123   1  /  3  页   跳转

[求助] 大家帮下忙看这是怎么回事啊?

收藏
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 18:24 | 只看楼主 短消息 资料
字号: 1楼

大家帮下忙看这是怎么回事啊?

[img]file:///d:/未命名.jpg[/img]


郁闷死了,大家帮忙看下这是怎么回事啊,左键双击打开移动硬盘时总是出现这样的情况,用右键打开也不行,也是出现这样的东西,用自动播放倒是行了。这是病毒吗?怎么解决呢?

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; TencentTraveler 4.0; .NET CLR 2.0.50727)

附件附件:

文件名:未命名.jpg
下载次数:472
文件类型:image/pjpeg
文件大小:
上传时间:2008-10-9 18:24:04
描述:jpg
分享到:
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2008-10-09 18:28 | 短消息 资料
字号: 2楼

回复:大家帮下忙看这是怎么回事啊?

楼主应该是感染过autorun的病毒了,可以下载卡卡助手修复一下系统,或者扫SRENG日志发这论坛来
下载SRENG2.6版工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
gototop
 
dfds1253
头像
初生襁褓狮
  • 帖子:62
  • 注册: 2007-08-19
  • 来自:
发表于: 2008-10-09 18:30 | 短消息 资料
字号: 3楼

回复:大家帮下忙看这是怎么回事啊?

运行——cmd
I:
dir看是否有autorun.inf一类文件
rd autorun.inf
gototop
 
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 19:12 | 只看楼主 短消息 资料
字号: 4楼

回复 2F 帅哥阿福 的帖子

谢了啊  呵呵  我用SRENG扫过了  不过看懂啊  下面是扫出来的东西     
2008-10-09,19:07:47

System Repair Engineer 2.6.18.1205
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(bgswitch)(C:\WINDOWS\system32\bgswitch.exe) []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Component Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(kmon.dll) [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(WebCheck)(%SystemRoot%\system32\webcheck.dll) [(Verified)Microsoft Windows Publisher]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
(浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer 6)(%SystemRoot%\system32\ie4uinit.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
(N/A)(C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install) [Microsoft Corporation]




--------------------------------------------------------------------------------



启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
(C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.)
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
(D:\Storm3_193\stormliv.exe /asservice)(北京暴风网际科技有限公司)
[Help and Support / helpsvc][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll)(N/A)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
(D:\Rising\Rfw\rfwProxy.exe)(Beijing Rising Information Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(D:\Rising\Rfw\rfwsrv.exe)(Beijing Rising Information Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("D:\Rising\Rav\CCenter.exe")(Beijing Rising Information Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
("D:\RISING\RAV\Ravmond.exe")(Beijing Rising Information Technology Co., Ltd.)
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
("C:\Program Files\Windows Live\installer\WLSetupSvc.exe")(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[2310_00 / 2310_00][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\2310_00.sys)(HighPoint Technologies, Inc.)
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3WAREDRV.SYS)(N/A)
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3waregsm.sys)(N/A)
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\3WDRV100.SYS)(N/A)
[A320RAID / A320RAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\a320raid.sys)(Adaptec, Inc.)
[AAC / AAC][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aac.sys)(Adaptec, Inc.)
[AACSAS / AACSAS][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aacsas.sys)(Adaptec, Inc.)
[AAR81XX / AAR81XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aar81xx.sys)(Adaptec, Inc.)
[AARSI3X / AARSI3X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aarsi3x.sys)(Adaptec, Inc.)
[ADP94XX / ADP94XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\adp94xx.sys)(Adaptec, Inc.)
[ADPU320 / ADPU320][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\adpu320.sys)(Adaptec, Inc.)
[aeaudio / aeaudio][Running/Manual Start]
(system32\drivers\aeaudio.sys)(Andrea Electronics Corporation)
[AEC6210 / AEC6210][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6210.sys)(ACARD Technology Corp.)
[AEC6260 / AEC6260][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6260.sys)(ACARD Technology Corp.)
[AEC6280 / AEC6280][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6280.sys)(ACARD Technology Corp.)
[AEC67160 / AEC67160][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec67160.sys)(ACARD Technology Corp.)
[AEC67162 / AEC67162][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec67162.sys)(ACARD Technology Corp.)
[AEC671X / AEC671X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\AEC671X.sys)(ACARD Technology Corp.)
[AEC6880 / AEC6880][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\AEC6880.sys)(ACARD Technology Corp.)
[AEC6897 / AEC6897][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec6897.sys)(ACARD Technology Corp.)
[AEC68X5 / AEC68X5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\aec68x5.sys)(ACARD Technology Corp.)
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\arcm_x86.sys)(ARECA Technology Corporation)
[asc / asc][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\asc.sys)(Advanced System Products, Inc.)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\bchtsw32.sys)(Broadcom Corporation)
[buslogic / buslogic][Stopped/Boot Start]
(\SystemRoot\System32\bird\buslogic.sys)(Microsoft Corporation)
[CDA1000 / CDA1000][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cda1000.sys)(Adaptec, Inc.)
[CMB8100 / CMB8100][Running/Auto Start]
(\??\C:\WINDOWS\system32\Drivers\CertClient.dat)(N/A)
[CMBProtector / CMBProtector][Running/Auto Start]
(\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat)(N/A)
[CmdIde / CmdIde][Running/Boot Start]
(\SystemRoot\System32\BIRD\cmdide.sys)(CMD Technology, Inc.)
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cpqarry2.sys)(Compaq Computer Corporation)
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\cpqcissm.sys)(Hewlett-Packard Company)
[CSB6IDE / CSB6IDE][Running/Boot Start]
(\SystemRoot\System32\BIRD\csb6ide.sys)(ServerWorks Corporation)
[dac2w2k / dac2w2k][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dac2w2k.sys)(Mylex Corporation)
[DMX3191 / DMX3191][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\DMX3191.sys)(Microsoft Corporation)
[DMX3194 / DMX3194][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dmx3194.sys)(Microsoft Corporation)
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\dptscsi.sys)(Distributed Processing Technology Corp.)
[FASTSX / FASTSX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fastsx.sys)(Promise Technology, Inc.)
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fasttrak.sys)(Promise Technology, Inc.)
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fasttx2k.sys)(Promise Technology, Inc.)
[fd16_700 / fd16_700][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fd16_700.sys)(Microsoft Corporation)
[fireport / fireport][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\fireport.sys)(Microsoft Corporation)
[flashpnt / flashpnt][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\flashpnt.sys)(Mylex,Corp.)
[FT8300 / FT8300][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ft8300.sys)(Promise Technology, Inc.)
[FTSATA2 / FTSATA2][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\ftsata2.sys)(N/A)
[GD31244 / GD31244][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\gd31244.sys)(Intel Corporation)
[HookCont / HookCont][Running/System Start]
(\SystemRoot\system32\drivers\HookCont.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookNtos / HookNtos][Running/System Start]
(\SystemRoot\system32\drivers\HookNtos.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookReg / HookReg][Running/System Start]
(\SystemRoot\system32\drivers\HookReg.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookSys / HookSys][Running/System Start]
(\SystemRoot\system32\drivers\HookSys.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookUrl / HookUrl][Running/Auto Start]
(\??\D:\Rising\Rfw\HookUrl.sys)(Beijing Rising Information Technology Co., Ltd.)
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpcisss2.sys)(Hewlett-Packard Company)
[HPT371 / HPT371][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\HPT371.sys)(HighPoint Technologies, Inc.)
gototop
 
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 19:12 | 只看楼主 短消息 资料
字号: 5楼

回复 2F 帅哥阿福 的帖子

[HPT374 / HPT374][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpt374.sys)(HighPoint Technologies, Inc.)
[HPT3XX / HPT3XX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\hpt3xx.sys)(HighPoint Technologies, Inc.)
[IASTOR / IASTOR][Running/Boot Start]
(\SystemRoot\System32\BIRD\iaStor.sys)(Intel Corporation)
[IFT2000 / IFT2000][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ift2000.sys)(Infortrend Technology, Inc.)
[INIA100 / INIA100][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\INIA100.sys)(Initio corp.)
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ipsraidn.sys)(IBM Corporation)
[ITERAID / ITERAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\iteraid.sys)(Integrated Technology Express, Inc.)
[JRAID / JRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\JRAID.SYS)(JMicron Technology Corp.)
[M5228 / M5228][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5228.sys)(ALi Corporation.)
[M5281 / M5281][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5281.sys)(ALi Corporation)
[M5287 / M5287][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5287.sys)(ULi Electronics Inc.)
[M5288 / M5288][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5288.sys)(ULi Electronics Inc.)
[M5289 / M5289][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\m5289.sys)(ULi Electronics Inc.)
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\MegaIDE.sys)(LSI Logic Corporation.)
[mraid35x / mraid35x][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\mraid35x.sys)(LSI Logic Corporation)
[NetApi000 / NetApi000][Stopped/Manual Start]
(\??\C:\NetApi000.sys)(N/A)
[NFRD960 / NFRD960][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\nfrd960.sys)(IBM Corporation)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\C:\Program Files\Tencent\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[nv / nv][Stopped/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[NVATABUS / NVATABUS][Running/Boot Start]
(\SystemRoot\System32\BIRD\NVATABUS.SYS)(NVIDIA Corporation)
[Service for NVIDIA(R) nForce(TM) MIDI UART / nvmpu401][Running/Manual Start]
(system32\drivers\nvmpu401.sys)(NVIDIA Corporation)
[NVRAID / NVRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\NVRAID.SYS)(NVIDIA Corporation)
[perc2 / perc2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\perc2.sys)(Adaptec, Inc.)
[PNP649R / PNP649R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp649r.sys)(CMD Technology, Inc.)
[PNP680 / PNP680][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp680.sys)(Silicon Image, Inc.)
[PNP680R / PNP680R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\pnp680r.sys)(Silicon Image, Inc)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[ql1080 / ql1080][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql1080.sys)(QLogic Corporation)
[ql12160 / ql12160][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql12160.sys)(QLogic Corporation)
[ql1280 / ql1280][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ql1280.sys)(QLogic Corporation)
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\raidsrc.sys)(Intel/ICP)
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
(System32\DRIVERS\rfwbase.SYS)(Beijing Rising Information Technology Co., Ltd.)
[RR232X / RR232X][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\rr232x.sys)(HighPoint Technologies, Inc.)
[RsFwDrv / RsFwDrv][Running/System Start]
(\??\D:\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Information Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Information Technology Co., Ltd.)
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
(system32\DRIVERS\Rtlnicxp.sys)(Realtek Semiconductor Corporation)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[S150SX8 / S150SX8][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\S150sx8.sys)(Promise Technology, Inc.)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
[SI3112 / SI3112][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3112.sys)(Silicon Image, Inc.)
[SI3112R / SI3112R][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3112r.sys)(Silicon Image, Inc)
[SI3114 / SI3114][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3114.sys)(Silicon Image, Inc.)
[SI3114R / SI3114R][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3114R.sys)(Silicon Image, Inc)
[SI3114R5 / SI3114R5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Si3114r5.sys)(Silicon Image, Inc)
[SI3124 / SI3124][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3124.sys)(Silicon Image, Inc.)
[SI3124R / SI3124R][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\SI3124R.sys)(Silicon Image, Inc)
[SI3124R5 / SI3124R5][Stopped/Boot Start]
(\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys)(Silicon Image, Inc)
[SI3132 / SI3132][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SI3132.sys)(Silicon Image, Inc.)
[SI3132R5 / SI3132R5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Si3132r5.sys)(Silicon Image, Inc)
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\sisagp.sys)(Silicon Integrated Systems Corporation)
[SISRAID / SISRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid.sys)(Silicon Integrated Systems)
[SISRAID2 / SISRAID2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid2.sys)(Silicon Integrated Systems Corp)
[SISRAID4 / SISRAID4][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\SiSRaid4.sys)(Silicon Integrated Systems)
[smwdm / smwdm][Running/Manual Start]
(system32\drivers\smwdm.sys)(Analog Devices, Inc.)
[SPTRAK / SPTRAK][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sptrak.sys)(Promise Technology, Inc.)
[ST8350 / ST8350][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\st8350.sys)(Promise Technology, Inc.)
[symc810 / symc810][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symc810.sys)(Symbios Logic Inc.)
[symc8xx / symc8xx][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symc8xx.sys)(LSI Logic)
[SYMMPI / SYMMPI][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\symmpi.sys)(LSI Logic)
[sym_hi / sym_hi][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sym_hi.sys)(LSI Logic)
[sym_u3 / sym_u3][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\sym_u3.sys)(LSI Logic)
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[TRM3X5 / TRM3X5][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\trm3x5.sys)(Tekram Technology Co., Ltd.)
[ULSATA / ULSATA][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ulsata.sys)(Promise Technology, Inc.)
[ULSATA2 / ULSATA2][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ulsata2.sys)(Promise Technology, Inc.)
[ULTIMA / ULTIMA][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\Ultima.sys)(Aralion INC.)
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\UltimaRX.sys)(Aralion INC.)
[ultra / ultra][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\ultra.sys)(Promise Technology, Inc.)
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\viamraid.sys)(VIA Technologies inc,.ltd)
[W2KADV / W2KADV][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\w2kadv.sys)(ConnectCom Solutions, Inc.)
[WD7296A / WD7296A][Stopped/Boot Start]
(\SystemRoot\System32\BIRD\wd7296a.sys)(Western Digital Corporation)



--------------------------------------------------------------------------------



浏览器加载项

[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} (D:\TENCENT\QQDownload\QQIEHelper02.dll, (Signed) 腾讯公司)
[FG2CatchUrl]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} (D:\FlashGet\ComDlls\bhoCATCH.dll, (Signed) FlashGet)
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} (C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT)
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} (, )
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD)
[Windows Live 登录帮助程序]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation)
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.)
[FlashGetBHO]
{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} (C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet)
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation)
[BlogThisToolbarButton Class]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} (C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, (Signed) Microsoft Corporation)
[JUJU猫]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (http://www.jujumao.com, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation)
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} (C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT)
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation)
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) )
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation)
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation)
[Submit Class]
{A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd)
[Chunnel Class]
{B433E821-A29D-4FEB-A575-CB44A80E6653} (C:\WINDOWS\system32\AIOWClient.dll, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.)
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} (D:\TENCENT\QQDownload\QQIEHelper02.dll, (Signed) 腾讯公司)
[FG2CatchUrl]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} (D:\FlashGet\ComDlls\bhoCATCH.dll, (Signed) FlashGet)
[]
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600} (, )
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} (C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT)
[]
{4F3ED5CD-0726-42A9-87F5-D13F3D2976AC} (, )
[]
{54EBD53A-9BC1-480B-966A-843A333CA162} (, )
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (, )
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} (, )
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD)
[Windows Live 登录帮助程序]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation)
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (, )
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.)
[FlashGetBHO]
{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} (C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll, (Signed) FlashGet)
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation)
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation)
[]
{C95FE080-8F5D-11D2-A20B-00AA003C157B} (, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.)
[FG2CatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} (D:\FlashGet\ComDlls\bhoCATCH.dll, (Signed) FlashGet)
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} (, )
[&Windows Live Search]
(res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A)
[&使用BitComet下载]
(res://D:\BitComet\BitComet.exe/AddLink.htm, N/A)
[&使用BitComet下载全部链接]
(res://D:\BitComet\BitComet.exe/AddAllLink.htm, N/A)
[&使用BitComet下载本页视频]
(res://D:\BitComet\BitComet.exe/AddVideo.htm, N/A)
[&使用超级旋风下载]
(D:\TENCENT\QQDownload\geturl.htm, N/A)
[&使用超级旋风下载全部链接]
(D:\TENCENT\QQDownload\getAllurl.htm, N/A)
[Add to Windows &Live Favorites]
(http://favorites.live.com/quickadd.aspx, N/A)
[使用快车(Flas&hGet)下载]
(D:\FlashGet\GetUrl.htm, N/A)
[使用快车(Flash&Get)下载全部链接]
(D:\FlashGet\GetAllUrl.htm, N/A)
[使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ表情]
(D:\TENCENT\QQ2008KB3\AddEmotion.htm, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 448 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 856 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 928 / SYSTEM][D:\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1048 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1116 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1148 / SYSTEM][D:\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[D:\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[D:\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[D:\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[D:\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[D:\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[D:\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[D:\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[D:\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
gototop
 
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 19:13 | 只看楼主 短消息 资料
字号: 6楼

回复 2F 帅哥阿福 的帖子

[D:\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[D:\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[D:\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[D:\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[D:\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[D:\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[D:\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[D:\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[D:\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[D:\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[D:\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[D:\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 94]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[D:\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[D:\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[D:\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[D:\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[D:\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[D:\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[D:\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[D:\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[D:\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 1168 / SYSTEM][D:\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.76]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[D:\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[D:\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16]
[D:\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.48]
[D:\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Rising\Rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1300 / SYSTEM][D:\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[D:\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Rising\Rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1384 / SYSTEM][D:\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[D:\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1612 / SYSTEM][D:\Rising\Rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1796 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1864 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163]
[PID: 1912 / Administrator][D:\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[D:\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[D:\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 1948 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 800 / SYSTEM][D:\Storm3_193\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 6, 20]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1076 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1816 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 2516 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2828 / Administrator][D:\Rising\卡卡\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[D:\Rising\卡卡\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\卡卡\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[D:\Rising\卡卡\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\卡卡\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Rising\卡卡\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
[D:\Rising\卡卡\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\Rising\卡卡\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
[D:\Rising\卡卡\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Rising\卡卡\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[D:\Rising\卡卡\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.39]
[D:\Rising\卡卡\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[D:\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\卡卡\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 2832 / Administrator][D:\TENCENT\TT4.0.1\bin\TTraveler.exe] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTUtilWidget.dll] [Tencent, 4, 4, 0, 71]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[D:\Rising\卡卡\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Rising\卡卡\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\TENCENT\TT4.0.1\bin\TTStore.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\sqlite3.dll] [N/A, ]
[D:\TENCENT\TT4.0.1\bin\PlatformWidget.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTMainFrame.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTMBrowser.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTabMgr.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTPluginMng.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\Plugins\3TTWeather\TTWeather.dll] [TODO: (公司名), 1.0.0.1]
[C:\Program Files\Tencent\QQToolbar\IEBar.dll] [TENCENT, 2, 2, 1, 11]
[C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll] [TENCENT, 2, 2, 1, 11]
[D:\TENCENT\TT4.0.1\bin\TTSkin.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\FavoriteLogical.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTHtmlApp.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTFilter.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TTNetwork.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\UpdateUtil.dll] [N/A, ]
[D:\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[D:\TENCENT\TT4.0.1\bin\TTSidebar.dll] [Tencent, 4, 4, 0, 71]
[D:\TENCENT\TT4.0.1\bin\TSupport.dll] [TENCENT Inc., 1, 2, 11, 201]
[PID: 2192 / Administrator][D:\Rising\卡卡\Ras.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.7]
[D:\Rising\卡卡\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\卡卡\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Rising\卡卡\KakaMgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.27]
[D:\Rising\卡卡\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\卡卡\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\卡卡\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Rising\卡卡\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Rising\卡卡\dbmgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.4]
[D:\Rising\卡卡\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[D:\Rising\卡卡\pweb.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.18]
[D:\Rising\卡卡\pscan.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.55]
[D:\Rising\卡卡\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[D:\Rising\卡卡\pset.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
[D:\Rising\卡卡\pdefend.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.13]
[D:\Rising\卡卡\ptools.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.15]
[D:\Rising\卡卡\psysinfo.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.56]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[D:\Rising\卡卡\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[D:\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 3464 / Administrator][D:\Rising\卡卡\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
[D:\Rising\卡卡\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[D:\Rising\卡卡\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Rising\卡卡\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3544 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng1205\SREngLdr.EXE] [Smallfrogs Studio, 2.6.18.1205]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3956 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng1205\SRE76e73e68.EXE] [Smallfrogs Studio, 2.6.18.1205]
[D:\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[D:\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Documents and Settings\Administrator\桌面\sreng1205\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

[I:\]
[AutoRun]
open=pagefile.pif
shell\open=打开(&O)
shell\open\Command=pagefile.pif
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=pagefile.pif



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许: SeDebugPrivilege [PID = 3544, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG1205\SRENGLDR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3544, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG1205\SRENGLDR.EXE]
gototop
 
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 19:14 | 只看楼主 短消息 资料
字号: 7楼

回复 2F 帅哥阿福 的帖子

--------------------------------------------------------------------------------



计划任务

[已启用] 查看 Windows Live Toolbar 更新.job
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE



--------------------------------------------------------------------------------



API HOOK

入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00E91FFD)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00E920E5)
隐藏进程
N/A
gototop
 
晕4
头像
叱咤花甲狮
  • 帖子:5398
  • 注册: 2008-08-10
  • 来自:
发表于: 2008-10-09 19:17 | 短消息 资料
字号: 8楼

回复:大家帮下忙看这是怎么回事啊?

日志不整齐..

请用附件上传

(点击我回的贴的右下角的“引用”,然后就应该知道怎么以附件发了)
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2008-10-09 19:19 | 短消息 资料
字号: 9楼

回复:大家帮下忙看这是怎么回事啊?

重新作为附件上传,不过,先看到了每个根目录下有pagefile.pif和autorun.inf文件。都删除了。
确保打开磁盘分区使用开始-运行-输入盘符-点击确定的方式打开,这样最安全了。
gototop
 
figofigo
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2008-10-09
  • 来自:
发表于: 2008-10-09 19:37 | 只看楼主 短消息 资料
字号: 10楼

回复: 大家帮下忙看这是怎么回事啊?

附件: SREngLOG.log (2008-10-9 19:37:14, 52.25 K)
该附件被下载次数 94



引用:
原帖由 晕4 于 2008-10-9 19:17:00 发表
日志不整齐..

请用附件上传

(点击我回的贴的右下角的“引用”,然后就应该知道怎么以附件发了)
看行不行  呵呵
gototop
 
<<上一主题|下一主题>>
123   1  /  3  页   跳转
页面顶部
Powered by Discuz!NT