Trojan.Win32.Mnless.zlr怎么彻底删除 bbs.ikaka.com

我啦 - 2007-12-8 11:30:00

最近点闹里出现这个归东西Trojan.Win32.Mnless.zlr,每次都备份失败，删除感染文件，怎么都弄不掉，其路径为c:\WINNT\system32\drivers\6ggsgrp.sys,每次感染的文件都是
6ggsgrp.sys上网站上查了下都没这归东西的影，希望大家帮帮忙

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; WBP/20070724)

newcenturymoon - 2007-12-8 11:40:00

首先下载Xdelbox这个软件下载地址http://www.dodudou.com/down/里面的原创软件文件夹下
下载后
解压所有文件到一个文件夹
在添加旁边的框中分别输入
c:\WINNT\system32\drivers\6ggsgrp.sys
输入完一个以后点击旁边的添加按钮被添加的文件将出现在下面的大框中
然后一次性选中（按住ctrl)下面大框中所有的文件
右键单击点击重启立即删除
重启计算机以后会有两个系统进入的选择的倒计时界面
第一个是你原来的windows系统
第二个是这个软件给你设定的dos系统
系统会自动选择进入第二个系统
类似dos的界面滚动完毕以后病毒就被删除了
之后他会自动重启进入正常模式

我啦 - 2007-12-8 15:15:00

【回复“newcenturymoon”的帖子版主把文件解压到C:\WINNT\system32\drivers\6ggsgrp.sys显示的是c:\WINNT\system32\drivers\6ggsgrp.sys无法被创建，这是怎么回是5啊

我啦 - 2007-12-8 15:22:00

拜托知道的赶快帮我一下，在菜鸟我此先谢谢各位了

Enao2005 - 2007-12-8 17:08:00

打开XDelBox==>在文件路径填上C:\WINNT\system32\drivers\6ggsgrp.sys==>点添加==>勾选上抑制再生==>选中列表中的文件点右键==>选择立刻重启执行删除

我啦 - 2007-12-10 12:24:00

还是不怎么滴啊，最好给我个操作图片，我是菜鸟啊，不怎么会，拜托啦，谢谢各位

火影忍者 - 2007-12-10 12:53:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

请配合

我啦 - 2007-12-10 15:54:00

进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
<CU2007><"F:\Program Files\CU2007\9158.exe" -u> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<IgfxTray><C:\WINNT\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINNT\system32\hkcmd.exe> [Intel Corporation]
<FTSafeNetRockeyService4.0><D:\tigerock\nrSvr.exe -systray> [Feitian Technologies Co.,Ltd.]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [TENCENT]
<RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [(Verified)China Internet Network Information Center]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDCG32 ><LYLeador.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><rsmyfpm.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]

我啦 - 2007-12-10 15:55:00

启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[FTSafe Net Rockey Service / FTSafeNetRockeyService4.0][Running/Auto Start]
<d:\tigerock\nrSvr.exe -dispatch><Feitian Technologies Co.,Ltd.>
[Windows fxyq RunThem / fxyq][Others/Auto Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\astl\kcdv.dll><N/A>
[Gdi Server / Gdi Server][Stopped/Auto Start]
<c:\program files\common files\system\gdiServer.exe><N/A>
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINNT\system32\ineters.exe><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]

我啦 - 2007-12-10 16:00:00

C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[41jzqxgd / 41jzqxgd][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\41jzqxgd.sys><N/A>
[6ggsgr / 6ggsgrp][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\6ggsgrp.sys><N/A>
[9158cap, WDM Video Capture / 9158CAP][Running/Auto Start]
<system32\DRIVERS\9158cap.sys><www.9158.com>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[aididcid / aididcid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\aididcid.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[dbeffccb / dbeffccb][Stopped/Boot Start]
<\SystemRoot\system32\drivers\dbeffccb.sys><中国互联网络信息中心(CNNIC)>
[digahchi / digahchi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\digahchi.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
<system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ihkfkk09 / ihkfkk09][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\ihkfkk09.sys><N/A>
[jpsdrv33 / jpsdrv33][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\jpsdrv33.sys><N/A>
[jtjika18 / jtjika18][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\jtjika18.sys><N/A>
[klrqvz23 / klrqvz23][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\klrqvz23.sys><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[ROCKEYNT / ROCKEYNT][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[rockusb / rockusb][Running/Manual Start]
<system32\DRIVERS\rockusb.sys><FeiTian New Tech Inc>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[szvcjx46 / szvcjx46][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\szvcjx46.sys><N/A>
[tngglv61 / tngglv61][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\tngglv61.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[wzpiqy89 / wzpiqy89][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\wzpiqy89.sys><N/A>
[zshoyi12 / zshoyi12][Stopped/Manual Start]
<\??\C:\WINNT\system32\drivers\zshoyi12.sys><N/A>
[ANC USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
<System32\Drivers\usbVM303.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

我啦 - 2007-12-10 16:01:00

览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <F:\讯雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINNT\system32\ssup.dll, TENCENT>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <F:\讯雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[WZCNBHO Class]
{D500885E-E400-41CA-804B-CD6373A7EEF2} <C:\Program Files\WZCN\cn_ie_wzcn.dll, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\讯雷\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINNT\system32\msxml4.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[TXPhoneSupport.SystemSpecInfo]
{E6AE07CB-9961-423A-9EC6-7F11A9F47ADF} <C:\WINNT\DOWNLO~1\TXPhone.ocx, TENCENT>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <F:\讯雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\讯雷\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <F:\讯雷\Components\DownAndPlay\DapPlayer3.0.36.60.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
<F:\讯雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<F:\讯雷\Program\getallurl.htm, N/A>
[添加到QQ表情]
<F:\腾讯QQ\AddEmotion.htm, N/A>

==================================

我啦 - 2007-12-10 16:10:00

正在运行的进程
[PID: 104][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 240][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 516][d:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 788][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 820][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 864][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[PID: 880][d:\tigerock\nrSvr.exe] [Feitian Technologies Co.,Ltd., 1, 0, 10, 1813]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 916][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1000][C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINNT\system32\AUTHZ.DLL] [Microsoft Corporation, 5.00.2195.7028]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[PID: 1044][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6

我啦 - 2007-12-10 16:12:00

[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1084][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1128][C:\WINNT\system32\stisvc.exe] [Microsoft Corporation, 5.00.2195.6656]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1172][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1260][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1392][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\kab2qm.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[F:\讯雷\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[F:\讯雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\wmploc.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\wmvcore.dll] [Microsoft Corporation, 9.00.00.3265 (xpsp_sp2_qfe.061206-2330)]
[C:\WINNT\system32\wmidx.dll] [Microsoft Corporation, 9.00.00.2980]
[C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\WINNT\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 2, 11]
[F:\讯雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[F:\讯雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[D:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 1556][C:\WINNT\system32\igfxtray.exe] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3,0,0,2104]
[PID: 1568][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,2104]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\igfxhk.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[PID: 1584][D:\tigerock\nrSvr.exe] [Feitian Technologies Co.,Ltd., 1, 0, 10, 1813]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[PID: 1592][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.19]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[PID: 1608][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Ri

我啦 - 2007-12-10 16:14:00

[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1616][C:\WINNT\system32\Rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1696][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1712][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINNT\system32\SQLUNIRL.dll] [Microsoft Corporation, 2000.080.0728.00]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINNT\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1128.00 built by: xpsp(_sqlbld)]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 4064][D:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.7]
[C:\WINNT\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[PID: 3640][C:\WINNT\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 4508][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 4412][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 14, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [0, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 6, 7, 12]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 11, 14, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 11, 14, 17]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 11, 14, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINNT\system32\pthreadVC.dll] [N/A, ]
[C:\WINNT\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]

我啦 - 2007-12-10 16:15:00

[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[C:\WINNT\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[PID: 4652][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.9]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 5452][D:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5476][F:\讯雷\Components\InMedia\ThunderMinisite.exe] [Thunder Networking Technologies,LTD, 1, 0, 1, 10]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[F:\讯雷\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5472][C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CJB3EKHL\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CJB3EKHL\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 5316][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 31]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 2, 11]
[F:\讯雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [0, 2005, 3, 3, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\WINNT\system32\ssup.dll] [TENCENT, 5, 0, 1, 19]
[F:\讯雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[F:\讯雷\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[F:\讯雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINNT\system32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]

==================================
文件关联

我啦 - 2007-12-10 16:16:00

.TXT Error. [C:\WINNT\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
192.168.70.1 S0001
192.168.70.2 S0002
192.168.70.3 S0003
192.168.70.4 S0004
192.168.70.5 S0005
192.168.70.6 S0006
192.168.70.7 S0007
192.168.70.8 S0008
192.168.70.9 S0009
192.168.70.10 S0010
192.168.70.11 S0011
192.168.70.12 S0012
192.168.70.13 S0013
192.168.70.14 S0014
192.168.70.15 S0015
192.168.70.16 S0016
192.168.70.17 S0017
192.168.70.18 S0018
192.168.70.19 S0019
192.168.70.20 S0020
192.168.70.21 S0021
192.168.70.22 S0022
192.168.70.23 S0023
192.168.70.24 S0024
192.168.70.25 S0025
192.168.70.26 S0026
192.168.70.27 S0027
192.168.70.28 S0028
192.168.70.29 S0029
192.168.70.30 S0030
192.168.70.31 S0031
192.168.70.32 S0032
192.168.70.33 S0033

我啦 - 2007-12-10 16:17:00

192.168.70.34 S0034
192.168.70.35 S0035
192.168.70.36 S0036
192.168.70.37 S0037
192.168.70.38 S0038
192.168.70.39 S0039
192.168.70.40 S0040
192.168.70.41 S0041
192.168.70.42 S0042
192.168.70.43 S0043
192.168.70.44 S0044
192.168.70.45 S0045
192.168.70.46 S0046
192.168.70.47 S0047
192.168.70.48 S0048
192.168.70.49 S0049
192.168.70.50 S0050
192.168.70.51 S0051
192.168.70.52 S0052
192.168.70.53 S0053
192.168.70.54 S0054
192.168.70.55 S0055
192.168.70.56 S0056
192.168.70.57 S0057
192.168.70.58 S0058
192.168.70.59 S0059
192.168.70.60 S0060
192.168.70.61 S0061
192.168.70.62 S0062
192.168.70.63 S0063
192.168.70.64 S0064
192.168.70.65 S0065
192.168.70.66 S0066
192.168.70.67 S0067
192.168.70.68 S0068
192.168.70.69 S0069
192.168.70.70 S0070
192.168.70.71 S0071
192.168.70.72 S0072
192.168.70.73 S0073
192.168.70.74 S0074
192.168.70.75 S0075
192.168.70.76 S0076
192.168.70.77 S0077
192.168.70.78 S0078
192.168.70.79 S0079
192.168.70.80 S0080
192.168.70.81 S0081
192.168.70.82 S0082
192.168.70.83 S0083
192.168.70.84 S0084
192.168.70.85 S0085
192.168.70.86 S0086
192.168.70.87 S0087
192.168.70.88 S0088
192.168.70.89 S0089
192.168.70.90 S0090
192.168.70.91 S0091
192.168.70.92 S0092
192.168.70.93 S0093
192.168.70.94 S0094
192.168.70.95 S0095
192.168.70.96 S0096
192.168.70.97 S0097
192.168.70.98 S0098

我啦 - 2007-12-10 16:19:00

192.168.70.99 S0099
192.168.70.100 S0100
192.168.70.101 S0101
192.168.70.102 S0102
192.168.70.103 S0103
192.168.70.104 S0104
192.168.70.105 S0105
192.168.70.106 S0106
192.168.70.107 S0107
192.168.70.108 S0108
192.168.70.109 S0109
192.168.70.110 S0110
192.168.70.111 S0111
192.168.70.112 S0112
192.168.70.113 S0113
192.168.70.114 S0114
192.168.70.115 S0115
192.168.70.116 S0116
192.168.70.117 S0117
192.168.70.118 S0118
192.168.70.119 S0119
192.168.70.120 S0120
192.168.70.121 S0121
192.168.70.122 S0122
192.168.70.123 S0123
192.168.70.124 S0124
192.168.70.125 S0125
192.168.70.126 S0126
192.168.70.127 S0127
192.168.70.128 S0128
192.168.70.129 S0129
192.168.70.130 S0130
192.168.70.131 S0131
192.168.70.132 S0132
192.168.70.133 S0133
192.168.70.134 S0134
192.168.70.135 S0135
192.168.70.136 S0136
192.168.70.137 S0137
192.168.70.138 S0138
192.168.70.139 S0139
192.168.70.140 S0140
192.168.70.141 S0141
192.168.70.142 S0142
192.168.70.143 S0143
192.168.70.144 S0144
192.168.70.145 S0145
192.168.70.146 S0146
192.168.70.147 S0147
192.168.70.148 S0148
192.168.70.149 S0149
192.168.70.150 S0150
192.168.70.151 S0151
192.168.70.152 S0152
192.168.70.153 S0153
192.168.70.154 S0154
192.168.70.155 S0155
192.168.70.156 S0156
192.168.70.157 S0157
192.168.70.158 S0158
192.168.70.159 S0159
192.168.70.160 S0160
192.168.70.161 S0161
192.168.70.162 S0162
192.168.70.163 S0163
192.168.70.164 S0164
192.168.70.165 S0165
192.168.70.166 S0166
192.168.70.167 S0167
192.168.70.168 S0168
192.168.70.169 S0169
192.168.70.170 S0170
192.168.70.171 S0171
192.168.70.172 S0172
192.168.70.173 S0173
192.168.70.174 S0174
192.168.70.175 S0175
192.168.70.176 S0176
192.168.70.177 S0177
192.168.70.178 S0178
192.168.70.179 S0179
192.168.70.180 S0180
192.168.70.181 S0181
192.168.70.182 S0182
192.168.70.183 S0183
192.168.70.184 S0184
192.168.70.185 S0185
192.168.70.186 S0186
192.168.70.187 S0187
192.168.70.188 S0188
192.168.70.189 S0189

我啦 - 2007-12-10 16:20:00

192.168.70.190 S0190
192.168.70.191 S0191
192.168.70.192 S0192
192.168.70.193 S0193
192.168.70.194 S0194
192.168.70.195 S0195
192.168.70.196 S0196
192.168.70.197 S0197
192.168.70.198 S0198
192.168.70.199 S0199
192.168.70.200 S0200
192.168.70.201 S0201
192.168.70.202 S0202
192.168.70.203 S0203
192.168.70.204 S0204
192.168.70.205 S0205
192.168.70.206 S0206
192.168.70.207 S0207
192.168.70.208 S0208
192.168.70.209 S0209
192.168.70.210 S0210
192.168.70.211 S0211
192.168.70.212 S0212
192.168.70.213 S0213
192.168.70.214 S0214
192.168.70.215 S0215
192.168.70.216 S0216
192.168.70.217 S0217
192.168.70.218 S0218
192.168.70.219 S0219
192.168.70.220 S0220
192.168.70.221 S0221
192.168.70.222 S0222
192.168.70.223 S0223
192.168.70.224 S0224
192.168.70.225 S0225
192.168.70.226 S0226
192.168.70.227 S0227
192.168.70.228 S0228
192.168.70.229 S0229
192.168.70.230 S0230
192.168.70.231 S0231
192.168.70.232 S0232
192.168.70.233 S0233
192.168.70.234 S0234
192.168.70.235 S0235
192.168.70.236 S0236
192.168.70.237 S0237
192.168.70.238 S0238
192.168.70.239 S0239
192.168.70.240 S0240
192.168.70.241 S0241
192.168.70.242 S0242
192.168.70.243 S0243
192.168.70.244 S0244
192.168.70.245 S0245
192.168.70.246 S0246
192.168.70.247 S0247
192.168.70.248 S0248
192.168.70.249 S0249
192.168.70.250 S0250
192.168.70.251 S0251
192.168.70.252 S0252
192.168.70.253 S0253
192.168.70.254 S0254
192.168.70.255 S0255

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 880, D:\TIGEROCK\NRSVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1000, C:\PROGRA~1\MICROS~2\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1556, C:\WINNT\SYSTEM32\IGFXTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1568, C:\WINNT\SYSTEM32\HKCMD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1584, D:\TIGEROCK\NRSVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1592, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1712, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4412, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5452, D:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5476, F:\讯雷\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

我啦 - 2007-12-10 16:21:00

怎么这么多啊，我没搞错吧，错了说下，小的菜鸟不懂啊

无悔de人生 - 2008-3-28 21:41:00

引用:

【火影忍者的贴子】

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

请配合
………………

麻烦帮下忙，谢谢了。

附件: 10323032008328212946.txt

瑞星卡卡安全论坛