瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】记事本无法保存,瑞星查不了的病毒(附日志)

1   1  /  1  页   跳转

【求助】记事本无法保存,瑞星查不了的病毒(附日志)

收藏
me73
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-25 13:53 | 只看楼主 短消息 资料
字号: 1楼

【求助】记事本无法保存,瑞星查不了的病毒(附日志)

[CODE]

2007-01-25,09:09:59

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <KavPFW><"C:\KAV2007\KPFW32.EXE">  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <TrackPointSrv><; tp4mon.exe>  [(Verified)IBM Corporation]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <TPHOTKEY><; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <BMMGAG><; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
    <BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A]
    <BMMMONWND><; rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor>  [N/A]
    <IBMPRC><; C:\IBMTOOLS\UTILS\ibmprc.exe>  [IBM Corp.]
    <DxDialog><C:\WINDOWS\system32\dxdlg32.exe>  [Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <WangWang><"C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [淘宝(中国)软件有限公司]
    <Skype><C:\Program Files\skype\Phone\Skype.exe>  [(Verified)N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\twunk32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
    <{3A908116-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\HA908116.log>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
    <stdup><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <1388546><; C:\WINDOWS\system32\1388546.exe>  [N/A]
    <8158838><; C:\WINDOWS\system32\8158838.exe>  [N/A]
    <ccApp><; C:\Program Files\Common Files\Symantec Shared\ccApp.exe>  [N/A]
    <ccRegVfy><; C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe>  [N/A]
    <rfjmmhm><; C:\WINDOWS\system32\rfjmmhm.exe>  [N/A]
    <Skype><; C:\Program Files\skype\skype\Phone\Skype.exe>  [(Verified)N/A]
    <Smapp><; C:\Program Files\Analog Devices\SoundMAX\SMTray.exe>  [Analog Devices, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit Desktop Search><; G:\SRSearch.exe>  [N/A]
    <Super Rabbit IEPro><; D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Symantec NetDriver Monitor><; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer>  [(Verified)Symantec Corporation]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <tpxhst32.exe><; C:\WINDOWS\system32\tpxhst32.exe>  [N/A]
    <WangWang><; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [淘宝(中国)软件有限公司]
    <wk><; C:\WINDOWS\system\282f4e8.exe>  [N/A]
最后编辑2007-01-25 13:46:19
分享到:
gototop
 
me73
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-25 13:54 | 只看楼主 短消息 资料
字号: 2楼

==================================
启动文件夹
[WanSo]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WanSo.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><N>
[WNSO]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WNSO.lnk --> C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe [软告工作室]><N>
[腾讯QQ]
  <C:\Documents and Settings\wuxia\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service][Stopped/Auto Start]
  <"C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"><>
[IBM PM Service / IBMPMSVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
  <"C:\KAV2007\KPfwSvc.EXE"><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
  <C:\KAV2007\KWatch.EXE><N/A>
[IBM PSA Access Driver Control / PsaSrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Server Advance / ServerAC][Stopped/Auto Start]
  <C:\WINDOWS\system32\Security.exe><N/A>
[service / service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\service.exe><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Svchost Service For Windows / svchost][Stopped/Auto Start]
  <C:\WINDOWS\svchost.exe><N/A>
[Updata_Server.. / Updata_Server..][Stopped/Auto Start]
  <C:\Program Files\Common Files\Update><N/A>
[VisionService / VisionService][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\vision\VISVER.DLL,Service><Microsoft Corporation>
[Update Service For Windows / winupdate][Stopped/Auto Start]
  <C:\WINDOWS\winupdate.exe><N/A>

==================================
驱动程序
[00005e77 / 00005e77][Running/Boot Start]
  <\SystemRoot\system32\drivers\00005e77.SYS><N/A>
[aeaudio / aeaudio][Stopped/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ANCSQ / ANCSQ][Running/Boot Start]
  <\SystemRoot\System32\drivers\ANCSQ.sys><IBM Corp.>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[BaseTDI / BaseTDI][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[IBM Access Support / EGATHDRV][Stopped/Auto Start]
  <\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fkwld / fkwld][Running/System Start]
  <system32\drivers\fkwld.sys><Microsoft Corporation>
[front / front][Running/System Start]
  <system32\drivers\front.sys><Microsoft Corporation>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HSFHWICH / HSFHWICH][Stopped/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Stopped/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ibmfilter / ibmfilter][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ibmfilter.sys><IBM>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[KNetWch / KNetWch][Stopped/System Start]
  <\??\C:\KAV2007\KNetWch.SYS><N/A>
[KRegEx / KRegEx][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\KRegEx.sys><N/A>
[KWatch3 / KWatch3][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[AEGIS Protocol (IEEE 802.1x) v2.3.1.7 / MDC8021X][Stopped/Auto Start]
  <system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Stopped/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[PProtect / PProtect][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\PProtect.sys><Jiangmin Co. Ltd.>
[IBM PSA Access Driver / psadd][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\psadd.sys><IBM Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ROCKEYNT / ROCKEYNT][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Rockeynt.sys><FeiTian Tech Co.,Ltd>
[roreg / roreg][Running/System Start]
  <system32\drivers\roreg.sys><Windows System Internal>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Smapint / Smapint][Stopped/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm][Stopped/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SVKP / SVKP][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[TDSMAPI / TDSMAPI][Stopped/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TPPWR / TPPWR][Stopped/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Running/Manual Start]
  <system32\DRIVERS\TwoTrack.sys><IBM Corporation>
[winachsf / winachsf][Stopped/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
gototop
 
me73
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-25 13:55 | 只看楼主 短消息 资料
字号: 3楼

==================================
浏览器加载项
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KvShell.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQCycloneHelper Class]
  {6671A430-5C3D-463D-A7CF-5587F9B7E191} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, N/A>
[Vision]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <C:\PROGRA~1\Tencent\QQ\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[>>彩信发送<<]
  <res://C:\PROGRA~1\vision\vision.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 544][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\pwdmon.dll]  [N/A, N/A]
[PID: 848][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1588][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\ORIGINAL\soft\winrar\rarext.dll]  [N/A, N/A]
    [D:\ORIGINAL\soft\adobe\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1824][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 1856][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1024][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
[PID: 796][D:\ORIGINAL\soft\winrar\WinRAR.exe]  [Alexander Roshal, 3.50]
[PID: 1308][C:\DOCUME~1\wuxia\LOCALS~1\Temp\Rar$EX01.156\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
gototop
 
me73
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-01-24
  • 来自:
发表于: 2007-01-25 13:55 | 只看楼主 短消息 资料
字号: 4楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT