瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 怀疑中毒,上传下载很慢,有日志。

1   1  /  1  页   跳转

[求助] 怀疑中毒,上传下载很慢,有日志。

收藏
xcdy
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-05-12
  • 来自:
发表于: 2009-06-13 15:19 | 只看楼主 短消息 资料
字号: 1楼

怀疑中毒,上传下载很慢,有日志。

网络环境:1M铁通ADSL,不是局域网。
系统:深度技术GHOSTXP专业版V9.0


      前些天访问一个论坛,弹出好几个垃圾网页,然后感觉网速变慢,特别是上传和下载变的非常慢,向网盘传个3M的文件要19分钟(不是网盘的问题,换个网盘也是这样),用迅雷下载东西时只有10几K甚至几K(迅雷居然显示我是内网,以前没注意过),怀疑中毒,在正常和安全模式下用瑞星、360、Windows清理助手杀毒若干次都没有发现病毒,用360和兔子多次修复IE,最后重新装了系统,但还是老样子,询问宽带客服,告诉我说网络正常,郁闷了!麻烦各位指教一下我该怎么办啊,谢谢了!!

[复制到剪贴板]
CODE:
2009-06-13,13:02:02

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon><ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><"D:\工具\杀毒工具\360safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><D:\工具\杀毒工具\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RFWTray><"D:\工具\杀毒工具\Rising\Rfw\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTray><"D:\工具\杀毒工具\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[nProtect GameGuard Service / npggsvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\GameMon.des -service><INCA Internet Co., Ltd.>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <D:\工具\杀毒工具\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"D:\工具\杀毒工具\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
  <D:\工具\杀毒工具\Rising\Rfw\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <D:\工具\杀毒工具\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
  <"D:\工具\杀毒工具\Rising\Rfw\RavTask.exe" RfwTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <D:\工具\杀毒工具\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <D:\工具\杀毒工具\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\D:\工具\杀毒工具\Rising\Rfw\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\D:\工具\杀毒工具\Rising\Rfw\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Running/System Start]
  <system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiS AGP Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\工具\杀毒工具\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[]
  {30355844-0000-0010-8000-00AA00389B71} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, (Signed) RealPlayer>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\工具\杀毒工具\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\工具\杀毒工具\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 712 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 768 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 792 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1012 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1056 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1192 / SYSTEM][D:\工具\杀毒工具\Rising\Rav\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\工具\杀毒工具\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [D:\工具\杀毒工具\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1224 / SYSTEM][D:\工具\杀毒工具\Rising\Rfw\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rfw\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\工具\杀毒工具\Rising\Rfw\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [c:\windows\system32\MSWSOCK.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1300 / SYSTEM][D:\工具\杀毒工具\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [D:\工具\杀毒工具\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\工具\杀毒工具\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 39]
    [D:\工具\杀毒工具\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1340 / SYSTEM][D:\工具\杀毒工具\Rising\Rfw\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [D:\工具\杀毒工具\Rising\Rfw\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\工具\杀毒工具\Rising\Rfw\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rfw\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 39]
    [D:\工具\杀毒工具\Rising\Rfw\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1380 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1480 / SYSTEM][D:\工具\杀毒工具\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rfw\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\杀毒工具\Rising\Rfw\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [D:\工具\杀毒工具\Rising\Rfw\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\工具\杀毒工具\Rising\Rfw\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\工具\杀毒工具\Rising\Rfw\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [D:\工具\杀毒工具\Rising\Rfw\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.87]
    [D:\工具\杀毒工具\Rising\Rfw\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\工具\杀毒工具\Rising\Rfw\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [D:\工具\杀毒工具\Rising\Rfw\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [D:\工具\杀毒工具\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [D:\工具\杀毒工具\Rising\Rfw\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\工具\杀毒工具\Rising\Rfw\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [D:\工具\杀毒工具\Rising\Rfw\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rfw\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rfw\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\工具\杀毒工具\Rising\Rfw\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [D:\工具\杀毒工具\Rising\Rfw\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [D:\工具\杀毒工具\Rising\Rfw\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [D:\工具\杀毒工具\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rfw\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\Rising\Rfw\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1524 / SYSTEM][D:\工具\杀毒工具\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\杀毒工具\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\工具\杀毒工具\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [D:\工具\杀毒工具\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\工具\杀毒工具\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [D:\工具\杀毒工具\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\工具\杀毒工具\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\工具\杀毒工具\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\工具\杀毒工具\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [D:\工具\杀毒工具\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\工具\杀毒工具\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\工具\杀毒工具\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\工具\杀毒工具\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [D:\工具\杀毒工具\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\工具\杀毒工具\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\工具\杀毒工具\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [D:\工具\杀毒工具\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\工具\杀毒工具\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [D:\工具\杀毒工具\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\工具\杀毒工具\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\工具\杀毒工具\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [D:\工具\杀毒工具\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
    [D:\工具\杀毒工具\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [D:\工具\杀毒工具\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\工具\杀毒工具\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\工具\杀毒工具\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\工具\杀毒工具\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [D:\工具\杀毒工具\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\工具\杀毒工具\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\工具\杀毒工具\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\工具\杀毒工具\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\工具\杀毒工具\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rav\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\工具\杀毒工具\Rising\Rav\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\工具\杀毒工具\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\工具\杀毒工具\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [D:\工具\杀毒工具\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1688 / SYSTEM][D:\工具\杀毒工具\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [D:\工具\杀毒工具\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [D:\工具\杀毒工具\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\工具\杀毒工具\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1908 / SYSTEM][D:\工具\杀毒工具\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\杀毒工具\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\工具\杀毒工具\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\工具\杀毒工具\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [D:\工具\杀毒工具\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\工具\杀毒工具\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [D:\工具\杀毒工具\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 316 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [D:\工具\PC套件\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 81, 46, 1]
    [D:\工具\PC套件\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 81, 68, 0]
    [C:\WINDOWS\system32\ConnAPI.DLL]  [Nokia., 6, 81, 62, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\PC套件\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 81, 29, 0]
    [D:\工具\PC套件\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 81, 11, 0]
    [D:\工具\杀毒工具\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1012]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 644 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1520 / Administrator][D:\工具\杀毒工具\Rising\Rfw\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\Rising\Rfw\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\杀毒工具\Rising\Rfw\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\工具\杀毒工具\Rising\Rfw\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rfw\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\工具\杀毒工具\Rising\Rfw\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rfw\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\工具\杀毒工具\Rising\Rfw\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\工具\杀毒工具\Rising\Rfw\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [D:\工具\杀毒工具\Rising\Rfw\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rfw\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [D:\工具\杀毒工具\Rising\Rfw\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\工具\杀毒工具\Rising\Rfw\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\工具\杀毒工具\Rising\Rfw\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\工具\杀毒工具\Rising\Rfw\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\工具\杀毒工具\Rising\Rfw\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 11]
    [D:\工具\杀毒工具\Rising\Rfw\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rfw\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1596 / Administrator][D:\工具\杀毒工具\Rising\Rav\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\Rising\Rav\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\工具\杀毒工具\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\工具\杀毒工具\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\工具\杀毒工具\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\工具\杀毒工具\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\工具\杀毒工具\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\工具\杀毒工具\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\工具\杀毒工具\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [D:\工具\杀毒工具\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\工具\杀毒工具\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\工具\杀毒工具\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\工具\杀毒工具\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [D:\工具\杀毒工具\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\工具\杀毒工具\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [D:\工具\杀毒工具\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.4]
    [D:\工具\杀毒工具\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\工具\杀毒工具\Rising\Rav\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [D:\工具\杀毒工具\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [D:\工具\杀毒工具\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 2020 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 464 / Administrator][D:\QQ相关\TT浏览器4.6简体中文版\bin\TTraveler.exe]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTUtilWidget.dll]  [Tencent, 4, 27, 0, 9]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1012]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\PlatformWidget.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTMainFrame.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTStore.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\sqlite3.dll]  [N/A, ]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTMBrowser.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTabMgr.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTSkin.dll]  [Tencent, 4, 27, 0, 9]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTPluginMng.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\Plugins\3TTWeather\TTWeather.dll]  [Tencent, 1.0.0.1]
    [D:\QQ相关\TT浏览器4.6简体中文版\Plugins\WebInfo\WebToolbar.dll]  [Tencent, 1.0.0.1]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTHtmlApp.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTFilter.dll]  [Tencent, 4, 27, 0, 9]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TTNetwork.dll]  [Tencent, 4, 27, 0, 9]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\TSupport.dll]  [TENCENT Inc., 1, 2, 11, 201]
    [D:\QQ相关\TT浏览器4.6简体中文版\bin\FavoriteLogical.dll]  [Tencent, 4, 27, 0, 9]
    [D:\工具\杀毒工具\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.74]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\vbscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.2.0.2654]
    [C:\Program Files\SogouInput\4.2.0.2654\Resource.dll]  [Sogou.com Inc., 4.2.0.2654]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 2452 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 2600 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREcec25149.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\工具\杀毒工具\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1012]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{655B423C-69D3-486D-9729-44C6B8D19ECF}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{655B423C-69D3-486D-9729-44C6B8D19ECF}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4515B67-E1D4-4504-B63B-795424CEEBB4}] SEQPACKET 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F4515B67-E1D4-4504-B63B-795424CEEBB4}] DATAGRAM 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8D44C2D-8354-480F-8838-5C148C451134}] SEQPACKET 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8D44C2D-8354-480F-8838-5C148C451134}] DATAGRAM 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    858656.com
127.0.0.1    my123.com
127.0.0.1    8749.com
127.0.0.1    4199.com
127.0.0.1    7379.com
127.0.0.1    7255.com
127.0.0.1    3448.com
127.0.0.1    7939.com
127.0.0.1    8009.com
127.0.0.1    piaoxue.com
127.0.0.1    kzdh.com
127.0.0.1    about.blank.la
127.0.0.1    6781.com
127.0.0.1    7322.com
127.0.0.1    9991.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2452, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\420~1.265\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
分享到:
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2009-06-13 15:24 | 短消息 资料
字号: 2楼

回复:怀疑中毒,上传下载很慢,有日志。

清理助手下载
安装后,升级清理助手,完整扫描
清理系统
gototop
 
xcdy
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-05-12
  • 来自:
发表于: 2009-06-13 16:06 | 只看楼主 短消息 资料
字号: 3楼

回复:怀疑中毒,上传下载很慢,有日志。

在正常和安全模式下用瑞星、360、Windows清理助手 杀毒若干次都没有发现病毒,用360和兔子多次修复IE,最后重新装了系统,但还是老样子.

都用清理助手扫描N次了,啥也发现不了啊·····
gototop
 
xcdy
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2009-05-12
  • 来自:
发表于: 2009-06-13 20:59 | 只看楼主 短消息 资料
字号: 4楼

回复:怀疑中毒,上传下载很慢,有日志。

继续求助,还望高手不吝赐教,谢了!
gototop
 
aaccbbdd
头像
卡卡巡查
  • 帖子:45933
  • 注册: 2007-11-17
  • 来自:蜀山仙剑派
论坛8周年活动礼物卡卡名人堂祖国六十华诞09欢乐圣诞吃货勋章2012我眼中的你们幸福玫瑰
发表于: 2009-06-13 21:10 | 短消息 资料
字号: 5楼

回复:怀疑中毒,上传下载很慢,有日志。


局域网?

真看不出
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT