瑞星卡卡安全论坛
wuxiaotian - 2007-8-29 14:06:00
救救,杀不掉Trojan.IMMSG.Win32.TBMSG.jl啊
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
Microsoft Corporation
Microsoft ASP.NET State Server
.text,.data,.rsrc,
Ati HotKey Poller
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
ATI Smart
[A ] 3. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,
AVG Anti-Spyware Guard
[A ] 4. d:\杀马\avg anti-spyware 7.5\guard.exe
GRISOFT s.r.o.
AVG Anti-Spyware guard
.text,.rdata,.data,.rsrc,
clr_optimization_v2.0.50727_32
[A ] 5. c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
Microsoft Corporation
.NET Runtime Optimization Service
.text,.data,.rsrc,
F7659C2
[A ] 6. c:\windows\system32\9d2cdde7.exe
Microsoft Corporation
?&M0,?&M1,?&M2,
NBService
[A ] 7. c:\program files\nero\nero 7\nero backitup\nbservice.exe
Nero AG
Nero BackItUp
.text,.rdata,.data,.rsrc,
ose
[A ] 8. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
P4P Service
[A ] 9. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
PnpWMmng
[A ] 10. d:\系统工具\完美卸载\wmxzv25.92.7508\pnpwmmng.exe
完美卸载
完美卸载防毒服务
.text,.rdata,.data,.rsrc,
RfwProxySrv
[A ] 11. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 12. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
RsCCenter
[A ] 13. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 14. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
ShadowSystemService
[AM] 15. c:\windows\system32\shadow\shadowservice.exe
.text,.rdata,.data,.rsrc,
WMPNetworkSvc
[A ] 16. c:\program files\windows media player\wmpnetwk.exe
Microsoft Corporation
Windows Media Player 网络共享服务
.text,.data,.rsrc,.reloc,
WudfSvc
[AM] 17. c:\windows\system32\wudfsvc.dll
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Service
.text,.data,.rsrc,.reloc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ADIHdAudAddService
[A ] 18. c:\windows\system32\drivers\adihdaud.sys
Analog Devices, Inc.
High Definition Audio Function Driver
.text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
AEAudio
[A ] 19. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Audio Noise Filtering Driver (32-bit)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
AntiArpNdisProt
[A ] 20. c:\windows\system32\drivers\antiarpndisprot.sys
Windows (R) 2000 DDK provider
NDIS User mode I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
AsIO
[A ] 21. c:\windows\system32\drivers\asio.sys
.text,.rdata,.data,INIT,.reloc,
ATITool
[A ] 22. c:\windows\system32\drivers\atitool.sys
Low-Level Driver
.text,.data,INIT,.rsrc,.reloc,
AVG Anti-Spyware Driver
[A ] 23. d:\杀马\avg anti-spyware 7.5\guard.sys
.text,.rdata,.data,INIT,.reloc,
AvgAsCln
[A ] 24. c:\windows\system32\drivers\avgascln.sys
GRISOFT, s.r.o.
AVG7 Clean Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
BaseTDI
[A ] 25. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
EagleNT
[A ] 26. c:\windows\system32\drivers\eaglent.sys
ENTECH
[A ] 27. c:\windows\system32\drivers\entech.sys
EnTech Taiwan
.text,.data,.CRT,.STL,PAGE,INIT,.rsrc,.reloc,
ExpScaner
[A ] 28. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
GKeyUSB
[A ] 29. c:\windows\system32\drivers\gkeyusb.sys
Gemplus
USB Key Smart Card Reader Driver
.text,page,init,.data,.edata,INIT,.rsrc,.reloc,
HDAudBus
[A ] 30. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
HookCont
[A ] 31. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 32. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 33. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 34. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
JGOGO
[A ] 35. c:\windows\system32\drivers\jgogo.sys
JMicron
SCSI Port upper filter driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
JRAID
[A ] 36. c:\windows\system32\drivers\jraid.sys
JMicron Technology Corp.
JMicron JR036X RAID Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Embedded Web Browser from: http://bsalsa.com/; Maxthon; .NET CLR 2.0.50727)
wuxiaotian - 2007-8-29 14:08:00
kl1
[A ] 37. c:\windows\system32\drivers\kl1.sys
MagicTune
[A ] 38. c:\windows\system32\drivers\mtictwl.sys
.text,.rdata,.data,INIT,.reloc,
MEMSCAN
[A ] 39. c:\program files\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
motmodem
[A ] 40. c:\windows\system32\drivers\motmodem.sys
Motorola
Motorola USB Modem and Ports Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
mProcRs
[A ] 41. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
MTsensor
[A ] 42. c:\windows\system32\drivers\asacpi.sys
ATK0110 ACPI Utility
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
netpasadapter1
[A ] 43. c:\windows\system32\drivers\netpas.sys
Netpas
Netpas Win32 Virtual Network Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 44. d:\网络工具\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
oreans32
[A ] 45. c:\windows\system32\drivers\oreans32.sys
.text,.rdata,.data,INIT,.reloc,
PnpWmkDrv
[A ] 46. c:\windows\system32\drivers\pnpwmkdrv.sys
.text,.rdata,.data,INIT,.reloc,
prodrv06
[A ] 47. c:\windows\system32\drivers\prodrv06.sys
Protection Technology
StarForce Protection Environment Driver
.text,.data,.rsrc,.reloc,
prohlp02
[A ] 48. c:\windows\system32\drivers\prohlp02.sys
Protection Technology
StarForce Protection Helper Driver
.text,.data,.rsrc,.reloc,
prosync1
[A ] 49. c:\windows\system32\drivers\prosync1.sys
Protection Technology
StarForce Protection Synchronization Driver
.text,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 50. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 51. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 52. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 53. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
RTLE8023xp
[A ] 54. c:\windows\system32\drivers\rtenicxp.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.1 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Secdrv
[A ] 55. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,pnidata,
SenFiltService
[A ] 56. c:\windows\system32\drivers\senfilt.sys
Sensaura
Sensaura WDM 3D Audio Driver
.text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
sfhlp01
[A ] 57. c:\windows\system32\drivers\sfhlp01.sys
Protection Technology
StarForce Protection Helper Driver
.text,.data,PAGE,INIT,.rsrc,.reloc,
snpshot
[A ] 58. c:\windows\system32\drivers\snpshot.sys
PowerShadow
Shadow System
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
sptd
[A ] 59. c:\windows\system32\drivers\sptd.sys
Wdf01000
[A ] 60. c:\windows\system32\drivers\wdf01000.sys
Microsoft Corporation
WDF Dynamic
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
WmNdisDrv
[A ] 61. c:\windows\system32\drivers\wmndisdrv.sys
WpdUsb
[A ] 62. c:\windows\system32\drivers\wpdusb.sys
Microsoft Corporation
WPD USB Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
WudfPf
[A ] 63. c:\windows\system32\drivers\wudfpf.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Platform Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,
WudfRd
[A ] 64. c:\windows\system32\drivers\wudfrd.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Reflector
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
xAntiArp
[A ] 65. c:\windows\system32\drivers\xantiarp.sys
Windows (R) 2000 DDK provider
Sample NDIS 4.0 Intermediate Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 66. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
WgaLogon
[AM] 67. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 68. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000AAA-A363-466E-BEF5-9BB68697AA7F}
[A ] 69. d:\网络工具\webthunder\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[A ] 70. d:\网络工具\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[A ] 71. d:\阅读软件\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7}
[A ] 72. d:\网络工具\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[A ] 73. d:\网络工具\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
{889D2FEB-5411-4565-8998-1DD2C5261283}
[A ] 72. d:\网络工具\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 74. d:\网络工具\thunder\thunder.exe
Thunder Networking Technologies,LTD
.text,.rdata,.data,.rsrc,
Exec
[A ] 75. e:\浩方对战平台\gameclient.exe
上海浩方在线信息技术有限公司
浩方对战平台
.text,.rdata,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 76. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-complus
[A ] 76. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-msdownload
[A ] 76. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
text/xml
[A ] 77. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}
[A ] 78. c:\program files\common files\ahead\lib\nerodigitalext.dll
Nero AG
Nero Digital Shell Extension
.text,.code,.rdata,.data,.rsrc,.reloc,
{F9DB5320-233E-11D1-9F84-707F02C10627}
[A ] 79. d:\阅读软件\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
ShellLink for Application References
[A ] 80. c:\windows\system32\dfshim.dll
Microsoft Corporation
Application Deployment Support Library
.text,.data,.rsrc,.reloc,
Shell Icon Handler for Application References
[A ] 80. c:\windows\system32\dfshim.dll
Microsoft Corporation
Application Deployment Support Library
.text,.data,.rsrc,.reloc,
wuxiaotian - 2007-8-29 14:08:00
【回复“wuxiaotian”的帖子】
WinRAR shell extension
[A ] 81. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[A ] 82. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
Web Folders
[A ] 83. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
NeroDigitalIconHandler
[A ] 78. c:\program files\common files\ahead\lib\nerodigitalext.dll
Nero AG
Nero Digital Shell Extension
.text,.code,.rdata,.data,.rsrc,.reloc,
NeroDigitalPropSheetHandler
[A ] 78. c:\program files\common files\ahead\lib\nerodigitalext.dll
Nero AG
Nero Digital Shell Extension
.text,.code,.rdata,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 84. c:\windows\system32\audiodev.dll
Microsoft Corporation
Portable Media Devices Shell Extension
.text,.data,.rsrc,.reloc,
Portable Devices
[A ] 85. c:\windows\system32\wpdshext.dll
Microsoft Corporation
Portable Devices Shell Extension
.text,.data,.rsrc,.reloc,
Portable Devices Menu
[A ] 85. c:\windows\system32\wpdshext.dll
Microsoft Corporation
Portable Devices Shell Extension
.text,.data,.rsrc,.reloc,
Catalyst Context Menu extension
[A ] 86. c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll
ACE Context Menu
.text,.rdata,.data,.rsrc,.reloc,
RISING
[A ] 87. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
[AM] 88. d:\杀马\avg anti-spyware 7.5\shellexecutehook.dll
GRISOFT s.r.o.
AVG Anti-Spyware shellexecutehook
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WPDShServiceObj
[AM] 89. c:\windows\system32\wpdshserviceobj.dll
Microsoft Corporation
Windows Portable Device Shell Service Object
.text,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
[AM] 90. c:\program files\common files\ahead\lib\nmbgmonitor.exe
Nero AG
Nero Home
.text,.rdata,.data,.rsrc,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP
[AM] 91. c:\program files\analog devices\core\smax4pnp.exe
Analog Devices, Inc.
SMax4PNP
.text,.rdata,.data,.rsrc,
SoundMAX
[A ] 92. c:\program files\analog devices\soundmax\smax4.exe
Analog Devices, Inc.
Audio Control Panel
.text,.rdata,.data,.rsrc,
RunShadowTip
[A ] 93. c:\windows\system32\shadow\shadowtip.exe
PowerShadow
ShadowTip
.text,.rdata,.data,.rsrc,
NetpasAcc
[AM] 94. d:\网络工具\netpas acc\netpas_acc.exe
.text,.data,.rdata,.bss,.idata,.rsrc,
RfwMain
[AM] 95. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
RavTask
[A ] 96. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
runeip
[AM] 97. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
!AVG Anti-Spyware
[AM] 98. d:\杀马\avg anti-spyware 7.5\avgas.exe
GRISOFT s.r.o.
AVG Anti-Spyware
.text,.rdata,.data,.rsrc,
AntiARPStandalone
[A ] 99. c:\program files\antiarp stand-alone edition\antiarp.exe
CODE,DATA,BSS,.idata,.tls,.rdata,.vmp0,.rsrc,.vmp1,.reloc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 100. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 101. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 101. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 101. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 101. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.mp3
NeroShowTime.Files7.mp3\play\Command
[A ] 102. c:\program files\nero\nero 7\nero showtime\showtime.exe
Nero AG
Nero ShowTime
.text,.rdata,.data,.rsrc,
+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk
[AM] 103. d:\阅读软件\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
+ 正在运行的进程
+ 00000154(340) Ati2evxx.exe
00400000[0007A000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
00D00000[00010000]
[ M] 104. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
10000000[00024000]
[ M] 105. c:\windows\system32\atipdlxx.dll
ATI Technologies, Inc.
ATI Desktop CWDDEDI DLL
.text,.rdata,.data,.rsrc,.reloc,
00D30000[0001F000]
[AM] 66. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
+ 0000016c(364) RfwMain.exe
00400000[00073000]
[AM] 95. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
26600000[0007D000]
[ M] 106. c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 107. c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0000F000]
[ M] 108. c:\program files\rising\rfw\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
23800000[0001A000]
[ M] 109. c:\program files\rising\rfw\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
wuxiaotian - 2007-8-29 14:09:00
【回复“wuxiaotian”的帖子】
23900000[00031000]
[ M] 110. c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
01320000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000278(632) RavStub.exe
00400000[00018000]
[ M] 112. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 113. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 114. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 000002f0(752) SCardSvr.exe
+ 00000378(888) ShadowService.exe
00400000[0000F000]
[AM] 15. c:\windows\system32\shadow\shadowservice.exe
.text,.rdata,.data,.rsrc,
+ 00000388(904) svchost.exe
+ 000004c4(1220) Netpas_Acc.exe
00400000[00166000]
[AM] 94. d:\网络工具\netpas acc\netpas_acc.exe
.text,.data,.rdata,.bss,.idata,.rsrc,
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
01030000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
014B0000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03C10000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000004d0(1232) alg.exe
+ 000004f0(1264) smss.exe
+ 00000520(1312) smax4pnp.exe
00400000[000CE000]
[AM] 91. c:\program files\analog devices\core\smax4pnp.exe
Analog Devices, Inc.
SMax4PNP
.text,.rdata,.data,.rsrc,
10000000[0005B000]
[ M] 118. c:\program files\analog devices\core\smwdmif.dll
Analog Devices, Inc.
SMWDM Interface DLL
.text,.rdata,.data,.idata,.rsrc,.reloc,
00B90000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00D90000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03550000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 119. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
03820000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000528(1320) csrss.exe
+ 00000544(1348) winlogon.exe
10000000[0001F000]
[AM] 66. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
01410000[0003B000]
[AM] 67. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
012A0000[00012000]
[ M] 120. c:\windows\system32\51c9df40.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
016D0000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
018D0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
01B50000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 119. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000570(1392) services.exe
47260000[0000F000]
[ M] 121. c:\windows\apppatch\acadproc.dll
Microsoft Corporation
Windows Compatibility DLL
.text,.data,.rsrc,.reloc,
+ 0000057c(1404) lsass.exe
+ 00000610(1552) Ati2evxx.exe
00400000[0007A000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
00CB0000[00010000]
[ M] 104. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
10000000[00024000]
[ M] 105. c:\windows\system32\atipdlxx.dll
ATI Technologies, Inc.
ATI Desktop CWDDEDI DLL
.text,.rdata,.data,.rsrc,.reloc,
+ 00000628(1576) svchost.exe
+ 00000678(1656) svchost.exe
+ 000006d8(1752) runiep.exe
00400000[00013000]
[AM] 97. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00AF0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
032B0000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03450000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000006e4(1764) avgas.exe
00400000[00675000]
[AM] 98. d:\杀马\avg anti-spyware 7.5\avgas.exe
GRISOFT s.r.o.
AVG Anti-Spyware
.text,.rdata,.data,.rsrc,
10000000[000DE000]
[ M] 122. d:\杀马\avg anti-spyware 7.5\engine.dll
GRISOFT s.r.o.
AVG Anti-Spyware Scan Engine
.text,.rdata,.data,.rsrc,.reloc,
03170000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
03370000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03800000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
08410000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000073c(1852) svchost.exe
+ 00000764(1892) svchost.exe
007B0000[00010000]
[AM] 17. c:\windows\system32\wudfsvc.dll
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Service
.text,.data,.rsrc,.reloc,
007C0000[0002C000]
[ M] 123. c:\windows\system32\wudfplatform.dll
Microsoft Corporation
Windows Driver Foundation - User-mode Platform Library
.text,.data,.rsrc,.reloc,
+ 00000794(1940) svchost.exe
+ 000007b8(1976) userinit.exe
+ 000007c8(1992) Explorer.EXE
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00BB0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
00E40000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
00F20000[00012000]
[ M] 120. c:\windows\system32\51c9df40.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
04300000[00013000]
[AM] 88. d:\杀马\avg anti-spyware 7.5\shellexecutehook.dll
GRISOFT s.r.o.
AVG Anti-Spyware shellexecutehook
.text,.rdata,.data,.rsrc,.reloc,
04650000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
164A0000[00023000]
[AM] 89. c:\windows\system32\wpdshserviceobj.dll
Microsoft Corporation
Windows Portable Device Shell Service Object
.text,.data,.rsrc,.reloc,
109C0000[0002C000]
[ M] 124. c:\windows\system32\portabledevicetypes.dll
Microsoft Corporation
Windows Portable Device (Parameter) Types Component
.text,.orpc,.data,.rsrc,.reloc,
10930000[00049000]
[ M] 125. c:\windows\system32\portabledeviceapi.dll
Microsoft Corporation
Windows Portable Device API Components
.text,.orpc,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 119. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
wuxiaotian - 2007-8-29 14:10:00
【回复“wuxiaotian”的帖子】
+ 000007f8(2040) 65D7E73B.exe
00400000[00013000]
[ M] 126. c:\windows\system32\65d7e73b.exe
>N諯0,>N諯1,>N諯2,
73390000[00154000]
[ M] 127. c:\windows\system32\msvbvm60.dll
Microsoft Corporation
Visual Basic Virtual Machine
.text,ENGINE,.data,.rsrc,.reloc,
66630000[0001C000]
[ M] 128. c:\windows\system32\vb6chs.dll
Microsoft Corporation
Visual Basic Environment International Resources
.rdata,.rsrc,.reloc,
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00EC0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03700000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
04D80000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000850(2128) ctfmon.exe
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00A10000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
031D0000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03290000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000874(2164) svchost.exe
+ 00000884(2180) NMBgMonitor.exe
00400000[00022000]
[AM] 90. c:\program files\common files\ahead\lib\nmbgmonitor.exe
Nero AG
Nero Home
.text,.rdata,.data,.rsrc,
7C3A0000[0007B000]
[ M] 129. c:\program files\common files\ahead\lib\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
7C340000[00056000]
[ M] 130. c:\program files\common files\ahead\lib\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[002BE000]
[ M] 131. c:\program files\common files\ahead\lib\advrcntr2.dll
Nero AG
AdvrCntr Module
.text,.orpc,.rdata,.data,.tls,.shared,.sharedv,.rsrc,.reloc,
01000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00F50000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03990000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03C00000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
03D30000[00008000]
[ M] 132. c:\program files\common files\ahead\lib\nmindexstoresvrps.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
03D50000[0013D000]
[ M] 133. c:\program files\common files\ahead\lib\nmdataservices.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
+ 00000948(2376) Ras.exe
00400000[0013F000]
[ M] 134. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 135. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01360000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
01560000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03D20000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03F50000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000009e0(2528) NMIndexStoreSvr.exe
00400000[000D9000]
[ M] 136. c:\program files\common files\ahead\lib\nmindexstoresvr.exe
Nero AG
Nero Home
.text,.rdata,.data,.rsrc,
10000000[00046000]
[ M] 137. c:\program files\common files\ahead\lib\nmsqldb.dll
Nero AG
Nero Home
.text,.rdata,.data,.rsrc,.reloc,
7C3A0000[0007B000]
[ M] 129. c:\program files\common files\ahead\lib\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
7C340000[00056000]
[ M] 130. c:\program files\common files\ahead\lib\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
00BC0000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00DC0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03580000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
03600000[00010000]
[ M] 138. c:\program files\common files\ahead\lib\nmlogcxx.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
03610000[000B5000]
[ M] 139. c:\program files\common files\ahead\lib\log4cxx.dll
Nero AG
Log4cxx is C++ port of Log4j
.text,.rdata,.data,.rsrc,.reloc,
04460000[0007A000]
[ M] 140. c:\program files\common files\ahead\lib\nmcofoundation.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
045E0000[00019000]
[ M] 141. c:\program files\common files\ahead\lib\nmpluginbase.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
04820000[00026000]
[ M] 142. c:\program files\common files\ahead\lib\nmfulltextextraction.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
048A0000[0002A000]
[ M] 143. c:\program files\common files\ahead\lib\nmsearchpluginsimilarimages.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
04910000[00337000]
[ M] 144. c:\program files\common files\ahead\lib\neroipp.dll
Nero AG
Nero IPP Proxy
.text,.rdata,.data,.idata,.data1,.rsrc,.reloc,
048D0000[00008000]
[ M] 132. c:\program files\common files\ahead\lib\nmindexstoresvrps.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
04D50000[0013D000]
[ M] 133. c:\program files\common files\ahead\lib\nmdataservices.dll
Nero AG
Nero Home
.text,.orpc,.rdata,.data,.rsrc,.reloc,
+ 00000ad0(2768) reader_sl.exe
00400000[0000A000]
[AM] 103. d:\阅读软件\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
7C3A0000[0007B000]
[ M] 145. c:\windows\system32\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
7C340000[00056000]
[ M] 146. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[001E1000]
[ M] 115. c:\windows\system32\sogoupy.ime
Sohu.com Inc.
搜狗拼音输入法 3.0公测第一版
.text,.rdata,.data,.SogouIn,.rsrc,.reloc,
00AC0000[0001F000]
[ M] 116. c:\windows\system32\dllmergedict.dll
Sogou.com Inc.
dll used by SogouPy.ime and PinyinUp.exe to build the system words lib
.text,.rdata,.data,.rsrc,.reloc,
03280000[00046000]
[ M] 117. d:\输入法\sogouinput搜狗拼音输入法\plugin\sgimeword.dll
test1 Module
.text,.rdata,.data,.rsrc,.reloc,
033F0000[0001B000]
[ M] 111. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000b3c(2876) svchost.exe
wuxiaotian - 2007-8-29 14:11:00
救救我,这是我第一次遇到这么顽强的病毒!
wuxiaotian - 2007-8-29 14:35:00
??????没人理吗,伤心啊
panxiaoting - 2007-8-29 15:41:00
同志,这个病毒是不好杀
我就这个病毒专门问过瑞星工程师。
他的回答是:
1、把硬盘拆下来挂到其他计算机上查杀
2、在中毒的计算机上再装一个系统,然后装上杀毒软件,升级到最高版本,然后查杀,完成后,再把那个系统格式化。
这两个方法的目的都是一样的,由于该病毒插入了系统的核心进程,且在安全模式下删除无效,强杀也没有作用。所以要想一个脱离中毒系统的办法,让被病毒插入的系统核心进程停止运行,才能彻底杀毒
我做过试验,这种病毒用以下手段查杀无效
1、安全模式下查毒,无法识别
2、冰刃,解锁工具,粉碎等工具强删无效
3、光盘杀毒,磁盘符无法识别
4、开机抢险加载扫描无法识别
wuxiaotian - 2007-8-29 23:32:00
重装系统可以吗?
wuxiaotian - 2007-8-31 1:00:00
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<RunShadowTip><C:\WINDOWS\system32\shadow\ShadowTip.exe> [PowerShadow]
<NetpasAcc><d:\网络工具\NETPAS ACC\Netpas_Acc.exe> []
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<!AVG Anti-Spyware><"D:\杀马\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<AntiARPStandalone><C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<QQDoctor><"D:\网络工具\QQ\QQDoctor\QQDoctor.exe" /fork> [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<WPDShServiceObj><C:\windows\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\阅读软件\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\windows\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<D:\杀马\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[F7659C2 / F7659C2][Stopped/Auto Start]
<C:\windows\system32\9D2CDDE7.EXE -a><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[P4P Service / P4P Service][Stopped/Disabled]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[PnpWMmng / PnpWMmng][Stopped/Disabled]
<D:\系统工具\完美卸载\wmxzV25.92.7508\PnpWMmng.exe><完美卸载>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Shadow System Service / ShadowSystemService][Running/Auto Start]
<C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>
[UPS / UPS][Stopped/Manual Start]
<C:\windows\System32\ups.exe><N/A>
[TSECleanUpAssist / TSECleanUpAssist][Stopped/Auto Start]
<C:\windows\system32\1dbd.com><N/A>
wuxiaotian - 2007-8-31 1:01:00
==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
<system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[AsIO / AsIO][Running/System Start]
<system32\drivers\AsIO.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATITool Overclocking Utility / ATITool][Running/System Start]
<system32\DRIVERS\ATITool.sys><>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\D:\杀马\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\windows\system32\drivers\EagleNT.sys><N/A>
[ENTECH / ENTECH][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GKeyUSB / GKeyUSB][Stopped/Manual Start]
<System32\Drivers\GKeyUSB.sys><Gemplus>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[kl1 / kl1][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\kl1.sys><N/A>
[MagicTune / MagicTune][Stopped/Manual Start]
<system32\drivers\MTiCtwl.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
<system32\DRIVERS\motmodem.sys><Motorola>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[Netpas Win32 Virtual Network Adapter / netpasadapter1][Running/Manual Start]
<system32\DRIVERS\netpas.sys><Netpas>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\网络工具\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[oreans32 / oreans32][Running/System Start]
<\??\C:\windows\system32\drivers\oreans32.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\windows\system32\drivers\PnpWmkDrv.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[WmNdisDrv / WmNdisDrv][Stopped/Manual Start]
<System32\Drivers\WmNdisDrv.sys><N/A>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
<system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\网络工具\webThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\网络工具\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\阅读软件\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <D:\网络工具\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\网络工具\FlashGet\jccatch.dll, www.flashget.com>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\网络工具\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <d:\FlashGet\getflash.dll, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\网络工具\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <d:\FlashGet\FlashGet.exe, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\windows\system32\WEBACT~1.OCX, QQ>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\网络工具\webThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\网络工具\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\阅读软件\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeHelper Class]
{0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <D:\网络工具\Thunder\Components\ResWorker\DSIeHelper.dll, N/A>
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\windows\system32\certInStall.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\windows\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
wuxiaotian - 2007-8-31 1:01:00
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\网络工具\webThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
[Thunder Browser Helper]
{2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <D:\网络工具\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\网络工具\FlashGet\jccatch.dll, www.flashget.com>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\网络工具\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\windows\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\windows\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\windows\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\网络工具\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\windows\system32\SUBMIT~1.DLL, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\windows\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\windows\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\网络工具\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <d:\FlashGet\getflash.dll, N/A>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\网络工具\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<D:\网络工具\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<D:\网络工具\FlashGet\jc_all.htm, N/A>
[使用Web迅雷下载]
<D:\网络工具\webThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\网络工具\webThunder\GetAllUrl.htm, N/A>
[使用迅雷下载]
<D:\网络工具\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<D:\网络工具\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\网络工具\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 1264][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1320][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4162]
[C:\windows\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\windows\system32\51C9DF40.DLL] [Microsoft Corporation, ]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1392][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 1404][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556][C:\windows\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4168]
[C:\windows\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2511]
[C:\windows\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2520]
[PID: 1588][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1660][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1840][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1856][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1900][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1944][C:\windows\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4168]
[C:\windows\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2511]
[C:\windows\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2520]
[C:\windows\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4162]
[PID: 332][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 344][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\psapi.dll] [Microsoft Corporation, 4.00]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
wuxiaotian - 2007-8-31 1:02:00
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 80]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 57]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[PID: 472][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 628][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 748][C:\windows\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][D:\杀马\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
[D:\杀马\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 888][C:\WINDOWS\system32\shadow\ShadowService.exe] [N/A, ]
[PID: 908][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\windows\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 304][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\windows\system32\51C9DF40.DLL] [Microsoft Corporation, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\windows\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\windows\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\windows\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1964][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6, 0, 0, 61]
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 4400, 9]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2096][D:\网络工具\NETPAS ACC\Netpas_Acc.exe] [N/A, ]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2132][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2140][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2160][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2188][D:\杀马\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[D:\杀马\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2248][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2280][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,16,1, 9000]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
wuxiaotian - 2007-8-31 1:02:00
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0]
[PID: 2340][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,5,13,0]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0]
[PID: 2460][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2468][D:\阅读软件\Acrobat 7.0\Reader\reader_sl.exe] [Adobe Systems Incorporated, 7.0.0.0]
[C:\windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3688][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3872][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\windows\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\windows\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\windows\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3288][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.578\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\windows\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0]
[C:\windows\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0]
[D:\输入法\SogouInput搜狗拼音输入法\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.578\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\windows\system32\NpOpenStore.dll] [N/A, ]
[C:\windows\system32\NPCard.dll] [N/A, ]
[C:\windows\system32\RsaFun.dll] [N/A, ]
[C:\windows\system32\GPKPCSC.dll] [N/A, ]
==================================
文件关联
.TXT Error. [C:\windows\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\windows\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
222.73.31.83 guba.eastmoney.com
222.73.31.85 guba2.eastmoney.com
222.73.31.87 guba7.eastmoney.com
222.73.31.89 guba8.eastmoney.com
222.73.31.97 guba4.eastmoney.com
222.73.31.99 guba5.eastmoney.com
222.73.31.101 guba10.eastmoney.com
222.73.31.103 guba11.eastmoney.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2468, D:\阅读软件\ACROBAT 7.0\READER\READER_SL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3872, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
wuxiaotian - 2007-8-31 1:03:00
以上是sre日志,高手帮帮忙,谢谢了
1
© 2000 - 2026 Rising Corp. Ltd.