请看看我这诊断报告是中了什么毒!谢谢啦! bbs.ikaka.com

绿袋袋 - 2008-2-13 17:16:00

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-02-13 16:56:43
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1023.29MB - 当前可用内存:499.34MB

100 - 未知 - Process: RavMonD.exe [Rising Realtime Moniter] - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
100 - 未知 - Process: RavStub.exe [Rising RavStub] - D:\PROGRAM FILES\RISING\RAV\RavStub.exe
100 - 未知 - Process: RavTask.exe [RavTimer] - D:\Program Files\Rising\Rav\RavTask.exe
100 - 未知 - Process: RavMon.exe [Rising realtime monitor shell] - D:\Program Files\Rising\Rav\Ravmon.exe
100 - 未知 - Process: Rav.exe [Rising Antivirus 2008] - D:\Program Files\Rising\Rav\Rav.exe
100 - 未知 - Process: RsAgent.exe [RsAgent Application] - D:\Program Files\Rising\Rav\RsAgent.exe
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=www.baidu.com
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.baidu.com/
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.baidu.com/
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.baidu.com/
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.baidu.com/
R1 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page=http://www.baidu.com/
R1 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.baidu.com/
R1 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.baidu.com/
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Search Asst=no
O1 - 未知 - Host: 127.0.0.1 locator.metadata.windowsmedia.com
O1 - 未知 - Host: 127.0.0.1 onlinestore.smgbb.cn
O1 - 未知 - Host: 127.0.0.1 yu.8s7.net
O1 - 未知 - Host: 127.0.0.1 1.jopanqc.com
O1 - 未知 - Host: 127.0.0.1 2.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 wg.47255.com
O1 - 未知 - Host: 127.0.0.1 1.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 xxx.m111.biz
O1 - 未知 - Host: 127.0.0.1 1.jopenqc.com
O1 - 未知 - Host: 127.0.0.1 1.jopenkk.com
O1 - 未知 - Host: 127.0.0.1 xxx.vh7.biz
O1 - 未知 - Host: 127.0.0.1 xxx.j41m.com
O1 - 未知 - Host: 127.0.0.1 3.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 d.93se.com
O1 - 未知 - Host: 127.0.0.1 www.868wg.com
O1 - 未知 - Host: 127.0.0.1 xxx.mmma.biz
O1 - 未知 - Host: 127.0.0.1 ilove.com
O1 - 未知 - Host: 127.0.0.1 tp.shpzhan.cn
O1 - 未知 - Host: 127.0.0.1 www.tomwg.com
O1 - 未知 - Host: 127.0.0.1 www.cike007.cn
O1 - 未知 - Host: 127.0.0.1 www.22aaa.com
O1 - 未知 - Host: 127.0.0.1 xx.exiao01.com
O1 - 未知 - Host: 127.0.0.1 www.exiao01.com
O1 - 未知 - Host: 127.0.0.1 www.exiao01.com
O1 - 未知 - Host: 127.0.0.1 new.749571.com
O1 - 未知 - Host: 127.0.0.1 xtx.kv8.info
O1 - 未知 - Host: 127.0.0.1 cao.kv8.info
O1 - 未知 - Host: 127.0.0.1 1.jopmmqq.com
O1 - 未知 - Host: 127.0.0.1 171817.171817.com
O1 - 未知 - Host: 127.0.0.1 d2.llsging.com
O1 - 未知 - Host: 127.0.0.1 down.malasc.cn
O1 - 未知 - Host: 127.0.0.1 llboss.com
O1 - 未知 - Host: 127.0.0.1 nx.51ylb.cn
O1 - 未知 - Host: 127.0.0.1 my.531jx.cn
O1 - 未知 - Host: 127.0.0.1 qqq.dzydhx.com
O1 - 未知 - Host: 127.0.0.1 qqq.hao1658.com
O1 - 未知 - Host: 127.0.0.1 www.333292.com
O1 - 未知 - Host: 127.0.0.1 down.18dd.net
O1 - 未知 - Host: 127.0.0.1 up.22x44.com
O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 未知 - BHO: (QQToolbar) - [QQ工具栏] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O3 - 未知 - Toolbar: (QQToolbar) - [QQ工具栏] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{1E796980-9CC5-11D1-A83F-00C04FC99D61}] - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -
O4 - 未知 - HKLM\..\Run: [SkyTel] [Realtek Voice Manager] SkyTel.EXE
O4 - 未知 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] [Nero Home] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - 未知 - Extra context menu item: &使用超级旋风下载 - D:\Program Files\Tencent\QQDownload\geturl.htm
O8 - 未知 - Extra context menu item: &使用超级旋风下载全部链接 - D:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 百度Flash搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - 未知 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - 未知 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - 未知 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - 未知 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - 未知 - Extra context menu item: 百度新闻搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - 未知 - Extra context menu item: 豪杰超级解霸V8实时播放 - d:\Herosoft\HeroV8\MPURLGET.HTM
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: 豪杰超级解霸V8(HKLM) - d:\Herosoft\HeroV8\STHSDVD.EXE
O9 - 未知 - Extra button: 信息检索(HKLM) - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 未知 - Extra button: PPLive(HKLM) - D:\Program Files\PPLive\PPLive.exe
O9 - 未知 - Extra button: YlmF(HKCU) - http://www.ylmf.com
O21 - 未知 - Protocol Icons: HKCR\ftp\shell\open\command - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
O21 - 未知 - Protocol Icons: HKCR\https\shell\open\command - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
O21 - 未知 - Protocol Icons: HKCR\htmlfile\shell\open\command - "C:\Program Files\Maxthon\Maxthon.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\http\DefaultIcon - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE,1
O21 - 未知 - Protocol Icons: HKCR\ftp\DefaultIcon - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE,1
O21 - 未知 - Protocol Icons: HKCR\https\DefaultIcon - C:\PROGRA~1\MOZILL~1\FIREFOX.EXE,1
O23 - 未知 - Service: RsCCenter [Rising Process Communication Center] - "d:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 未知 - Service: RsRavMon [Rising RealTime Monitor] - "D:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (running)
O23 - 未知 - Service: Sysbak_hotkey_Server [Sysbak hotkey Server] - "C:\Program Files\Founder\Emergency Center\Hotkey.exe" /Service - (running)
O30 - 未知 - HKCU\..\Desktop: [Scrnsave.exe] [] C:\WINDOWS\豪杰多~1.SCR

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - d:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7)

绿袋袋 - 2008-2-13 17:21:00

100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - d:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - D:\Program Files\360safe\safemon\360tray.exe
100 - 安全 - Process: safeboxTray.exe [360安全卫士保险箱相关程序。] - D:\Program Files\360Safebox\safeboxTray.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: RTHDCPL.exe [瑞昱出品的声卡相关程序。] - C:\WINDOWS\RTHDCPL.EXE
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: hotkey.exe [一款键盘驱动程序。] - C:\Program Files\Founder\Emergency Center\Hotkey.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: NMBgMonitor.exe [是Nero Home刻录机软件相关程序。] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
100 - 安全 - Process: NMIndexStoreSvr.exe [nero home刻录机软件相关程序。] - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: agentsvr.exe [是一个ActiveX插件，用于多媒体程序。] - C:\WINDOWS\msagent\AgentSvr.exe -Embedding
100 - 安全 - Process: 360Safe.exe [360安全卫士] - D:\Program Files\360safe\360safe.exe
O2 - 安全 - BHO: (QQCycloneHelper Class) - [腾讯出品的超级旋风下载组件相关文件。] - {00000000-12C9-4305-82F9-43058F20E8D2} - D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [StormCodec_Helper] [是暴风影音的插件。] "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] d:\Program Files\360safe\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [360Safebox] [360安全卫士保险箱相关程序。] "d:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [RTHDCPL] [realtek声卡特性设置软件相关程序。] RTHDCPL.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [!!QQKav] [一款名叫qqkav的qq病毒专杀工具。] D:\Program Files\qqkav_newhua\qqkav_newhua.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [QQDownload] [超级旋风下载组件相关程序。] "D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq：即时通讯软件] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - 安全 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Windows升级工具V5) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156954709578
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - 安全 - Protocol Icons: HKCR\http\shell\open\command - "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1"
O22 - 安全 - Filename Extention: FIREFOX第三方浏览器 - FirefoxHTML
O22 - 安全 - Filename Extention: FIREFOX第三方浏览器 - FirefoxHTML
O23 - 安全 - Service: NBService [刻录软件包Nero内置的备份工具nero backitup相关服务。] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - (not running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)

=======================================

O31 - 未知 - Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll - Intel Corporation - igfxsrvc Module - 3.0.0.4342 - 348160 - e5926bc2e9cfa7d13f05b5e5f8e9cd52
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - de449c94c4c9e3db84e32029f20dd989
O31 - 未知 - SEApproved: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - d:\Program Files\Real\RealPlayer\rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2156 - 49198 - 9ac5a66c293fef3858f442589e4b33eb
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11077 - 466944 - 5a66b8384ca692d21c345f2a6ccb805b
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11077 - 466944 - 5a66b8384ca692d21c345f2a6ccb805b
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11077 - 466944 - 5a66b8384ca692d21c345f2a6ccb805b
O31 - 未知 - SEApproved: 无效的CLSID： - - - - - 0 -
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - de449c94c4c9e3db84e32029f20dd989
O31 - 未知 - BootExecute: bsmain - - - - 0 -
O31 - 未知 - BootExecute: - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -

=======================================

O40 - Explorer.EXE - - C:\Program Files\Founder\Emergency Center\SBHotkey.dll - - 12775e1598792b401cd69666d67fca20
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\NVRSZHC.DLL - NVIDIA Simplified Chinese language resource library - 27e418402b722137fd81b6d82464f90f
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\nvCplUIR.dll - NVIDIA Control Panel Resource Library, 1.4.2.9 - 3e37e16dd86035ffbc5af57d68f9bf2b
O40 - Explorer.EXE - - C:\WINDOWS\system32\nvshell.dll - - 5a66b8384ca692d21c345f2a6ccb805b
O40 - Explorer.EXE - herosoft - d:\Herosoft\HeroV8\VCvtShell.dll - VCvtShell - 0303f471b69eb38bf96a902bad93780f
O40 - Explorer.EXE - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - Nero BackItUp - 8ae2cc145f9de7feaa272d3d8dd90acc
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL - MFCDLL Shared Library - Retail Version - 7b93c623333f121dc9e689ccb1b7a733
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll - Microsoft? C Runtime Library - 86f1895ae8c5e8b17d99ece768a70732
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll - Microsoft? C++ Runtime Library - 561fa2abb31dfa8fab762145f81667c2
O40 - Explorer.EXE - Nero AG - C:\Program Files\Common Files\Ahead\Lib\MediaLibraryNSE.dll - Nero File Dialog - 9210cd075966fddeaa8c02f28d76b52e
O40 - Explorer.EXE - - d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll - DsBho - 02ea7ad2a4d4cac3fe9f2d2889ee7d8a
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll - DataProcessor - 018219ae6f6ddcb24482ca7fc31ec587

=======================================

O41 - Mulsys - File System Filter Driver - C:\WINDOWS\system32\drivers\mulsys.sys - (running) - File System Filter Driver - Softlumos Corporation - 5731669d893302ed0381ad84aee9f9d5
O41 - SafeBoxKrnl - 360安全卫士 - 保险箱 - d:\Program Files\360Safebox\SafeBoxKrnl.sys - (running) - 360安全卫士 - 保险箱 - 奇虎网 - fa5bed11e5476635922d303fb1730b05
O41 - FETNDISB - NDIS 5.0 miniport driver - C:\WINDOWS\system32\drivers\fetnd5b.sys - (not running) - NDIS 5.0 miniport driver - VIA Technologies, Inc. - 29063004926b225c417e7147822f5866
O41 - PauseDrv - PauseDrv - C:\WINDOWS\system32\drivers\PauseDrv.sys - (not running) - - - a650bc795439aae5c73abe8cb8838492

=======================================
360Safe.exe=3.7.0.1005
AntiAdwa.dll=3.6.3.1001
AntiEng.dll=3.6.4.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
live.dll=1.0.1.1021

=======================================
操作历史报告：

2008-01-06 20:46
清理恶评插件 - 百度超级搜霸 - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载：http://www.360safe.com

绿袋袋 - 2008-2-13 17:21:00

给看看吧

谢谢大侠了~~

绿袋袋 - 2008-2-13 17:25:00

有没有人在啊???

绿袋袋 - 2008-2-13 17:57:00

历害的人物都没有在吗?还是见死不管啊~~

绿袋袋 - 2008-2-13 18:53:00

有没人在啊??

LMhust - 2008-2-13 18:58:00

用sreng扫报告。

绿袋袋 - 2008-2-13 19:01:00

好的,马上等我一下呀

绿袋袋 - 2008-2-13 19:07:00

好多呢,要哪一个呢?

LMhust - 2008-2-13 19:11:00

智能扫描（把检查进程模块的数字签名勾上），最后保存报告，上传

绿袋袋 - 2008-2-13 19:19:00

[CODE]

2008-02-13,19:01:53

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG]
<QQDownload><"D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<360Safetray><d:\Program Files\360safe\safemon\360tray.exe /start> [奇虎网]
<360Safebox><"d:\Program Files\360Safebox\safeboxTray.exe" /r> [奇虎网]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SkyTel><SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Alcmtr><ALCMTR.EXE> [(Verified)Microsoft Windows Publisher]
<!!QQKav><D:\Program Files\qqkav_newhua\qqkav_newhua.exe> [Jsing.Net & QQKav.Com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\豪杰多~1.SCR> []

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
<"C:\Program Files\Founder\Emergency Center\Hotkey.exe" /Service><N/A>

==================================
驱动程序
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Softlumos Multi-Platform / Mulsys][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\Mulsys.SYS><Softlumos Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\d:\Program Files\360Safebox\SafeBoxKrnl.sys><奇虎网>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[videX32 / videX32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

绿袋袋 - 2008-2-13 19:22:00

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <D:\Program Files\PPLive\PPLive.exe, N/A>
[YlmF]
{7A37C212-F116-423D-8152-8340DD8C1848} <http://www.ylmf.com, N/A>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
<D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[百度Flash搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
<d:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

绿袋袋 - 2008-2-13 19:25:00

正在运行的进程
[PID: 512 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SYSTEM][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 964 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.60]
[D:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[D:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.30]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24]
[D:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
[D:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
[D:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[D:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[D:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.35]
[D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[D:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[D:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[D:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 41]
[D:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[D:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[D:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1436 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1580 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0089]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0089]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0089]
[C:\WINDOWS\system32\nvCplUIR.dll] [NVIDIA Corporation, 1.4.2.9]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [, 1, 0, 0, 12]
[d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 2, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 1848 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.0089]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0089]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[PID: 1860 / Administrator][D:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 3, 6, 4, 3003]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[D:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 3, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1884 / Administrator][D:\Program Files\360Safebox\safeboxTray.exe] [奇虎网, 1, 2, 0, 1001]
[D:\Program Files\360Safebox\safeboxapi.dll] [奇虎网, 1, 2, 0, 1001]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[D:\Program Files\360Safebox\liveupdate.dll] [奇虎网, 1, 2, 0, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]

绿袋袋 - 2008-2-13 19:25:00

[PID: 1896 / Administrator][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.22]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 1916 / Administrator][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.05]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[D:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[D:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
[D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 1932 / Administrator][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.1.2.4]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 2016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 140 / SYSTEM][C:\Program Files\Founder\Emergency Center\Hotkey.exe] [N/A, ]
[C:\Program Files\Founder\Emergency Center\MFC42D.DLL] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Founder\Emergency Center\MSVCRTD.dll] [Microsoft Corporation, 6.00.8168.0]
[C:\Program Files\Founder\Emergency Center\MSVCP60D.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[PID: 852 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 920 / Administrator][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,16,1, 9000]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1288 / Administrator][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,5,13,0]
[C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0]
[C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 2140 / Administrator][D:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 3340 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3584 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\Tencent\QQToolbar\IEBar.dll] [TENCENT, 2, 0, 16, 17]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll] [TENCENT, 2, 0, 16, 17]
[D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll] [腾讯公司, 1, 1, 0, 5]
[d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
[d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [, 1, 0, 0, 12]
[d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 3100 / Administrator][D:\Program Files\扫描日志\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[D:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[d:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[D:\Program Files\扫描日志\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

绿袋袋 - 2008-2-13 19:28:00

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 locator.metadata.windowsmedia.com
127.0.0.1 onlinestore.smgbb.cn
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1860, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 920, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1288, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

附件: 4785862008213191939.bmp

瑞星卡卡安全论坛