看看吧 bbs.ikaka.com

sdsfddsf - 2008-2-7 22:04:00

看看吧

[CODE]

2004-02-02,21:42:23

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<KASStart><"C:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE" -Startup> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<FlashPlayerUpdate><C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe> [(Verified)Adobe Systems Incorporated]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<NAVMon32><C:\WINDOWS\NAVMon32.exE> []
<SHAProc><C:\WINDOWS\SHAProc.exe> []
<BigDogPath><; C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<VTTimer><; VTTimer.exe> [S3 Graphics, Inc.]
<VTTrayp><; VTtrayp.exe> [S3 Graphics Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<pdryzafou><pdryzafou.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> []
<Userinit><C:\WINDOWS\system32\userinit.exe,> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><utgnehz.dll,nauhgnem.dll,auhad.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq.dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iqnauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dll,oadnew.dll,dgzg.dll,hz.dll,2ty.dll,jsfg.dll,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuyouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll,dqncj.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{4B23A8E5-CC9C-4A15-81F3-9B902C00AF4B}><C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys> []
<{2f32e793-9263-4aa5-862f-da2480554715}><C:\WINDOWS\system32\JAA-JAA-1032.dll> []
<{9a8234b5-a04c-4b0c-ad8c-f4fdb94c9543}><C:\WINDOWS\system32\RAA_RAA_1002.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
[office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\office.lnk --> C:\WINDOWS\system\SSLXPE~1.EXE [N/A]><N>

==================================
服务
[Alibaba / Alibaba][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k Alibaba-->%SystemRoot%\System32\oztzcd.dll><N/A>
[Common Framework / Common Framework][Stopped/Auto Start]
<C:\WINDOWS\system32\Common Framework><N/A>
[csrss1 / csrss][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k csrss-->%SystemRoot%\System32\tcqoyk.dll><N/A>
[Error Reporting Service / ERSvc][Stopped/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Rates / Windows Rates][Stopped/Auto Start]
<C:\WINDOWS\Windows Rates><N/A>
[E01FA41F / E01FA41F][Stopped/Auto Start]
<C:\WINDOWS\system32\8A4CD76B.EXE -d><Microsoft Corporation>
[Index Service / Index Service][Stopped/Auto Start]
<C:\WINDOWS\system32\Server.exe><N/A>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aacsas.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aarsi3x.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / AEC6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / AEC6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ARC.SYS><N/A>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\arcm_x86.sys><ARECA Technology Corporation>
[asc / asc][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\bchtsw32.sys><Broadcom Corporation>
[BCRAID / BCRAID][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\BCRAID.sys><Broadcom Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\cpqarry2.sys><Hewlett-Packard Company>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

sdsfddsf - 2008-2-7 22:07:00

Corporation>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[FASTSX / FASTSX][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FT8300 / FT8300][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[GD31244 / GD31244][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\gd31244.sys><Intel Corporation>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]

sdsfddsf - 2008-2-7 22:07:00

<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / IASTOR][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\iaStor.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\JRAID.SYS><JMicron Technology Corp.>
[M5228 / M5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[M5281 / M5281][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[mseqsy / mseqsy][Running/Auto Start]
<system32\DRIVERS\msacpe.sys><N/A>
[msskye / msskye][Running/Auto Start]
<system32\DRIVERS\msaclue.sys><N/A>
[NFRD960 / NFRD960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\冒险岛\npkcrypt.sys><INCA Internet Co., Ltd.>
[NVATABUS / NVATABUS][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / NVRAID][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / PNP680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / PNP680R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[puid / puid][Stopped/Manual Start]
<System32\DRIVERS\pabc.sys><CompanyName>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\rr232x.sys><HighPoint Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[S150SX8 / S150SX8][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124R][Stopped/Boot Start]

sdsfddsf - 2008-2-7 22:08:00

<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Si3132r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SISRAID / SISRAID][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid4.sys><Silicon Integrated Systems>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPTRAK / SPTRAK][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\trm3x5.sys><Tekram Technology Co., Ltd.>
[TwoTrack Compatible Device / TwoTrack][Stopped/Manual Start]
<System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ULSATA / ULSATA][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\vmscsi.sys><VMware, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\wd7296a.sys><Western Digital Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yywraezy / yywraezy][Running/Auto Start]

sdsfddsf - 2008-2-7 22:09:00

<\??\C:\WINDOWS\system32\drivers\oztzcd.SYS><N/A>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[DeepFree Update / DeepFree Update][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>
[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>

==================================
浏览器加载项
[]
{4B23A8E5-CC9C-4A15-81F3-9B902C00AF4B} <C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[雨林木风]
{CBF5BF69-1ECC-427F-9944-C5DEC36CF58C} <http://www.ylmf.com, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[]
{4B23A8E5-CC9C-4A15-81F3-9B902C00AF4B} <C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 596 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 688 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]

sdsfddsf - 2008-2-7 22:10:00

[PID: 888 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 976 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 1112 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\System32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 1168 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 1272 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 1652 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 528 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[c:\windows\system32\tcqoyk.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]
[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[PID: 1032 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 3780 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

sdsfddsf - 2008-2-7 22:10:00

[C:\WINDOWS\System32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\System32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[PID: 1476 / Administrator][C:\WINDOWS\Explorer.EXE] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[PID: 3644 / Administrator][C:\WINDOWS\system32\dllcache\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.2937 (xpsp_sp2_gdr.060623-0002)]
[C:\WINDOWS\system32\dllcache\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\MSVCP60.DLL] [Microsoft Corporation, 6.02.3104.0]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
[C:\WINDOWS\system32\dllcache\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
[C:\WINDOWS\system32\dllcache\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
[C:\WINDOWS\system32\dllcache\ntshrui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ATL.DLL] [Microsoft Corporation, 3.05.2284]
[C:\WINDOWS\system32\dllcache\msi.dll] [Microsoft Corporation, 3.1.4000.2435]
[C:\WINDOWS\system32\dllcache\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]
[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[C:\WINDOWS\system32\94879A32.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\dllcache\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\mlang.dll] [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
[C:\WINDOWS\system32\dllcache\wsock32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\rasman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\TAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\sensapi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\dllcache\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]

sdsfddsf - 2008-2-7 22:11:00

[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\dllcache\midimap.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\dllcache\SXS.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\browselc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\DUSER.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\WINDOWS\system32\dllcache\RASDLG.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\MPRAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\ACTIVEDS.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\dllcache\adsldpc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 2068 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[PID: 1640 / Administrator][C:\WINDOWS\pdryzafou.exe] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[PID: 3508 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[PID: 808 / Administrator][C:\Program Files\Kingsoft\KSysCleaner\KASStart.EXE] [Kingsoft Corporation, 2006, 11, 22, 14]
[C:\Program Files\Kingsoft\KSysCleaner\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Kingsoft\KSysCleaner\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Kingsoft\KSysCleaner\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\Program Files\Kingsoft\KSysCleaner\PopSprt3.dll] [Kingsoft Corporation, 2006, 8, 7, 38]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[PID: 5652 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]

sdsfddsf - 2008-2-7 22:11:00

[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[PID: 4012 / Administrator][C:\WINDOWS\system32\inf\svchosts.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\lwisys16_080202.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]
[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[PID: 2400 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\wincheck080127.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[PID: 5584 / Administrator][C:\WINDOWS\system32\00.exe] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[PID: 220 / Administrator][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\HDDGuard.dll] [N/A, ]
[PID: 3072 / Administrator][C:\WINDOWS\system32\gggg22.exe] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]

sdsfddsf - 2008-2-7 22:12:00

[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]
[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[C:\WINDOWS\system32\HDDGuard.dll] [N/A, ]
[PID: 1992 / Administrator][C:\WINDOWS\system32\lssass.exe] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\WINDOWS\system32\HDDGuard.dll] [N/A, ]
[PID: 3832 / Administrator][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2404 / SYSTEM][c:\program files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2904 / Administrator][C:\PROGRAM FILES\WINRAR\WINRAR.EXE] [N/A, ]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[C:\WINDOWS\system32\JAA-JAA-1032.dll] [N/A, ]

sdsfddsf - 2008-2-7 22:12:00

[C:\WINDOWS\system32\RAA_RAA_1002.dll] [N/A, ]
[PID: 1136 / Administrator][c:\temp\rar$ex00.360\srengps.exe] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\auhad.dll] [N/A, ]
[C:\WINDOWS\system32\gnolnait.dll] [N/A, ]
[C:\WINDOWS\system32\ijougiemnaw.dll] [N/A, ]
[C:\WINDOWS\system32\niluw.dll] [N/A, ]
[C:\WINDOWS\system32\naixuhz.dll] [N/A, ]
[C:\WINDOWS\system32\iqnauhc.dll] [N/A, ]
[C:\WINDOWS\system32\3auhad.dll] [N/A, ]
[C:\WINDOWS\system32\jsqc.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys] [N/A, ]
[c:\windows\system32\oztzcd.dll] [N/A, ]
[C:\WINDOWS\system32\NAVMon32.dll] [N/A, ]
[C:\WINDOWS\system32\SHAProc.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\saznutzf.dll] [N/A, ]
[C:\WINDOWS\xjpfanrt.dll] [N/A, ]
[C:\WINDOWS\swyzxwld.dll] [N/A, ]
[c:\temp\rar$ex00.360\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 locator.metadata.windowsmedia.com
127.0.0.1 onlinestore.smgbb.cn
127.0.0.1 locator.metadata.windowsmedia.com
127.0.0.1 onlinestore.smgbb.cn
127.0.0.1 ads.52fb.cn
127.0.0.1 update.cpushpop.com
127.0.0.1 image.yahoo550.com
127.0.0.1 gs.chnsystem.com
127.0.0.1 msl.chnsystem.com
127.0.0.1 ssl.chnsystem.com
127.0.0.1 www.gagagaga.cn
127.0.0.1 down.1024tb.com
127.0.0.1 xconf.coopen.cn
127.0.0.1 log.xplayer.coopen.cn
127.0.0.1 xfile.coopen.cn
127.0.0.1 loader.smartpv.cn
127.0.0.1 alerts.xiaoi.com
127.0.0.1 sports.yahoo550.com
127.0.0.1 update.cnnic.cn
127.0.0.1 jump.cnnic.cn
127.0.0.1 login.zuoyoukongjian.com
127.0.0.1 adfirefox.cn
127.0.0.1 3.wornm.cn
127.0.0.1 5.haokandi.cn
127.0.0.1 b.downadown.cn
127.0.0.1 update.iesuper.com
127.0.0.1 888.843call.cn
127.0.0.1 122.770304123.cn
127.0.0.1 110.770304123.cn
127.0.0.1 343.boolans.com
127.0.0.1 update.smartpv.cn
127.0.0.1 update146.smartpv.cn
127.0.0.1 js4.all4ad.net
127.0.0.1 click2.ad4all.net
127.0.0.1 www.papaop.com
127.0.0.1 realname.webbrowser.smartpv.cn
127.0.0.1 login.webbrowser.smartpv.cn
127.0.0.1 www.133c.cn
127.0.0.1 zhoupk256.3322.org
127.0.0.1 udp.hjob123.com
127.0.0.1 d4.kkads.cn
127.0.0.1 www.zhaoyou8.com
127.0.0.1 www.kkads.cn
127.0.0.1 travel.yahoo550.com
127.0.0.1 soft.16990.com
127.0.0.1 livenews.265.com
127.0.0.1 bak.hjob123.com
127.0.0.1 www.jesuser.cn
127.0.0.1 class.caiyi8.com
127.0.0.1 ownload.baofeng.com
127.0.0.1 www.177i.com
127.0.0.1 www.81891111.com
127.0.0.1 www.our9988.cn
127.0.0.1 33.xingaide8.cn
127.0.0.1 444.916kk.com
127.0.0.1 www.916kk.com
127.0.0.1 soft2.86sifu.com
127.0.0.1 google.netcdn.com
127.0.0.1 lm.9cdn.com
127.0.0.1 www.z88.com.cn
127.0.0.1 adswin.unet.hk
127.0.0.1 www.borlander.com.cn
127.0.0.1 cab.borlander.com.cn
127.0.0.1 www.333292.com
127.0.0.1 net.jnnic.com
127.0.0.1 www.plunix.org
127.0.0.1 ip.9cdn.com
127.0.0.1 test8.b190.west263.cn
127.0.0.1 yz.jz173.com
127.0.0.1 www.yy17173.cn
127.0.0.1 www.daydayshop.cn
127.0.0.1 www.yahoo550.com
127.0.0.1 wifayy.51vip.biz
127.0.0.1 sss.969222.com

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1476, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1640, C:\WINDOWS\PDRYZAFOU.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1640, C:\WINDOWS\PDRYZAFOU.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 808, C:\PROGRAM FILES\KINGSOFT\KSYSCLEANER\KASSTART.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 808, C:\PROGRAM FILES\KINGSOFT\KSYSCLEANER\KASSTART.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5652, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5652, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2904, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2904, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\NAVMon32.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛