求助fcd31.exe br8fzy.dll bbs.ikaka.com

下雨的心 - 2007-12-8 11:05:00

[CODE]

2007-12-08,10:30:24

System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
<RavTask><"C:\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ss3dfo.scr> [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaSrv / C-DillaSrv][Running/Auto Start]
<C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Stopped/Manual Start]
<C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINNT\system32\fcd31.exe><Microsoft Corporation>

下雨的心 - 2007-12-8 11:06:00

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\CDANT.SYS><Macrovision>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
<system32\drivers\cmuda.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[mxdispdr / mxdispdr][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINNT\system32\Drivers\PauseDrv.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SiS315 / SiS315][Stopped/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================

下雨的心 - 2007-12-8 11:06:00

浏览器加载项
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINNT\system32\8fc1.dll, >
[InstaFred]
{1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINNT\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[AcDcToday 控件]
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINNT\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[NOXLATE-BANR]
{AE563722-B4F5-11D4-A415-00108302FDFD} <C:\WINNT\DOWNLO~1\InstBanr.ocx, Autodesk, Inc.>
[AcPreview 控件]
{F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINNT\DOWNLO~1\ACPREV~1.OCX, Autodesk>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 208][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 236][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 248][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 360][C:\WINNT\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4113]
[C:\WINNT\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 596][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 620][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[PID: 672][C:\WINNT\system32\DRIVERS\CDANTSRV.EXE] [C-Dilla Ltd, 3.25.010]
[PID: 692][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 740][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 776][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[PID: 868][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 896][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 1092][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\8fc1.dll] [, 1, 0, 0, 2]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1232][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 6, 4, 3002]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 3, 1001]
[PID: 1240][C:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20]
[C:\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 1284][C:\WINNT\system32\fcd31.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 324][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\981.dll] [ , 1, 0, 0, 3]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[PID: 1368][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]

下雨的心 - 2007-12-8 11:07:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1232, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1232, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1284, C:\WINNT\SYSTEM32\FCD31.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

[/CODE]

下雨的心 - 2007-12-8 13:49:00

急急急

天月来了 - 2007-12-8 14:21:00

去看看这两个插入进程的模块文件，我认不得，你将它改名重启电脑。
C:\WINNT\system32\8fc1.dll
C:\WINNT\system32\981.dll
————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面空项目删除：
启动项目
注册表
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><> [N/A]
————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除：（因为不明，所以你可以选择不删除，应该是个屏保，但是不常见）
启动项目
注册表
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\ss3dfo.scr> [(Verified)Microsoft Windows 2000 Publisher]
————————————————————————————
在扫日志的SRENG工具》启动项目》服务》Win32服务应用程序》里面找下面各项，将启动类型改为“Disabled”
服务
[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINNT\system32\fcd31.exe><Microsoft Corporation>
————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面各项，将启动类型改为“Disabled”
驱动程序
[mxdispdr / mxdispdr][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\mxdispdr.sys><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
览器加载项
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINNT\system32\8fc1.dll, >
—————————————————————————————
再重启电脑，最好重装杀毒软件，并升级至最新版本，全盘杀毒。

然后，可以再扫个新日志以附件形式发来看看。

下雨的心 - 2007-12-8 15:42:00

没有解决??????????????/
[CODE]

2007-12-08,15:01:07

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaSrv / C-DillaSrv][Running/Auto Start]
<C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ms_2fax / ms_2fax][Stopped/Disabled]
<C:\WINNT\system32\fcd31.exe><N/A>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Stopped/Manual Start]
<C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\CDANT.SYS><Macrovision>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
<system32\drivers\cmuda.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[mxdispdr / mxdispdr][Stopped/Disabled]
<\??\C:\WINNT\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Disabled]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINNT\system32\Drivers\PauseDrv.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SiS315 / SiS315][Stopped/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[uiq3ai / uiq3aij][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\uiq3aij.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>

==================================

下雨的心 - 2007-12-8 15:43:00

正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 184][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 232][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 244][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[PID: 352][C:\WINNT\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4113]
[C:\WINNT\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 436][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 460][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 2, 0, 0]
[PID: 488][C:\WINNT\system32\DRIVERS\CDANTSRV.EXE] [C-Dilla Ltd, 3.25.010]
[PID: 508][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 552][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 576][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[PID: 656][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 684][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 816][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[PID: 920][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 6, 4, 3002]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 3, 1001]
[PID: 928][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE] [Super Rabbit Soft, 8.10]
[C:\WINNT\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782]
[C:\WINNT\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8988]
[C:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx] [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 936][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1060][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 3.1.4000.1823]
[C:\WINNT\system32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626]
[C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL] [Microsoft Corporation, 10.0.2625]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 920, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 920, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, C:\PROGRAM FILES\SUPER RABBIT\MAGICSET\SRIECLI.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

下雨的心 - 2007-12-8 15:44:00

以下在安全模式下扫描
[CODE]

2007-12-08,14:54:43

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<br8fzy><%systemroot%\system32\Rundll32.exe %systemroot%\system32\br8fzy.dll,DllUnregisterServer> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [(Verified)Microsoft Windows 2000 Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><stobject.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINNT\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[C-DillaSrv / C-DillaSrv][Stopped/Auto Start]
<C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ms_2fax / ms_2fax][Stopped/Disabled]
<C:\WINNT\system32\fcd31.exe><N/A>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Stopped/Manual Start]
<C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\CDANT.SYS><Macrovision>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
<system32\drivers\cmuda.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[mxdispdr / mxdispdr][Stopped/Disabled]
<\??\C:\WINNT\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Disabled]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINNT\system32\Drivers\PauseDrv.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ROCKEYNT / ROCKEYNT][Stopped/Auto Start]
<\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SiS315 / SiS315][Stopped/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPx.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp][Stopped/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[uiq3ai / uiq3aij][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\uiq3aij.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, N/A>

下雨的心 - 2007-12-8 15:44:00

正在运行的进程
[PID: 116][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\System32\sfcfiles.dll] [Microsoft Corporation, 5.00.2195.7038]
[PID: 148][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\CSRSRV.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\basesrv.dll] [Microsoft Corporation, 5.00.2195.7011]
[C:\WINNT\system32\winsrv.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[PID: 168][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\NDdeApi.dll] [Microsoft Corporation, 5.00.2195.6661]
[C:\WINNT\system32\PROFMAP.dll] [Microsoft Corporation, 5.00.2195.7000]
[C:\WINNT\system32\NETAPI32.dll] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.dll] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\sfc.dll] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\sfcfiles.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\USERENV.dll] [Microsoft Corporation, 5.00.2195.7002]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\msgina.dll] [Microsoft Corporation, 5.00.2195.7018]
[C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHELL32.dll] [Microsoft Corporation, 5.00.3900.7105]
[C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\WINSTA.dll] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\WINMM.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\WINNT\system32\setupapi.dll] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\cscdll.dll] [Microsoft Corporation, 5.00.2195.6713]
[C:\WINNT\system32\WlNotify.dll] [Microsoft Corporation, 5.00.2195.7000]
[C:\WINNT\system32\certcli.dll] [Microsoft Corporation, 5.00.2195.6619]
[C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\WINNT\system32\CRYPT32.DLL] [Microsoft Corporation, 5.131.2195.6926]
[C:\WINNT\system32\MSASN1.dll] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\WinSCard.dll] [Microsoft Corporation, 5.00.2195.6609]
[C:\WINNT\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.00.2195.6659]
[C:\WINNT\system32\MPR.DLL] [Microsoft Corporation, 5.00.2195.7134]
[C:\WINNT\system32\wzcdlg.dll] [Microsoft Corporation, 5.00.2195.6604]
[C:\WINNT\system32\ole32.dll] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\WZCSAPI.DLL] [Microsoft Corporation, 5.00.2195.6604]
[C:\WINNT\system32\cscui.dll] [Microsoft Corporation, 5.00.2195.6705]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3529.0]
[PID: 196][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\NETAPI32.dll] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.dll] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\SCESRV.dll] [Microsoft Corporation, 5.00.2195.7013]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\USERENV.dll] [Microsoft Corporation, 5.00.2195.7002]
[C:\WINNT\system32\umpnpmgr.dll] [Microsoft Corporation, 5.00.2195.7069]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\eventlog.dll] [Microsoft Corporation, 5.00.2195.7036]
[C:\WINNT\system32\WINSTA.DLL] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[C:\WINNT\system32\CFGMGR32.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\setupapi.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81]
[PID: 208][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\LSASRV.dll] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\cryptdll.dll] [Microsoft Corporation, 5.00.2195.6607]
[C:\WINNT\system32\ADVAPI32.DLL] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\SAMSRV.dll] [Microsoft Corporation, 5.00.2195.7009]
[C:\WINNT\system32\DNSAPI.dll] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MSASN1.dll] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\NETAPI32.dll] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.dll] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\msprivs.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\kerberos.dll] [Microsoft Corporation, 5.00.2195.7053]
[C:\WINNT\system32\msv1_0.dll] [Microsoft Corporation, 5.00.2195.6926]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6926]
[C:\WINNT\system32\iphlpapi.dll] [Microsoft Corporation, 5.00.2195.7097]
[C:\WINNT\system32\ICMP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MPRAPI.dll] [Microsoft Corporation, 5.00.2181.1]
[C:\WINNT\system32\OLE32.DLL] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\ACTIVEDS.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ADSLDPC.DLL] [Microsoft Corporation, 5.00.2195.6993]
[C:\WINNT\system32\RTUTILS.DLL] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\SETUPAPI.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\USERENV.DLL] [Microsoft Corporation, 5.00.2195.7002]
[C:\WINNT\system32\RASAPI32.dll] [Microsoft Corporation, 5.00.2195.6920]
[C:\WINNT\system32\rasman.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\TAPI32.dll] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.00.2195.7085]
[C:\WINNT\system32\netlogon.dll] [Microsoft Corporation, 5.00.2195.7011]
[C:\WINNT\system32\schannel.dll] [Microsoft Corporation, 5.00.2195.7136]
[C:\WINNT\system32\rsabase.dll] [Microsoft Corporation, 5.00.2195.6619]
[C:\WINNT\system32\mpr.dll] [Microsoft Corporation, 5.00.2195.7134]
[C:\WINNT\system32\scecli.dll] [Microsoft Corporation, 5.00.2195.7013]

下雨的心 - 2007-12-8 15:45:00

[PID: 364][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\ADVAPI32.DLL] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\OLE32.DLL] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[c:\winnt\system32\rpcss.dll] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[c:\winnt\system32\USERENV.dll] [Microsoft Corporation, 5.00.2195.7002]
[c:\winnt\system32\WS2_32.dll] [Microsoft Corporation, 5.00.2195.6601]
[c:\winnt\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[c:\winnt\system32\WINSTA.dll] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\rsaenh.dll] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6926]
[C:\WINNT\system32\MSASN1.dll] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\mswsock.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\msafd.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\System32\wshtcpip.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\rnr20.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\iphlpapi.dll] [Microsoft Corporation, 5.00.2195.7097]
[C:\WINNT\system32\ICMP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MPRAPI.dll] [Microsoft Corporation, 5.00.2181.1]
[C:\WINNT\system32\SAMLIB.DLL] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\NETAPI32.DLL] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\ACTIVEDS.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ADSLDPC.DLL] [Microsoft Corporation, 5.00.2195.6993]
[C:\WINNT\system32\RTUTILS.DLL] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\SETUPAPI.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\RASAPI32.dll] [Microsoft Corporation, 5.00.2195.6920]
[C:\WINNT\system32\rasman.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\TAPI32.dll] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.00.2195.7085]
[C:\WINNT\System32\winrnr.dll] [Microsoft Corporation, 5.00.2160.1]
[C:\WINNT\system32\rasadhlp.dll] [Microsoft Corporation, 5.00.2195.7098]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3529.0]
[PID: 388][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\System32\WBEM\wbemcomn.dll] [Microsoft Corporation, 1.50.1085.0100]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\MSVCRT.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\ole32.dll] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3529.0]
[C:\WINNT\system32\wbem\wbemcore.dll] [Microsoft Corporation, 1.50.1085.0100]
[C:\WINNT\system32\VERSION.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\wbem\fastprox.dll] [Microsoft Corporation, 1.50.1085.0100]
[C:\WINNT\system32\wbem\wbemess.dll] [Microsoft Corporation, 1.50.1085.0100]
[C:\WINNT\system32\wbem\wbemsvc.dll] [Microsoft Corporation, 1.50.1085.0007]
[PID: 432][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\ADVAPI32.DLL] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\GDI32.DLL] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\shim.dll] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\SHELL32.dll] [Microsoft Corporation, 5.00.3900.7105]
[C:\WINNT\system32\OLE32.DLL] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\CLBCATQ.DLL] [Microsoft Corporation, 2000.2.3529.0]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINNT\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.00.2195.6659]
[C:\WINNT\system32\MPR.DLL] [Microsoft Corporation, 5.00.2195.7134]
[C:\WINNT\system32\OLEACC.dll] [Microsoft Corporation, 4.2.3100.0]
[C:\WINNT\system32\SHDOCVW.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\browseui.dll] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\LINKINFO.DLL] [Microsoft Corporation, 5.00.2195.7069]
[C:\WINNT\system32\ntshrui.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\WINNT\system32\NETAPI32.DLL] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\WS2_32.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WLDAP32.DLL] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SAMLIB.dll] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\USERENV.DLL] [Microsoft Corporation, 5.00.2195.7002]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6926]
[C:\WINNT\system32\MSASN1.dll] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\mydocs.dll] [Microsoft Corporation, 5.00.3502.6601]
[C:\WINNT\System32\ntlanman.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\System32\NETUI0.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\System32\NETUI1.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MSI.DLL] [Microsoft Corporation, 3.1.4000.4033]
[C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1601]
[C:\WINNT\system32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1601]
[C:\WINNT\system32\VERSION.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[C:\WINNT\system32\WINMM.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\WINNT\system32\docprop2.dll] [Microsoft Corporation, 5.00.2178.1]
[C:\WINNT\system32\MSVFW32.DLL] [Microsoft Corporation, 5.00.2195.6612]
[C:\WINNT\system32\AVIFIL32.DLL] [Microsoft Corporation, 5.00.2195.6612]
[C:\WINNT\system32\MSACM32.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\faxshell.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINNT\system32\MLANG.dll] [Microsoft Corporation, 6.00.2800.1106]

下雨的心 - 2007-12-8 15:45:00

[PID: 472][F:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\kernel32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\comdlg32.dll] [Microsoft Corporation, 5.00.3700.6693]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\SHELL32.DLL] [Microsoft Corporation, 5.00.3900.7105]
[C:\WINNT\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.00.2195.6659]
[C:\WINNT\system32\MPR.DLL] [Microsoft Corporation, 5.00.2195.7134]
[C:\WINNT\system32\oledlg.dll] [Microsoft Corporation, 1.0]
[C:\WINNT\system32\ole32.dll] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\OLEAUT32.dll] [Microsoft Corporation, 2.40.4531]
[C:\WINNT\system32\VERSION.dll] [Microsoft Corporation, 5.00.2195.6623]
[C:\WINNT\system32\LZ32.DLL] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2195.6926]
[C:\WINNT\system32\MSASN1.dll] [Microsoft Corporation, 5.00.2195.6905]
[C:\WINNT\system32\WINMM.dll] [Microsoft Corporation, 5.00.2161.1]
[C:\WINNT\system32\WS2_32.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\WS2HELP.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1601]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]
[C:\WINNT\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1227]
[C:\WINNT\system32\NTMARTA.DLL] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\WLDAP32.dll] [Microsoft Corporation, 5.00.2195.7017]
[C:\WINNT\system32\SAMLIB.dll] [Microsoft Corporation, 5.00.2195.6944]
[C:\WINNT\system32\NTDSAPI.dll] [Microsoft Corporation, 5.00.2195.6666]
[C:\WINNT\system32\DNSAPI.DLL] [Microsoft Corporation, 5.00.2195.7100]
[C:\WINNT\system32\WSOCK32.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\NETAPI32.DLL] [Microsoft Corporation, 5.00.2195.7108]
[C:\WINNT\system32\NETRAP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\sfc.dll] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\sfcfiles.dll] [Microsoft Corporation, 5.00.2195.7038]
[F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINNT\system32\wintrust.dll] [Microsoft Corporation, 5.131.2195.6824]
[C:\WINNT\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.00.2195.6613]
[C:\WINNT\system32\rsaenh.dll] [Microsoft Corporation, 5.00.2195.6611]
[C:\WINNT\system32\USERENV.dll] [Microsoft Corporation, 5.00.2195.7002]
[C:\WINNT\system32\RASAPI32.DLL] [Microsoft Corporation, 5.00.2195.6920]
[C:\WINNT\system32\rasman.dll] [Microsoft Corporation, 5.00.2195.6824]
[C:\WINNT\system32\TAPI32.dll] [Microsoft Corporation, 5.00.2195.6664]
[C:\WINNT\system32\RTUTILS.DLL] [Microsoft Corporation, 5.00.2168.1]
[C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1601]
[C:\WINNT\System32\rnr20.dll] [Microsoft Corporation, 5.00.2195.6603]
[C:\WINNT\system32\iphlpapi.dll] [Microsoft Corporation, 5.00.2195.7097]
[C:\WINNT\system32\ICMP.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\MPRAPI.dll] [Microsoft Corporation, 5.00.2181.1]
[C:\WINNT\system32\ACTIVEDS.DLL] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\ADSLDPC.DLL] [Microsoft Corporation, 5.00.2195.6993]
[C:\WINNT\system32\SETUPAPI.DLL] [Microsoft Corporation, 5.00.2195.6622]
[C:\WINNT\system32\DHCPCSVC.DLL] [Microsoft Corporation, 5.00.2195.7085]
[C:\WINNT\System32\winrnr.dll] [Microsoft Corporation, 5.00.2160.1]
[C:\WINNT\system32\msafd.dll] [Microsoft Corporation, 5.00.2195.6602]
[C:\WINNT\System32\wshtcpip.dll] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\rasadhlp.dll] [Microsoft Corporation, 5.00.2195.7098]
[C:\WINNT\system32\Winsta.dll] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\utildll.dll] [Microsoft Corporation, 5.00.2195.6701]
[C:\WINNT\system32\asfsipc.dll] [Microsoft Corporation, 1.1.00.3917]
[C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 3.1.4000.1823]
[C:\WINNT\system32\wshext.dll] [Microsoft Corporation, 5.6.0.6626]
[C:\WINNT\system32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626]
[C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL] [Microsoft Corporation, 10.0.2625]
[C:\WINNT\system32\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[PID: 452][C:\WINNT\regedit.exe] [Microsoft Corporation, 5.00.2195.6707]
[C:\WINNT\system32\ntdll.dll] [Microsoft Corporation, 5.00.2195.7006]
[C:\WINNT\system32\KERNEL32.dll] [Microsoft Corporation, 5.00.2195.7135]
[C:\WINNT\system32\GDI32.dll] [Microsoft Corporation, 5.00.2195.7138]
[C:\WINNT\system32\USER32.dll] [Microsoft Corporation, 5.00.2195.7133]
[C:\WINNT\system32\ADVAPI32.dll] [Microsoft Corporation, 5.00.2195.7038]
[C:\WINNT\system32\RPCRT4.dll] [Microsoft Corporation, 5.00.2195.7090]
[C:\WINNT\system32\Secur32.dll] [Microsoft Corporation, 5.00.2195.6695]
[C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81]
[C:\WINNT\system32\comdlg32.dll] [Microsoft Corporation, 5.00.3700.6693]
[C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1914 (xpsp2.070817-1242)]
[C:\WINNT\system32\msvcrt.dll] [Microsoft Corporation, 6.10.9844.0]
[C:\WINNT\system32\SHELL32.DLL] [Microsoft Corporation, 5.00.3900.7105]
[C:\WINNT\system32\IMM32.DLL] [Microsoft Corporation, 5.00.2195.6655]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛