivers\d347prt.sys
SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
E1000
[A ] 21. c:\windows\system32\drivers\e1000325.sys
Intel Corporation
Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
EagleNT
[A ] 22. c:\windows\system32\drivers\eaglent.sys
ExpScaner
[A ] 23. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
Firitie
[A ] 24. c:\windows\system32\drivers\firitie.sys
.text,.data,INIT,.rsrc,.reloc,
gwiopm
[A ] 25. c:\program files\wom\gwiopm.sys
HdAudAddService
[A ] 26. c:\windows\system32\drivers\hdaudio.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Function Driver v1.0a
.text,CODE,.rdata,.data,PAGE,PAGED,INIT,.rsrc,.reloc,
HDAudBus
[A ] 27. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
HookCont
[A ] 28. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
sftc19900416 - 2007-8-29 11:47:00
HookReg
[A ] 29. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 30. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 31. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
idnaux
[A ] 32. c:\windows\system32\drivers\idnaux.sys
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 33. c:\program files\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
mProcRs
[A ] 34. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 35. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkycryp
[A ] 36. c:\program files\tencent\qq\npkycryp.sys
oreans32
[A ] 37. c:\windows\system32\drivers\oreans32.sys
.text,.rdata,.data,INIT,.reloc,
RsAntiSpyware
[A ] 38. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 39. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 40. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 41. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 42. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
SenFiltService
[A ] 43. c:\windows\system32\drivers\senfilt.sys
Sensaura
Sensaura WDM 3D Audio Driver
.text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
usbehci
[A ] 44. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
Voso667
[A ] 45. c:\windows\system32\drivers\voso667.sys
.text,.data,INIT,.rsrc,.reloc,
ZSMC301b
[A ] 46. c:\windows\system32\drivers\usbvm31b.sys
VM
Video streaming and Capture Device Driver
.text,.data,PAGECONS,INIT,.rsrc,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 47. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
WgaLogon
[AM] 48. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
+ HKCU\Control Panel\Desktop
Scrnsave.exe
[A ] 49. c:\windows\system32\梦幻西游ii屏保.scr
Acme Photo Software
梦想之巅屏保播放器
pec1,.rsrc,.rsrc,
+ IE浏览器加载模块
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{22F86F33-9CBB-49a8-BB12-CDBE51B4C294}
[A ] 50. c:\program files\ocins\srchsp.dll
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000AAA-A363-466E-BEF5-9BB68697AA7F}
[AM] 51. c:\program files\thunder network\webthunder\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{7605CC7C-00FD-4A5F-BAFD-828342DE6279}
[AM] 52. c:\program files\ocins\ieaux.dll
中国互联网络信息中心(CNNIC)
国际化域名解析模块
.text,.rdata,.data,Shared,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 53. d:\游戏\浩方对战平台\gameclient.exe
上海浩方在线信息技术有限公司
浩方对战平台
.text,.rdata,.data,.rsrc,
Exec
[A ] 54. c:\program files\ocins\config.exe
中国互联网络信息中心(CNNIC)
config
.text,.rdata,.data,.rsrc,
Script
[A ] 55. c:\windows\web\related.htm
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
KuGoo3
[A ] 56. e:\program files\kugoo3\inextend\kugoo3downxcontrol.ocx
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 57. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Auto Update Property Sheet Extension
[A ] 58. c:\windows\system32\wuaucpl.cpl
Microsoft Corporation
Automatic Updates Control Panel
.text,.data,.rsrc,.reloc,
WinRAR shell extension
[A ] 59. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 60. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 61. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
Portable Media Devices Menu
[A ] 61. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
RISING
[A ] 62. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[AM] 63. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 64. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
sftc19900416 - 2007-8-29 11:48:00
+ 用户登陆自运行项目
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
KuGoo3
[AM] 65. e:\program files\kugoo3\kugoo.exe
专业音乐P2P传输软件
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
High Definition Audio Property Page Shortcut
[A ] 66. c:\windows\system32\hdashcut.exe
Windows (R) Server 2003 DDK provider
High Definition Audio Property Page Shortcut v1.0a
.text,.data,.rsrc,
SoundMAXPnP
[AM] 67. c:\program files\analog devices\core\smax4pnp.exe
Analog Devices, Inc.
SMax4PNP
.text,.rdata,.data,.rsrc,
SoundMAX
[A ] 68. c:\program files\analog devices\soundmax\smax4.exe
Analog Devices, Inc.
Audio Control Panel
.text,.rdata,.data,.rsrc,
PRONoMgrWired
[A ] 69. c:\program files\intel\prosetwired\ncs\proset\pronomgr.exe
Intel(R) Corporation
PRONotifyMgr Module
.text,.rdata,.data,.rsrc,
ATIPTA
[AM] 70. c:\program files\ati technologies\ati control panel\atiptaxx.exe
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,
RfwMain
[AM] 71. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
RavScanBD
[A ] 72. c:\program files\rising\rav\scanbd.exe
Beijing Rising Technology Co., Ltd.
ScanBD Application
.text,.rdata,.data,.rsrc,
RavTask
[A ] 73. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
popo2004
[A ] 74. c:\program files\netease\popo2004\start.exe
网易(163.com)
.text,.rdata,.data,.idata,.rsrc,.reloc,
BigDogPath
[AM] 75. c:\windows\vm_sti.exe
VM.
Still Image (STI) Driver
.text,.rdata,.data,.rsrc,
TkBellExe
[AM] 76. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
KuGoo3
[AM] 65. e:\program files\kugoo3\kugoo.exe
专业音乐P2P传输软件
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
runeip
[AM] 77. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
WebThunder
[A ] 78. c:\program files\thunder network\webthunder\webthunder.exe
深圳市迅雷网络技术有限公司
Web 迅雷
.text,.rdata,.data,.rsrc,
IdnSvr
[AM] 79. c:\program files\ocins\idnsvr.exe
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 80. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 81. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 82. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\Folder\shell
Super Rabbit CDROM Eject
[A ] 83. c:\program files\super rabbit\magicset\srcd2.exe
Super Rabbit Software
UPX0,UPX1,.rsrc,
+ HKCR\.bat
batfile\edit\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
batfile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.html
htmlfile\Edit\Command
[A ] 85. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 85. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 85. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 85. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.log
txtfile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.txt
txtfile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.cmd
cmdfile\edit\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
cmdfile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.reg
regfile\edit\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
regfile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.vbs
VBSFile\Edit\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
VBSFile\Print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.js
JSFile\Edit\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
JSFile\Print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 86. c:\program files\real\realplayer\realplay.exe
RealNetworks, Inc.
RealPlayer
.text,.rdata,.data,.rsrc,
+ HKCR\.ini
inifile\open\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inifile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.inf
inffile\open\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inffile\print\Command
[A ] 84. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ 其他自启动项目
+ C:\Documents and Settings\tcsf\「开始」菜单\程序\启动
QQ游戏启动加速程序.lnk
[A ] 87. c:\program files\tencent\qqgame\accel.exe
深圳市腾讯计算机系统有限公司
QQ游戏
.text,.rdata,.data,.rsrc,
sftc19900416 - 2007-8-29 11:49:00
+ 正在运行的进程
+ 00000200(512) smax4pnp.exe
00400000[000E3000]
[AM] 67. c:\program files\analog devices\core\smax4pnp.exe
Analog Devices, Inc.
SMax4PNP
.text,.rdata,.data,.rsrc,
10000000[00057000]
[ M] 88. c:\program files\analog devices\core\smwdmif.dll
Analog Devices, Inc.
SMWDM Interface DLL
.text,.rdata,.data,.idata,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
00C50000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000023c(572) atiptaxx.exe
00400000[00054000]
[AM] 70. c:\program files\ati technologies\ati control panel\atiptaxx.exe
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,
10000000[00041000]
[ M] 92. c:\program files\ati technologies\ati control panel\atipdsxx.dll
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.sdata,.rsrc,.reloc,
00AD0000[0001A000]
[ M] 93. c:\program files\ati technologies\ati control panel\atrpuixx.chs
ATI Technologies, Inc.
ATI Desktop Control Panel
.rsrc,.reloc,
00C30000[00013000]
[ M] 94. c:\program files\ati technologies\ati control panel\atipdxxx.dll
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,.reloc,
00DF0000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000248(584) QQ.exe
00400000[001A6000]
[ M] 95. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
10000000[00022000]
[ M] 96. c:\program files\tencent\qq\coralassist.dll
Coral Team
珊瑚虫增强包加载库
.text,.rdata,.data,.rsrc,.reloc,
005C0000[0007C000]
[ M] 97. c:\program files\tencent\qq\coralqq.dll
Coral Team
CoralQQ Core DLL
,,,,.rsrc,,,.data,.adata,
003B0000[0002F000]
[ M] 98. c:\program files\tencent\qq\kql.dll
Coral Team
Kwafu QQ Library (KQL)
.text,.rsrc,.reloc,
7C420000[00087000]
[ M] 99. c:\program files\tencent\qq\msvcp80.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
78130000[0009B000]
[ M] 100. c:\program files\tencent\qq\msvcr80.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
60A80000[000F2000]
[ M] 101. c:\program files\tencent\qq\mfc42.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.rdata,.data,.rsrc,.reloc,
003F0000[00009000]
[ M] 102. c:\program files\tencent\qq\ipsearcher.dll
珊瑚虫 IP 地址查询工具
.text,.rsrc,.reloc,
00650000[0025A000]
[ M] 103. c:\program files\tencent\qq\qqbaseclassindll.dll
TENCENT
QQBaseClassInDll DLL
.text,.rdata,.data,.rsrc,.reloc,
008B0000[0009F000]
[ M] 104. c:\program files\tencent\qq\qqhelperdll.dll
TENCENT
QQHelperDll DLL
.text,.rdata,.data,.rsrc,.reloc,
00950000[00071000]
[ M] 105. c:\program files\tencent\qq\basicctrldll.dll
TENCENT
BasicCtrlDll DLL
.text,.rdata,.data,.rsrc,.reloc,
01D80000[00008000]
[ M] 106. c:\program files\tencent\qq\nodisturbfilter.cqx
Coral Team
拒绝视频打扰的珊瑚虫扩展
.text,.rdata,.data,.rsrc,.reloc,
01E00000[00006000]
[ M] 107. c:\program files\tencent\qq\confighotkey.cqx
Coral Team
热键激活珊瑚虫参数定制器的扩展
.text,.rdata,.data,.rsrc,.reloc,
621E0000[00005000]
[ M] 108. c:\program files\tencent\qq\riched32.dll
Microsoft Corporation
Wrapper Dll for Richedit 1.0
.text,.data,.rsrc,.reloc,
62170000[00068000]
[ M] 109. c:\program files\tencent\qq\riched20.dll
Microsoft Corporation
Rich Text Edit Control, v3.1
.text,.data,.rsrc,.reloc,
61310000[0003A000]
[ M] 110. c:\program files\tencent\qq\qqapi.dll
TENCENT
ModuleSample DLL
.text,.rdata,.data,.rsrc,.reloc,
62330000[00007000]
[ M] 111. c:\program files\tencent\qq\timproxy.dll
tencent
TIMProxy
.text,.orpc,.rdata,.data,.rsrc,.reloc,
02600000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
02780000[00006000]
[ M] 112. c:\program files\tencent\qq\autoreconnect.cqx
Coral Team
掉线后自动重新连接的珊瑚虫扩展
.text,.rdata,.data,.rsrc,.reloc,
027A0000[00038000]
[ M] 113. c:\program files\tencent\qq\loginctrl.dll
TENCENT
NewSkin
.text,.rdata,.data,.rsrc,.reloc,
608D0000[00099000]
[ M] 114. c:\program files\tencent\qq\loginctrlres.dll
TENCENT
LoginCtrl DLL
.rsrc,.reloc,
03260000[004A9000]
[ M] 115. c:\program files\tencent\qq\qqres.dll
TENCENT
QQRes
.rsrc,.reloc,
60A40000[00032000]
[ M] 116. c:\program files\tencent\qq\mailsummary.dll
TENCENT
MailSummary DLL
.text,.rdata,.data,.rsrc,.reloc,
61800000[00095000]
[ M] 117. c:\program files\tencent\qq\qqmainframe.dll
.text,.rdata,.data,.reloc,
603C0000[001A3000]
[ M] 118. c:\program files\tencent\qq\gdiplus.dll
Microsoft Corporation
Microsoft GDI+
.text,.data,Shared,.rsrc,.reloc,
04040000[00124000]
[ M] 119. c:\program files\tencent\qq\cqqapplication.dll
.text,.rdata,.data,.reloc,
60380000[0003E000]
[ M] 120. c:\program files\tencent\qq\flashavatardll.dll
FlashAvatarDll DLL
.text,.rdata,.data,.rsrc,.reloc,
60C20000[0005E000]
[ M] 121. c:\program files\tencent\qq\newskin.dll
TENCENT
NewSkin Module
.text,.rdata,.data,.rsrc,.reloc,
04360000[000BD000]
[ M] 122. c:\program files\tencent\qq\hostingmgr.dll
TENCENT
HostingMgr DLL
.text,.rdata,.data,.rsrc,.reloc,
60140000[00034000]
[ M] 123. c:\program files\tencent\qq\cameradll.dll
TENCENT
CameraDll DLL
.text,.rdata,.data,.MYSHARE,.rsrc,.reloc,
045E0000[0000C000]
[ M] 124. c:\program files\tencent\qq\coralhotkey.cqx
Coral Team
“老板键”和“一键锁定”珊瑚虫扩展
.text,.rdata,.data,.rsrc,.reloc,
617B0000[00017000]
[ M] 125. c:\program files\tencent\qq\qqknowledgesearch.dll
TENCENT
QQKnowledgeSearch DLL
.text,.rdata,.data,.rsrc,.reloc,
048D0000[001F1000]
[ M] 126. c:\program files\tencent\qq\qqallinone.dll
TENCENT
NewSkin
.text,.rdata,.data,.rsrc,.reloc,
62210000[0002B000]
[ M] 127. c:\program files\tencent\qq\sccore.dll
TENCENT
SCCore.dll
.text,.rdata,.data,.shareds,.rsrc,.reloc,
62020000[00022000]
[ M] 128. c:\program files\tencent\qq\qqspace.dll
TENCENT
QQSpace DLL
.text,.rdata,.data,.rsrc,.reloc,
62380000[00071000]
[ M] 129. c:\program files\tencent\qq\vbscript.dll
Microsoft Corporation
Microsoft (r) VBScript
.text,.rdata,.data,.rsrc,.reloc,
61690000[00071000]
[ M] 130. c:\program files\tencent\qq\qqgroupmng.dll
TENCENT
QQGroupMng DLL
.text,.rdata,.data,.rsrc,.reloc,
sftc19900416 - 2007-8-29 11:49:00
62360000[00017000]
[ M] 131. c:\program files\tencent\qq\userdefinedhead.dll
TENCENT
UserDefinedHead DLL
.text,.rdata,.data,.rsrc,.reloc,
619D0000[000D9000]
[ M] 132. c:\program files\tencent\qq\qqplugin.dll
.text,.rdata,.data,.reloc,
615F0000[0000C000]
[ M] 133. c:\program files\tencent\qq\qqconfigplugin.dll
TENCENT
QQConfigPlugin DLL
.text,.rdata,.data,.rsrc,.reloc,
61350000[0003D000]
[ M] 134. c:\program files\tencent\qq\qqavatar.dll
.text,.rdata,.data,.reloc,
62050000[0003D000]
[ M] 135. c:\program files\tencent\qq\qqsysmsgmng.dll
.text,.rdata,.data,.reloc,
61F90000[00071000]
[ M] 136. c:\program files\tencent\qq\qqsettingctrl.dll
TENCENT
QQSettingCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
62150000[00016000]
[ M] 137. c:\program files\tencent\qq\qringmng.dll
.text,.rdata,.data,.reloc,
61600000[00034000]
[ M] 138. c:\program files\tencent\qq\qqcustomface.dll
.text,.rdata,.data,.reloc,
02900000[0002A000]
[ M] 139. c:\program files\tencent\qq\qqpet.dll
TENCENT
QQPet DLL
.text,.rdata,.data,.rsrc,.reloc,
60970000[000A8000]
[ M] 140. c:\program files\tencent\qq\longconnection.dll
TENCENT
LongConnection
.text,.rdata,.data,.rsrc,.reloc,
60680000[00024000]
[ M] 141. c:\program files\tencent\qq\groupconnection.dll
TENCENT
GroupConnection DLL
.text,.rdata,.data,.rsrc,.reloc,
60D20000[00026000]
[ M] 142. c:\program files\tencent\qq\phoneapi.dll
TENCENT
PhoneAPI DLL
.text,.rdata,.data,.rsrc,.reloc,
60330000[0000D000]
[ M] 143. c:\program files\tencent\qq\dialerallinone.dll
tencent
DialerAllInOne
.text,.rdata,.data,Shared,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
72C60000[00006000]
[ M] 144. c:\windows\system32\msadp32.acm
Microsoft Corporation
Microsoft ADPCM CODEC for MSACM
.text,.rsrc,.reloc,
60770000[0001A000]
[ M] 145. c:\program files\tencent\qq\imageole.dll
TENCENT
TODO: <File description>
.text,.rdata,.data,.rsrc,.reloc,
617D0000[00015000]
[ M] 146. c:\program files\tencent\qq\qqliveqmng.dll
TENCENT
QQLiveQMng DLL
.text,.rdata,.data,.rsrc,.reloc,
06820000[00019000]
[ M] 147. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
60120000[0001F000]
[ M] 148. c:\program files\tencent\qq\bqqapplication.dll
.text,.rdata,.data,.reloc,
60CA0000[0000F000]
[ M] 149. c:\program files\tencent\qq\personaldesktop.dll
TENCENT
QQ个人桌面
.text,.rdata,.data,.rsrc,.reloc,
60180000[0004F000]
[ M] 150. c:\program files\tencent\qq\commercesmng.dll
TENCENT
CommercesMng DLL
.text,.rdata,.data,.rsrc,.reloc,
60E80000[00286000]
[ M] 151. c:\program files\tencent\qq\qqaddr.dll
深圳市腾讯计算机系统有限公司
腾讯通讯录
.text,.rdata,.data,.rsrc,.reloc,
620F0000[0005B000]
[ M] 152. c:\program files\tencent\qq\qqzip.dll
TENCENT
QQZip
.text,.rdata,.data,.rsrc,.reloc,
61F60000[0002C000]
[ M] 153. c:\program files\tencent\qq\qqscenemng.dll
.text,.rdata,.data,.reloc,
30000000[002EE000]
[ M] 154. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
617F0000[0000E000]
[ M] 155. c:\program files\tencent\qq\qqmagicface.dll
TENCENT
QQMagicFace DLL
.text,.rdata,.data,.rsrc,.reloc,
02430000[0002B000]
[ M] 156. c:\program files\tencent\qq\addrsearch.dll
腾讯科技(深圳)有限公司
QQPhoneHelper
UPX0,UPX1,.rsrc,
07DA0000[001D0000]
[ M] 157. c:\windows\system32\unispim5.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音输入法V5
.text,.rdata,.data,.share_d,.rsrc,.reloc,
61650000[0002A000]
[ M] 158. c:\program files\tencent\qq\qqfiletransfer.dll
TENCENT
QQFileTransfer DLL
.text,.rdata,.data,.rsrc,.reloc,
+ 0000027c(636) smss.exe
+ 000002c4(708) csrss.exe
+ 000002e8(744) winlogon.exe
10000000[00010000]
[AM] 47. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
01440000[0003B000]
[AM] 48. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01A90000[00018000]
[ M] 159. c:\windows\system32\svchost.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 00000314(788) services.exe
+ 00000320(800) lsass.exe
+ 000003bc(956) VM_STI.EXE
00400000[0000D000]
[AM] 75. c:\windows\vm_sti.exe
VM.
Still Image (STI) Driver
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000003c4(964) Ati2evxx.exe
00400000[00059000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
00B50000[0000F000]
[ M] 160. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
+ 000003e4(996) realsched.exe
00400000[0002F000]
[AM] 76. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000003f0(1008) svchost.exe
+ 0000044c(1100) runiep.exe
00400000[00013000]
[AM] 77. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00C20000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000464(1124) svchost.exe
50E60000[0000C000]
[ M] 161. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
sftc19900416 - 2007-8-29 11:50:00
+ 0000047c(1148) rundll32.exe
10000000[00014000]
[ M] 162. e:\program files\stormset.dll
北京暴风网际科技有限公司
暴风影音设置模块
.text,.rdata,.data,.rsrc,.reloc,
+ 000004a8(1192) wuauclt.exe
507E0000[00051000]
[ M] 163. c:\windows\system32\wucltui.dll
Microsoft Corporation
Windows Update Client UI Plugin
.text,.data,.rsrc,.reloc,
50E60000[0000C000]
[ M] 161. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
10000000[00005000]
[ M] 164. c:\windows\system32\wucltui.dll.mui
Microsoft Corporation
Windows Update Client UI Plugin
.rsrc,.reloc,
00A70000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000004b4(1204) idnsvr.exe
00400000[00016000]
[AM] 79. c:\program files\ocins\idnsvr.exe
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,
10000000[0002C000]
[ M] 165. c:\program files\ocins\idnsvr.dll
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
00C70000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000004dc(1244) ctfmon.exe
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000004f0(1264) svchost.exe
+ 00000510(1296) svchost.exe
+ 00000520(1312) KuGoo.exe
00400000[0074B000]
[AM] 65. e:\program files\kugoo3\kugoo.exe
专业音乐P2P传输软件
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
10000000[00024000]
[ M] 166. e:\program files\kugoo3\mp3lib.dll
.text,.rdata,.data,.reloc,
02670000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
038B0000[00010000]
[ M] 167. e:\program files\kugoo3\randomshuffle.dll
Microsoft Corporation
Windows Shell Common Dll
.text,.rdata,.data,.rsrc,.reloc,
04510000[00011000]
[AM] 64. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
047D0000[00019000]
[ M] 147. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 154. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
+ 000005dc(1500) svchost.exe
+ 0000067c(1660) Ati2evxx.exe
00400000[00059000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
003E0000[0000F000]
[ M] 160. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000684(1668) WgaTray.exe
01000000[00052000]
[ M] 168. c:\windows\system32\wgatray.exe
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000006a4(1700) RavStub.exe
00400000[00018000]
[ M] 169. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 170. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 171. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000704(1796) spoolsv.exe
+ 0000076c(1900) Explorer.EXE
10000000[00011000]
[AM] 64. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01C60000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
023D0000[00018000]
[ M] 159. c:\windows\system32\svchost.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000007b0(1968) conime.exe
10000000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000007b8(1976) RfwMain.exe
00400000[00073000]
[AM] 71. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
26600000[0007D000]
[ M] 172. c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 173. c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0000F000]
[ M] 174. c:\program files\rising\rfw\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
23800000[0001A000]
[ M] 175. c:\program files\rising\rfw\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
sftc19900416 - 2007-8-29 11:51:00
23900000[00031000]
[ M] 176. c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
012E0000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
731B0000[0000A000]
[ M] 177. c:\program files\rising\rfw\psapi.dll
Microsoft Corporation
Process Status Helper
.text,.rdata,.data,.rsrc,.reloc,
+ 000007dc(2012) IEXPLORE.EXE
10000000[00019000]
[AM] 51. c:\program files\thunder network\webthunder\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
02BC0000[00057000]
[AM] 52. c:\program files\ocins\ieaux.dll
中国互联网络信息中心(CNNIC)
国际化域名解析模块
.text,.rdata,.data,Shared,.rsrc,.reloc,
02D30000[0002C000]
[ M] 165. c:\program files\ocins\idnsvr.dll
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
030F0000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
325C0000[00012000]
[AM] 63. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 89. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 90. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
04100000[00019000]
[ M] 147. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 154. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
+ 00000824(2084) wdfmgr.exe
01000000[0000C000]
[AM] 11. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
+ 00000d30(3376) Ras.exe
00400000[0013F000]
[ M] 178. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 179. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01530000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000d6c(3436) HNMainUI.exe
00400000[00063000]
[ M] 180. c:\program files\hellonet\hnmainui.exe
HelloNet Main User Interface
.text,.rdata,.data,.rsrc,
5FF50000[0003D000]
[ M] 181. c:\program files\hellonet\hnkernel.dll
HelloNet
HelloNet logic
.text,.rdata,.data,.rsrc,.reloc,
5FFD0000[0002A000]
[ M] 182. c:\program files\hellonet\hnutils.dll
HNUtils Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[00032000]
[ M] 183. c:\program files\hellonet\hnres_0804.dll
HNRes_08 Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
5FF90000[00035000]
[ M] 184. c:\program files\hellonet\plugins\diagnose.dll
HelloNet
Diagnose
.text,.rdata,.data,.rsrc,.reloc,
016D0000[0001B000]
[ M] 91. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
Leoooo - 2007-8-29 11:53:00
c:\windows\system32\9b6cff74.exe
c:\windows\system32\dllcache\svchost.exe
c:\windows\system32\mspmsnsv.dll
c:\windows\system32\drivers\aslm75.sys
c:\windows\system32\drivers\brpppoe.sys
c:\windows\system32\drivers\voso667.sys
c:\windows\system32\梦幻西游ii屏保.scr
c:\windows\web\related.htm
上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
sftc19900416 - 2007-8-29 11:59:00
高手在问下那个压缩包弄什么`````
╰☆不留名シ - 2007-8-29 12:02:00
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
日志一次发不完,请分次发上来
sftc19900416 - 2007-8-29 12:08:00
[CODE]
2005-08-29,11:53:50
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<KuGoo3><"E:\Program Files\KuGoo3\KuGoo.exe"> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<PRONoMgrWired><C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavScanBD><"C:\Program Files\Rising\Rav\ScanBD.exe" /INST> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<popo2004><C:\Program Files\Netease\popo2004\start.exe> [网易(163.com)]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<KuGoo3><E:\Program Files\KuGoo3\KuGoo.exe> []
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<DAEMON Tools-1033><"D:\游戏\三国志\daemon.exe" -lang 1033 -lock> [N/A]
<Storm2Set><C:\WINDOWS\System32\rundll32.exe "E:\PROGRA~1\StormSet.dll",CheckEnv> [北京暴风网际科技有限公司]
<WebThunder><"C:\Program Files\Thunder Network\WebThunder\WebThunder.exe" /autostart> [深圳市迅雷网络技术有限公司]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [中国互联网信息中心(CNNIC)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Userinit><rundll32.exe C:\WINDOWS\System32\winsys16_070826.dll start> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\梦幻西~1.SCR> [Acme Photo Software]
sftc19900416 - 2007-8-29 12:09:00
==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\tcsf\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[35BD4A64 / 35BD4A64][Stopped/Auto Start]
<C:\WINDOWS\System32\9B6CFF74.EXE -g><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
<C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
<C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[svchost / svchost][Stopped/Auto Start]
<C:\WINDOWS\System32\dllcache\svchost.exe -g><Microsoft Corporation>
==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[aslm75 / aslm75][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\aslm75.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]
<System32\DRIVERS\brpppoe.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
<System32\DRIVERS\e1000325.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[gwiopm / gwiopm][Stopped/Manual Start]
<\??\C:\Program Files\Wom\gwiopm.sys><N/A>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<System32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[启动WEB迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
sftc19900416 - 2007-8-29 12:10:00
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\System32\QQPhotoDraw.dll, TENCENT>
[nEdit Control]
{32D72994-45B9-42B5-8980-FB561D1BE2D0} <C:\WINDOWS\System32\nEdit\nEdit.ocx, NetEase Information Technology (Beijing) Co. Ltd>
[ChinaCache加速下载客户端]
{BAC112DD-C51E-4712-A622-77C1D8075072} <C:\WINDOWS\DOWNLO~1\P2SPCP~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDapPlayer_Now.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[YOKHttpFilter Class]
{686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\Program Files\yok\adblock.dll, N/A>
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[YOKAdBlock Class]
{718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\Program Files\yok\adblock.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\System32\msnetobj.dll, Microsoft Corporation>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[珊瑚虫超级搜索]
<C:\PROGRA~1\yok\yoksch.htm, N/A>
==================================
正在运行的进程
[PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4112]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\svchost.dll] [Microsoft Corporation, ]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 964 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4112]
[C:\WINDOWS\System32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1124 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1264 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1296 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1700 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1796 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[PID: 1660 / tcsf][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4112]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1900 / tcsf][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\svchost.dll] [Microsoft Corporation, ]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 1968 / tcsf][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1976 / tcsf][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rfw\PSAPI.DLL] [Microsoft Corporation, 4.00]
[PID: 512 / tcsf][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6, 0, 0, 20]
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 0, 012]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 572 / tcsf][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5140]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5140]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5140]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5140]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 956 / tcsf][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 996 / tcsf][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1100 / tcsf][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1204 / tcsf][C:\Program Files\OCINS\idnsvr.exe] [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
[C:\Program Files\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1244 / tcsf][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1500 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2084 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
sftc19900416 - 2007-8-29 12:10:00
[PID: 3436 / tcsf][C:\Program Files\HelloNet\HNMainUI.exe] [, 2, 3, 0, 1]
[C:\Program Files\HelloNet\HNKernel.dll] [HelloNet, 2.2.0.1]
[C:\Program Files\HelloNet\HNUtils.dll] [, 2, 2, 0, 1]
[C:\Program Files\HelloNet\HNRes_0804.dll] [, 2, 2, 0, 1]
[C:\Program Files\HelloNet\plugins\diagnose.dll] [HelloNet, 2.2.0.1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1668 / tcsf][C:\WINDOWS\System32\WgaTray.exe] [Microsoft Corporation, 1.7.0018.5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1192 / tcsf][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\System32\wucltui.dll.mui] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2012 / tcsf][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[C:\PROGRA~1\OCINS\ieaux.dll] [中国互联网络信息中心(CNNIC), 2, 6, 0, 2]
[C:\PROGRA~1\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\System32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 3376 / tcsf][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.57]
[C:\Program Files\Rising\AntiSpyware\RasGui.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 0, 12]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3272 / tcsf][C:\WINDOWS\notepad.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3388 / tcsf][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 10, 1, 172]
[C:\Program Files\Thunder Network\WebThunder\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Thunder Network\WebThunder\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 26]
[C:\Program Files\Thunder Network\WebThunder\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 17, 5, 130]
[C:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 17, 5, 130]
[C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 59]
[C:\Program Files\Thunder Network\WebThunder\CacheServer.dll] [, 1, 0, 0, 1]
[C:\Program Files\Thunder Network\WebThunder\XLSafe\WebThunderSafe.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Thunder Network\WebThunder\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[C:\Program Files\Thunder Network\WebThunder\Inmedia\iEmbedShell.dll] [ , 1, 0, 0, 21]
[C:\Program Files\Thunder Network\WebThunder\InMedia\iEmbed11.dll] [ , 3, 3, 2, 91]
[C:\Program Files\Thunder Network\WebThunder\InMedia\PlayerHelper.dll] [thunder, 1, 1, 0, 24]
[C:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll] [ShenZhen Thunder Networking Technologies Ltd., 1, 0, 1, 19]
[C:\Program Files\Thunder Network\WebThunder\XLStatistic\XLStatisticAddin.dll] [深圳市迅雷网络技术有限公司, 1, 1, 0, 1]
[PID: 2944 / tcsf][C:\Documents and Settings\tcsf\桌面\新建文件夹\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Documents and Settings\tcsf\桌面\新建文件夹\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 512, C:\PROGRAM FILES\ANALOG DEVICES\CORE\SMAX4PNP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 572, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 956, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1100, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1204, C:\PROGRAM FILES\OCINS\IDNSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3436, C:\PROGRAM FILES\HELLONET\HNMAINUI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3376, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3376, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3388, C:\PROGRAM FILES\THUNDER NETWORK\WEBTHUNDER\WEBTHUNDER.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
[3617] D:\游戏\梦幻西游\my.exe
==================================
[/CODE]
╰☆不留名シ - 2007-8-29 12:19:00
SREng-启动项目->注册表->删除以下启动项目
<Userinit><rundll32.exe C:\WINDOWS\System32\winsys16_070826.dll start> [N/A]
删除下面的服务(运行SRENG--->启动项目--->服务--->Win32服务应用程序--->选择要删除的服务--->选择删除服务--->点击设置--->出现提示里选择否,确认删除。)
[35BD4A64 / 35BD4A64][Stopped/Auto Start]
<C:\WINDOWS\System32\9B6CFF74.EXE -g><Microsoft Corporation>
[svchost / svchost][Stopped/Auto Start]
<C:\WINDOWS\System32\dllcache\svchost.exe -g><Microsoft Corporation>
删除下面的驱动(运行SRENG--->启动项目--->服务--->驱动程序--->选择要删除的驱动--->选择删除服务--->点击设置--->出现提示里选择否,确认删除。)
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
重启 显示隐藏文件后删除
C:\WINDOWS\System32\drivers\cnprov.sys
C:\WINDOWS\System32\drivers\idnaux.sys
C:\Program Files\Tencent\QQ\npkycryp.sys
C:\WINDOWS\System32\9B6CFF74.EXE
C:\WINDOWS\System32\dllcache\svchost.exe
C:\WINDOWS\System32\winsys16_070826.dll
下载arswp(Windows清理助手)清理下
http://www.arswp.com/download/arswp/arswp.rar
sftc19900416 - 2007-8-29 12:43:00
不能删除啊 有保护....
╰☆不留名シ - 2007-8-29 12:47:00
删不掉的用冰刃删除
http://www.ttian.net/website/2005/0829/391.html
sftc19900416 - 2007-8-29 13:05:00
#86 谢谢这两位大哥 我说的情况已经没有出现了
现在在清理了#17
1
© 2000 - 2026 Rising Corp. Ltd.