神啊，救救我吧！！ bbs.ikaka.com

jefwioe - 2008-4-17 23:31:00

神啊，救救我吧！！
瑞星被攻击，又瘫痪了!
[CODE]

2008-04-17,23:03:40

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<SoundMan><SoundMan.exe> [1]
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE> []
<mppds><C:\WINDOWS\mppds.EXE> []
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<tciocp32><C:\WINDOWS\tciocp32.exe> []
<fmsbbqi><C:\WINDOWS\fmsbbqi.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<sclzslvv><C:\WINDOWS\czlvibfe.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<SHAProc><C:\WINDOWS\SHAProc.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
<mfchlp32><C:\WINDOWS\mfchlp32.exe> []
<dndsioc><C:\WINDOWS\dndsioc.exe> []
<WINSvr32><C:\WINDOWS\WINSvr32.exE> []
<fmbiost><C:\WINDOWS\fmbiost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\UserInit.exe,> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosmhfp01.dll,msoscqit01.dll,msosdohs01.dll,msosmnsf01.dll,msosptfs01.dll,msosping01.dll,msosfmsq01.dll,msosjtio00.dll,msosdrop00.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ED561258-45F3-A451-F908-A258458226DE}><C:\WINDOWS\Fonts\kvdxsnma.dll> [N/A]
<{F34345F1-DACF-3452-CB7D-4620F34A153F}><C:\WINDOWS\Fonts\rsztopm.dll> [N/A]
<{892FADFA-BCDE-ACDF-CDEF-21054865CBA8}><C:\WINDOWS\Fonts\wsmsfzx.dll> [N/A]
<{6A57CAD1-412F-9547-713F-9641FA3FC7A6}><C:\WINDOWS\Fonts\okmhfzy.dll> [N/A]
<{57650011-3344-6688-4899-345FABCD1575}><C:\WINDOWS\Fonts\ratbtpi.dll> [N/A]
<{CB681598-AD5F-BC8C-77DC-748FAC8D3FBC}><C:\WINDOWS\Fonts\kafylzy.dll> [N/A]
<{C4783410-4F90-34A0-7820-3230ACD05F4C}><C:\WINDOWS\Fonts\raqjlpi.dll> [N/A]
<{D9FA4178-7749-A8D9-F5C8-88645525769D}><C:\WINDOWS\Fonts\kashmzy.dll> [N/A]
<{55679330-4034-9021-7012-909856721375}><C:\WINDOWS\Fonts\wszjezx.dll> [N/A]
<{A960356A-458E-DE24-BD50-268F589A56AA}><C:\WINDOWS\Fonts\avwljmn.dll> [N/A]
<{E859245F-345D-BC13-AC4F-145D47DA34FE}><C:\WINDOWS\Fonts\avzxnmn.dll> [N/A]
<{9A1247C1-53DA-FF43-ABD3-345F323A48D9}><C:\WINDOWS\Fonts\avwgimn.dll> [N/A]
<{A8907901-1416-3389-9981-37217856998A}><C:\WINDOWS\Fonts\kawdjzy.dll> [N/A]
<{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll> [N/A]
<{3A098324-8631-9087-7650-8907643562A3}><C:\WINDOWS\Fonts\jsqscyc.dll> [N/A]
<{6598FF45-DA60-F48A-BC43-10AC47853D56}><C:\WINDOWS\Fonts\rarjfpi.dll> [N/A]
<{BE32FA58-3453-FA2D-BC49-F340348ACCEB}><C:\WINDOWS\Fonts\rsmykpm.dll> [N/A]
<{2D098345-9012-8750-8910-9128098134D2}><C:\WINDOWS\Fonts\jsqxbyc.dll> [N/A]
<{595fc807-9d7f-4889-8194-b0fb4af7ba4c}><C:\WINDOWS\System32\IGB_GFSJ_1001.dll> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<{6FC63358-5E38-4583-914B-119CA485A53C}><C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys> []
<{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\System32\msosiocp.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
<IFEO[360Loader.exe]><svchost.exe> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
<IFEO[ctfmon.exe]><SoundMan.exe> [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
<IFEO[IceSword]><svchost.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
<IFEO[ras]><svchost.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
<IFEO[runiep]><svchost.exe> [(Verified)Microsoft Windows XP Publisher]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MAXTHON 2.0)

jefwioe - 2008-4-17 23:32:00

启动文件夹
N/A

==================================
服务
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\interne.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\rising杀毒软件\防火墙\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<d:\rising杀毒软件\防火墙\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"D:\Rising杀毒软件\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\RISING杀毒软件\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Auto Start]
<system32\DRIVERS\msconkt.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Running/Manual Start]
<System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Conexant Riptide WDM Audio Driver / crtaud][Running/Manual Start]
<system32\drivers\crtaud.sys><Conexant Systems Inc.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\D:\RISING杀毒软件\RISING\RAV\ExpScan.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
<System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
<System32\DRIVERS\HSF_FSKS.sys><Conexant>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Rising杀毒软件\防火墙\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[hsf_msft / hsf_msft][Running/Manual Start]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56][Running/Auto Start]
<System32\DRIVERS\HSF_K56K.sys><Conexant>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\D:\RISING杀毒软件\RISING\RAV\MEMSCAN.sys><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp1C.tmp><N/A>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\rising杀毒软件\防火墙\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[MS / MS][Stopped/Manual Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp74.tmp><N/A>
[mseqsy / mseqsy][Stopped/Auto Start]
<system32\DRIVERS\msacpe.sys><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\msosmsfpfis64.sys><N/A>
[npkcusb / npkcusb][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\npkcusb.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ptfs / ptfs][Stopped/Auto Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp24.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Running/Manual Start]
<System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Conexant Riptide Dummy Driver / rpfun][Running/Manual Start]
<system32\drivers\rpfun.sys><Conexant Systems Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\Rising杀毒软件\防火墙\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\D:\RISING杀毒软件\RISING\RAV\RSPPSYS.sys><N/A>
[Conexant Riptide Bus / Firmware Downloader / rthwcls][Running/Manual Start]
<system32\drivers\rthwcls.sys><Conexant Systems Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[USB2.0 PC Camera (SNP2UVC) / SNP2UVC][Stopped/Manual Start]
<System32\DRIVERS\snp2uvc.sys><>
[SoftFax / SoftFax][Running/Auto Start]
<System32\DRIVERS\HSF_FAXX.sys><Conexant>
[SpeakerPhone / SpeakerPhone][Running/Auto Start]
<System32\DRIVERS\HSF_SPKP.sys><Conexant>
[Tones / Tones][Running/Auto Start]
<System32\DRIVERS\HSF_TONE.sys><Conexant>
[V124 / V124][Running/Auto Start]
<System32\DRIVERS\HSF_V124.sys><Conexant>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[mhfp / mhfp][Stopped/Auto Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp20.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp28.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp48.tmp><N/A>

==================================

jefwioe - 2008-4-17 23:33:00

浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, >
[]
{471B15AD-7A9C-491D-9C19-4E15B12DCE00} <C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys, N/A>
[]
{6FC63358-5E38-4583-914B-119CA485A53C} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
{9963387B-212E-4643-B207-82DAEA0E713D} <C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\System32\GDREAD~1.DLL, >
[InfoSecNetSign Class]
{5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\DOWNLO~1\ICBCNE~1.DLL, Infosec Technologies Co., Ltd.>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[iChatX Object]
{C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINDOWS\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[QQChatInstallerHelper Class]
{C4DC211B-EDED-4EE1-9821-48E807DAF121} <C:\WINDOWS\System32\QQChatInstaller.dll, TODO: <Company name>>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\Bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\Bluesky\BLUESK~1\v2.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Ppd Control]
{2F2BA87D-385E-4922-B41C-06E190B06AA9} <C:\PROGRA~1\Bluesky\BLUESK~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\Bluesky\BLUESK~1\share.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Traceppd Control]
{5910C66C-F9BA-4306-8175-C098B7F0ED62} <C:\PROGRA~1\Bluesky\BLUESK~1\traceppd.ocx, BlueskyStudio(http://www.bluesky.cn)>
[PP Control]
{616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <C:\PROGRA~1\Bluesky\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\Bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\Bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, Bluesky Studio (http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\Bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\Bluesky\BLUESK~1\TRACEC~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Imgsend Control]
{AA1561BF-D290-4060-919B-499849629205} <C:\PROGRA~1\Bluesky\BLUESK~1\imgsend.ocx, Bluesky Studio (http://www.bluesky.cn)>
[PPChat Control]
{AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <C:\PROGRA~1\Bluesky\BLUESK~1\ppchat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\Bluesky\BLUESK~1\client.ocx, BlueskyStudio(http://www.bluesky.cn)>
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\Bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[&使用迅雷下载]
<D:\迅雷5\可删\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\迅雷5\可删\getallurl.htm, N/A>

==================================

jefwioe - 2008-4-17 23:34:00

正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 488 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 512 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 892 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 928 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1268 / wuchangyuan][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[D:\搜狗拼音输入法 V3.1 正式版\可删\ZipLib.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys] [N/A, ]
[C:\WINDOWS\System32\msosiocp.dll] [N/A, ]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\System32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\System32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\System32\msccrt.dll] [N/A, ]
[C:\WINDOWS\System32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\System32\jlklvvrb.dll] [N/A, ]
[C:\WINDOWS\System32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\System32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\System32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\System32\dndsioc.dll] [N/A, ]
[C:\WINDOWS\System32\WINSvr32.dll] [N/A, ]
[C:\WINDOWS\System32\fmbiost.dll] [N/A, ]
[PID: 1288 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1580 / SYSTEM][C:\WINDOWS\SoundMan.exe] [1, 1.00]
[C:\WINDOWS\System32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9237]
[PID: 1772 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 228 / wuchangyuan][D:\Rising杀毒软件\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.08]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising杀毒软件\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Rising杀毒软件\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Rising杀毒软件\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Rising杀毒软件\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[D:\Rising杀毒软件\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[D:\Rising杀毒软件\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Rising杀毒软件\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\Rising杀毒软件\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Rising杀毒软件\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[D:\Rising杀毒软件\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24]
[D:\Rising杀毒软件\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys] [N/A, ]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[D:\Rising杀毒软件\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
[D:\Rising杀毒软件\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[C:\WINDOWS\System32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\System32\SHAProc.dat] [N/A, ]
[PID: 1040 / wuchangyuan][D:\傲游浏览器6.10\Maxthon2222\Maxthon.exe] [Maxthon International ltd., 2, 0, 2, 615]
[D:\傲游浏览器6.10\Maxthon2222\mxpp.dll] [Maxthon, 1, 0, 0, 50]
[D:\傲游浏览器6.10\Maxthon2222\MxSk.dll] [Maxthon, 1, 0, 0, 119]
[D:\傲游浏览器6.10\Maxthon2222\MxProxy2.dll] [, 1, 0, 0, 3115]
[C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys] [N/A, ]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[D:\傲游浏览器6.10\Maxthon2222\MxFav.dll] [Maxthon, 1, 0, 0, 186]
[D:\傲游浏览器6.10\Maxthon2222\maxzlib.dll] [, 1.2.3]
[D:\傲游浏览器6.10\Maxthon2222\mxtool.dll] [, 1, 0, 0, 1]
[D:\傲游浏览器6.10\Maxthon2222\mxfeedU.dll] [, 1, 0, 45, 45]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Rising杀毒软件\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\System32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\System32\WSockDrv32.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\System32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\System32\msccrt.dll] [N/A, ]
[C:\WINDOWS\System32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\System32\jlklvvrb.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\System32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\System32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\System32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\System32\dndsioc.dll] [N/A, ]
[C:\WINDOWS\System32\WINSvr32.dll] [N/A, ]
[C:\WINDOWS\System32\fmbiost.dll] [N/A, ]
[PID: 3520 / wuchangyuan][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys] [N/A, ]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\WINDOWS\System32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\System32\PTSShell.dll] [N/A, ]
[PID: 5264 / wuchangyuan][D:\杀毒\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys] [N/A, ]
[C:\WINDOWS\System32\SOGOUPY.IME] [Sohu.com Inc., 3, 1, 0, 0]
[D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\WINDOWS\System32\SHAProc.dat] [N/A, ]
[C:\WINDOWS\System32\PTSShell.dll] [N/A, ]
[D:\杀毒\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\System32\fmbiost.dll] [N/A, ]
[C:\WINDOWS\System32\WINSvr32.dll] [N/A, ]
[C:\WINDOWS\System32\dndsioc.dll] [N/A, ]
[C:\WINDOWS\System32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\System32\jlklvvrb.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\System32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\System32\msccrt.dll] [N/A, ]
[C:\WINDOWS\System32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\System32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\System32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\System32\WSockDrv32.dll] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1580, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1040, D:\傲游浏览器6.10\MAXTHON2222\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1040, D:\傲游浏览器6.10\MAXTHON2222\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛