==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[cqit / cqit][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mhfp / mhfp][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[mnsf / mnsf][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[msfpfis64 / msfpfis64][Running/System Start]
<2 - 系统找不到指定的文件。
><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
<\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[msp2p32 / msp2p32][Running/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>
==================================
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <D:\lenovo\PPLive\PPLive.exe, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, TENCENT>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[GlobalLink Chat Control]
{AE93C5DF-A990-11D1-AEBD-5254ABDD2B69} <d:\PROGRA~1\GLOBAL~1\Game\Share\GLChat.ocx, GlobalLink>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<D:\qq\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\qq\SendMMS.htm, N/A>
[豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>
==================================
正在运行的进程
[PID: 464 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit01.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf01.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 800 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 1004 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 1440 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\msoscqit01.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf01.dll] [N/A, ]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 1604 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 1868 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\msoscqit01.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf01.dll] [N/A, ]
[C:\WINDOWS\system32\msoscqit00.dll] [N/A, ]
[C:\WINDOWS\system32\msosmnsf00.dll] [N/A, ]
[C:\WINDOWS\system32\msosping00.dll] [N/A, ]
[C:\WINDOWS\system32\msosptfs00.dll] [N/A, ]
[C:\WINDOWS\system32\msosfmsq00.dll] [N/A, ]
[C:\WINDOWS\system32\msosdrop00.dll] [N/A, ]
[C:\WINDOWS\system32\msosjtio00.dll] [N/A, ]
[PID: 16280 / Administrator][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 6, 0, 2900, 2180]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 8900 / Administrator][C:\WINDOWS\system32\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 11240 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng980\SREngLdr.EXE] [Smallfrogs Studio, 2.6.8.980]
[PID: 11568 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng980\SRE7c456bda.EXE] [Smallfrogs Studio, 2.6.8.980]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
=================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1
www.868wg.com127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1
www.tomwg.com127.0.0.1
www.cike007.cn127.0.0.1
www.22aaa.com127.0.0.1 xx.exiao01.com
127.0.0.1
www.exiao01.com127.0.0.1
www.exiao01.com127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1
www.333292.com127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 aaa.faba01.com
127.0.0.1 bad.tqdlt.cn
127.0.0.1 1.chsipo.com
127.0.0.1 c3.aishangai.net
127.0.0.1 c2.aishangai.net
127.0.0.1 xxx.188dm.com
127.0.0.1 x2.1a2b3c1.com
127.0.0.1 d1.163500.net
127.0.0.1 down.google-serv.cn
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 16280, C:\WINDOWS\SVCHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 11240, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG980\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
