我也中了现在流行的病毒，大侠救命～ bbs.ikaka.com

诗诗LINDA - 2007-9-2 15:26:00

～Trojan.PSW.Win32.RocOnline.cv和Trojan.Win32.Agent.vti
日志如下
2007-09-02,14:55:19

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows XP Publisher]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows XP Publisher]
<ZSSnp211><C:\WINDOWS\ZSSnp211.exe> [ZSMCSNAP]
<Domino><C:\WINDOWS\Domino.exe> []
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RemoteControl><"d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<WinForm><C:\WINDOWS\WinForm.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<NVDispDrv><C:\WINDOWS\ircdtp.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

诗诗LINDA - 2007-9-2 15:26:00

启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
服务
[141BAF9A / 141BAF9A][Stopped/Auto Start]
<C:\WINDOWS\System32\120B8BAD.EXE -k><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viasraid / viasraid][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viasraid.sys><VIA Technologies inc,.ltd>
[VIA USB Host Controller Lower Filter / vulfnths][Running/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[WINIO / WINIO][Stopped/Manual Start]
<\??\H:\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera (ZS0211) / ZSMC211][Running/Manual Start]
<System32\Drivers\ZS211.sys><ZSMC Corporation>

菜鸟中毒好深 - 2007-9-2 15:27:00

菜鸟大侠来也.....................
最好方法和我一样重装系统

诗诗LINDA - 2007-9-2 15:27:00

浏览器加载项
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[BitComet Button]
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\WINDOWS\DOWNLO~1\POWERL~1.OCX, PPStream.com>
[&使用BitComet下载]
<res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

诗诗LINDA - 2007-9-2 15:28:00

正在运行的进程
[PID: 532 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 680 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 692 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1008 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1088 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1236 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1452 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1552 / SYSTEM][d:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[d:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1852 / ss][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 10.00.00.3646]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.5672]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5672]
[C:\WINDOWS\System32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5672]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 448 / ss][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 464 / ss][C:\WINDOWS\ZSSnp211.exe] [ZSMCSNAP, 3, 6, 818, 7]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\WINDOWS\System32\ZS211Prp.Ax] [ZSMC, 3, 6, 703, 15]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 492 / ss][C:\WINDOWS\Domino.exe] [, 3, 6, 818, 7]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\msdmo.dll] [, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 504 / ss][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.18]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 604 / ss][D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000]
[C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 948 / ss][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 956 / ss][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[PID: 964 / ss][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.0041]
[C:\Program Files\Messenger\MSGSLANG.DLL] [Microsoft Corporation, 4.7.0041]
[C:\PROGRA~1\MESSEN~1\rtcimsp.dll] [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1912 / ss][F:\tools\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\NVDispDrv.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[F:\tools\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1124 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 412 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.5672]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 984 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[C:\WINDOWS\System32\91611205.DLL] [Microsoft Corporation, ]
[PID: 1700 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2084 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]

菜鸟中毒好深 - 2007-9-2 15:28:00

呵呵别急我回几个一会就有侠英雄救美的..............

诗诗LINDA - 2007-9-2 15:28:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[G:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 448, D:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 464, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 492, C:\WINDOWS\DOMINO.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 504, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 604, D:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

诗诗LINDA - 2007-9-2 15:57:00

谁能帮帮我～～
郁闷ing

瑞星卡卡安全论坛