菜鸟求助电脑高手中木马了!! bbs.ikaka.com

zerovx222 - 2008-5-30 22:33:00

中木马了!!怎么杀都杀不掉!!又怕删错文件!![code]2008-05-30,22:24:25
[CODE]

2008-05-30,22:24:25

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<xysecond><C:\bxy_vrv\vrvmon.exe> [vrv]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<RavTimer><C:\Program Files\rising\rav\RavTimer.exe> [N/A]
<RavMon><C:\Program Files\rising\rav\RavMon.exe> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

zerovx222 - 2008-5-30 22:34:00

<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [(Verified)Tencent Technology(Shenzhen) Company Limited]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> [N/A]
<{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll> []
<{EB71E0B3-E97D-4D30-8733-E28266467617}><> [N/A]
<{28EB3777-3E23-4E72-8449-A992D09D24C3}><C:\WINDOWS\system32\zgfdet.dll> [N/A]
<{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><> [N/A]
<{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgrefg.dll> []
<{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><> [N/A]
<{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><> [N/A]
<{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll> [N/A]
<{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll> [N/A]
<{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll> [N/A]
<{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]

zerovx222 - 2008-5-30 22:35:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe]
<IFEO[AvastU3.exe]><C:\Program Files\Common Files\Microsoft Shared\kpuhdxi.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe]
<IFEO[ghost.exe]><C:\Program Files\Common Files\Microsoft Shared\kpuhdxi.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe]
<IFEO[irsetup.exe]><C:\Program Files\Common Files\Microsoft Shared\kpuhdxi.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe]
<IFEO[QQSC.exe]><C:\Program Files\Common Files\Microsoft Shared\kpuhdxi.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe]
<IFEO[zjb.exe]><C:\Program Files\Common Files\Microsoft Shared\kpuhdxi.exe> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\Coopen.scr> [N/A]
==================================
启动文件夹
[开屏桌面画报]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\开屏桌面画报.lnk --> D:\GBA\360\Coopen\Coopen.exe [N/A]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\QQ\QQ.exe [TENCENT]><N>
==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\风暴\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<C:\Program Files\rising\rav\CCenter.exe><N/A>
[Rising Realtime Monitor Service / RsRavMon][Stopped/Auto Start]
<C:\Program Files\rising\rav\RavMonD.exe><N/A>
[Windows_rejoice46 / Windows_rejoice46][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice46.exe><N/A>
==================================

zerovx222 - 2008-5-30 22:35:00

驱动程序
[a320raid / a320raid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[ehxytrfy / ehxytrfy0][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ehxytrfy0.sys><N/A>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC][Stopped/Manual Start]
<system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp35.tmp><N/A>

zerovx222 - 2008-5-30 22:38:00

[hooksys / hooksys][Stopped/Auto Start]
<\??\C:\Program Files\rising\rav\hooksys.sys><N/A>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MegaIDE / MegaIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[New0 / New0][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\new.sys><N/A>
[nfrd960 / nfrd960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISIDE / SISIDE][Running/Boot Start]

zerovx222 - 2008-5-30 22:39:00

<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><N/A>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[vrvfilemon / VRVSYS][Running/Auto Start]
<\??\c:\bxy_vrv\filemon.sys><BXY>
[w91cd79e / w91cd79e][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\w91cd79e.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>
[322765 / 322765][Running/]
<2 - 系统找不到指定的文件。
><N/A>

zerovx222 - 2008-5-30 22:39:00

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C7-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[雨林木风]
{9151D07A-8147-4999-B766-FF0754974652} <http://www.ylmf.com, N/A>
[nEdit Control]
{32D72994-45B9-42B5-8980-FB561D1BE2D0} <C:\WINDOWS\system32\nEdit\nEdit.ocx, NetEase Information Technology (Beijing) Co. Ltd>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
{00000000-12C7-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, N/A>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]

zerovx222 - 2008-5-30 22:40:00

[PID: 1276 / SYSTEM][C:\风暴\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15]
[C:\风暴\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[PID: 1936 / Administrator][C:\bxy_vrv\vrvmon.exe] [vrv, 1, 0, 0, 1]
[C:\bxy_vrv\vrvmonsc.dll] [BeiXinYuan, 1, 0, 0, 1]
[C:\bxy_vrv\vrvcfg.dll] [N/A, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\bxy_vrv\vrvdll.dll] [N/A, ]
[C:\bxy_vrv\UNARJ.dll] [N/A, ]
[C:\bxy_vrv\UNZIP.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[PID: 1952 / Administrator][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1143]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[PID: 1992 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[PID: 2024 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[PID: 952 / Administrator][C:\Program Files\ChinaNet\VnetClient.exe] [, 2007, 3, 28, 15]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2007, 3, 27, 11]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 6, 2, 14]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\Program Files\ChinaNet\SysPlug\d3230c69-d6ba-4239-8351-f1c356134663\VnetBusinessAutoLogin.dll] [, 2007, 4, 9, 1]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2007, 3, 28, 16]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2006, 9, 6, 15]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2006, 12, 13, 16]
[C:\PROGRA~1\ChinaNet\PAGEFR~1.OCX] [Workgroup, 2007, 2, 27, 14]
[C:\PROGRA~1\ChinaNet\ACCOUN~1.OCX] [Workgroup, 2006, 10, 31, 16]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 10, 30, 16]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\NOTIFY~1.OCX] [Workgroup, 2006, 9, 15, 16]
[c:\PROGRA~1\chinanet\IC90A2~1.OCX] [Workgroup, 2007, 8, 27, 10]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 9, 8, 17]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2007, 3, 23, 17]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, ]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 11, 20, 11]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2007, 3, 23, 17]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [ , 2006, 9, 18, 10]
[C:\PROGRA~1\ChinaNet\Favorite.ocx] [, 2006, 12, 26, 10]
[C:\PROGRA~1\ChinaNet\VNETSE~1.OCX] [, 2006, 10, 31, 16]
[C:\Program Files\ChinaNet\Base64.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[PID: 2524 / Administrator][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[PID: 3548 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 6, 23]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[C:\Program Files\Rising\RavOL\ScanStub.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[C:\Program Files\Rising\RavOL\OScanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.6]
[C:\Program Files\Rising\RavOL\REComp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
[C:\Program Files\Rising\RavOL\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\RavOL\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\Program Files\Rising\RavOL\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\RavOL\mvengine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\RavOL\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[C:\Program Files\Rising\RavOL\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[C:\Program Files\Rising\RavOL\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[C:\Program Files\Rising\RavOL\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\RavOL\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[C:\Program Files\Rising\RavOL\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 73]
[C:\Program Files\Rising\RavOL\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\RavOL\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[C:\Program Files\Rising\RavOL\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\Program Files\Rising\RavOL\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[C:\Program Files\Rising\RavOL\urutils.dll] [, 20, 0, 0, 6]

zerovx222 - 2008-5-30 22:41:00

[C:\Program Files\Rising\RavOL\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[C:\Program Files\Rising\RavOL\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\Program Files\Rising\RavOL\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\Program Files\Rising\RavOL\extole.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[C:\Program Files\Rising\RavOL\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\Program Files\Rising\RavOL\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\Program Files\Rising\RavOL\rsstore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[C:\Program Files\Rising\RavOL\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 1868 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 6, 23]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3768 / Administrator][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.4.408]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 38]
[C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 19, 2, 183]
[C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 19, 2, 183]
[C:\Program Files\Thunder Network\Thunder\Program\streammedialib.dll] [, 1, 2, 52, 86]
[C:\Program Files\Thunder Network\Thunder\Program\al.dll] [, 1, 0, 1, 1]
[C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
[C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 11, 29]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 34]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 1, 23]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed14.dll] [Thunder Networking Technologies,LTD, 3, 4, 5, 98]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 1, 2, 34]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLNet.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 9]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.8164]
[C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 14]
[C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 61]
[C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66]
[C:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Thunder Network\Thunder\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66]
[C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 19]
[C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20]
[C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
[C:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 56]
[C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 16]
[C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 10, 101]
[C:\Program Files\Thunder

zerovx222 - 2008-5-30 22:41:00

Network\Thunder\Components\VPSHELL\VPSHELL.dll] [XunLei, 2, 3, 0, 28]
[C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 2, 3, 0, 28]
[C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 26]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [深圳市迅雷网络技术有限公司, 1, 3, 1, 4]
[PID: 2716 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.906\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\WINDOWS\system32\sgrefg.dll] [N/A, ]
[C:\WINDOWS\system32\wzcfsw.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.906\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.906\Plugins\NTFSTREAM.SRE] [Smallfrogs Studio, 1, 0, 0, 5]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.177dvd.cn
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 gxgxy.net
127.0.0.1 c0mo.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 952, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3768, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3768, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2724, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2724, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛