中了Trojan.DL.Agent.nxd和Rootkit.Agent.yj 怎么杀？附日志 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛中了Trojan.DL.Agent.nxd和Rootkit.Agent.yj 怎么杀？附日志

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

中了Trojan.DL.Agent.nxd和Rootkit.Agent.yj 怎么杀？附日志

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:38 \| 显示全部短消息资料字号：小中大 1楼中了Trojan.DL.Agent.nxd和Rootkit.Agent.yj 怎么杀？附日志系统启动时显示：加载c:\windows\system32\twfox.dll时出错，拒绝访问日志如下：启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG] <updateMgr><"D:\a\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1> [N/A] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <LDM><C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe> [Logitech] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] <NWEReboot><> [N/A] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <Logitech Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <IESAddr><> [N/A] <UVS10 Preload><C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe> [Ulead Systems, Inc.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL> [(Verified)Microsoft Corporation] <GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><APIHookDll.dll> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><C:\WINDOWS\system32\XPSTYLE_ThemePackage\Logonui.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [Microsoft Corporation] ================================== 启动文件夹 [Logitech SetPoint] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N> [Logitech Desktop Messenger] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N> [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\a\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start] <"C:\Program Files\CyberLink\Shared files\RichVideo.exe"><> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Ulead Burning Helper / UleadBurningHelper][Running/Auto Start] <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> [WDelMgr20 / WDelMgr20][Stopped/Auto Start] <><N/A> [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation> ================================== 2007-05-18 20:42:46.700000000
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	分享到：

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:39 \| 显示全部短消息资料字号：小中大 2楼驱动程序 [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start] <system32\drivers\ALCXSENS.SYS><Sensaura> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [AMD Athlon64 Processor Driver / AmdK8][Running/System Start] <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [bootdrv / bootdrv][Stopped/Boot Start] <\SystemRoot\System32\Drivers\bootdrv.sys><N/A> [egajdafi / egajdafi][Stopped/Boot Start] <\SystemRoot\system32\drivers\egajdafi.sys><N/A> [eijcifgg / eijcifgg][Stopped/Boot Start] <\SystemRoot\system32\drivers\eijcifgg.sys><N/A> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [gcdehghf / gcdehghf][Stopped/Boot Start] <\SystemRoot\system32\drivers\gcdehghf.sys><N/A> [GMSIPCI / GMSIPCI][Stopped/Manual Start] <\??\L:\INSTALL\GMSIPCI.SYS><N/A> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [InCD File System / InCDFs][Stopped/Disabled] <system32\drivers\InCDFs.sys><N/A> [InCDPass / InCDPass][Stopped/System Start] <system32\drivers\InCDPass.sys><N/A> [InCD Reader / InCDRm][Stopped/System Start] <system32\drivers\InCDRm.sys><N/A> [Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start] <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.> [Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start] <system32\DRIVERS\LMouKE.Sys><Logitech, Inc.> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司> [Motorola USB Composite Device driver (WDM) / mo_abus][Stopped/Manual Start] <system32\DRIVERS\mo_abus.sys><MCCI> [Motorola 1xEV-DO Handset Filter / mo_amdfl][Stopped/Manual Start] <system32\DRIVERS\mo_amdfl.sys><MCCI> [Motorola 1xEV-DO Handset Drivers / mo_amdm][Stopped/Manual Start] <system32\DRIVERS\mo_amdm.sys><MCCI> [mProcRs / mProcRs][Running/Auto Start] <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [npkcusb / npkcusb][Stopped/Auto Start] <\??\D:\a\Tencent\npkcusb.sys><N/A> [NTACCESS / NTACCESS][Stopped/Manual Start] <\??\L:\NTACCESS.sys><N/A> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [nvatabus / nvatabus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation> [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation> [NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising> [RsFwDrv / RsFwDrv][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start] <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start] <\??\L:\NTGLM7X.sys><N/A> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start] <system32\DRIVERS\ss_bus.sys><MCCI> [SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start] <system32\DRIVERS\ss_mdfl.sys><MCCI> [SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start] <system32\DRIVERS\ss_mdm.sys><MCCI> [swex / swexl][Running/Boot Start] <\SystemRoot\System32\DRIVERS\swexl.sys><N/A> [Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start] <system32\DRIVERS\usbsermpt.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start] <system32\DRIVERS\WudfPf.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] <system32\DRIVERS\wudfrd.sys><Microsoft Corporation> ================================== 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [Cbho Object] {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <, N/A> [Groove GFS Browser Helper] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL, Microsoft Corporation> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [Send to OneNote from Internet Explorer button] {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll, Microsoft Corporation> [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, Microsoft Corporation> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\a\Tencent\QQ.EXE, TENCENT> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\a\FLASHGET\flashget.exe, Amaze Soft> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\a\FLASHGET\fgiebar.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation> [Cbho Object] {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <, N/A> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <, N/A> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\a\FLASHGET\fgiebar.dll, Amaze Soft> [JetCarNetscape Class] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [&使用迅雷下载] <d:\a\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <d:\a\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <D:\a\Tencent\AddToNetDisk.htm, N/A> [使用网际快车下载] <D:\a\FLASHGET\jc_link.htm, N/A> [使用网际快车下载全部链接] <D:\a\FLASHGET\jc_all.htm, N/A> [导出到 Microsoft Excel(&X)] <res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ自定义面板] <D:\a\Tencent\AddPanel.htm, N/A> [添加到QQ表情] <D:\a\Tencent\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\a\Tencent\SendMMS.htm, N/A> [用比特精灵下载(&B)] <C:\Program Files\BitSpirit\bsurl.htm, N/A> [百度-搜索MP3] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A> [百度-搜索图片] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A> [百度-搜索新闻] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A> [百度-搜索歌词] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A> [百度-搜索网页] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A> [百度-搜索贴吧] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A> [百度-词典搜索] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:44 \| 显示全部短消息资料字号：小中大 3楼 ================================== 正在运行的进程 [PID: 448][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 720][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 744][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 804][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1020][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1132][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [PID: 1204][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1300][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1668][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\msonpmon.dll] [Microsoft Corporation, 12.3.4518.1014] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll] [Microsoft Corporation, 12.3.4518.1014] [PID: 1756][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 284][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 360][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\PROGRA~1\MICROS~3\Office12\GR326C~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)] [C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Avpack\Haali\mmfinfo.dll] [N/A, ] [C:\Program Files\Avpack\Haali\mkunicode.dll] [N/A, ] [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 7] [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\a\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [PID: 484][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:50 \| 显示全部短消息资料字号：小中大 4楼 [PID: 648][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 8] [C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 11] [C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 7] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2408][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.08.0.0] [C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.08.0.0] [C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12] [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.0.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.18.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2696][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6] [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2772][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Microsoft Office\Office12\USP10.dll] [Microsoft Corporation, 1.0626.5756.0 (vista_rtm.061008-1400)] [C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2780][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2788][C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe] [Nero AG, 1, 0, 0, 1] [C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 0, 0, 1] [C:\Program Files\Common Files\Ahead\lib\NMDataServices.dll] [Nero AG, 1, 0, 0, 1] [PID: 2856][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:50 \| 显示全部短消息资料字号：小中大 5楼 [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00] [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [PID: 2868][C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] [Logitech, 2.1.2.0] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\backWeb.dll] [BackWeb Technologies Inc., Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwsec.dll] [BackWeb, Version 4.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll] [N/A, ] [C:\PROGRA~1\Logitech\DESKTO~1\8876480\720~1.137\program\EN\ClientRC.dll] [BackWeb Technologies Inc., Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll] [BackWeb Technologies Inc. , Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll] [, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll] [BackWeb Technologies Inc. , Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll] [, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll] [BackWeb Technologies Inc. , Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll] [, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll] [Logitech, 2.01.02] [PID: 2900][C:\Program Files\Logitech\SetPoint\SetPoint.exe] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\KemUtil.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\SetPoint\SetPointCOM.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\kemutb.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\KGame.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\KemWnd.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\KemXML.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\Logitech\KHAL\KhalApi.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Logitech\SetPoint\LCabHandler.dll] [Logitech Inc., 2.42.257] [PID: 3060][C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE] [Logitech Inc., 2.42.230] [C:\Program Files\Common Files\Logitech\KHAL\KHALAPI.DLL] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\Logitech\KHAL\KHALITCH.DLL] [Logitech Inc., 2.42.257] [C:\Program Files\Common Files\Logitech\KHAL\KHALMW.DLL] [Logitech Inc., 2.42.257] [C:\Program Files\Common Files\Logitech\KHAL\KHALHPP.DLL] [Logitech Inc., 2.42.257] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [PID: 3520][D:\a\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 1, 9008] [D:\a\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 50] [D:\a\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 119] [D:\a\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 2868] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\a\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 186] [D:\a\Maxthon2\maxzlib.dll] [, 1.2.3] [D:\a\Maxthon2\mxtool.dll] [, 1, 0, 0, 1] [D:\a\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 45] [C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 0, 0] [C:\WINDOWS\system32\dllMergeDict.dll] [Sogou.com Inc., 3, 0, 0, 0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll] [Microsoft Corporation, 5.20.1072.0] [PID: 372][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [PID: 3152][C:\Program Files\Rising\Rav\RsLogVw.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12] [C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GrooveUtil.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GrooveNew.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL] [Microsoft Corporation, 12.0.4518.1014] [PID: 2056][D:\软件\安全\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806] [C:\DOCUME~1\lihaitao\LOCALS~1\Temp\IadHide5.dll] [BackWeb, Version 7.2.0 (Build 137R)] [C:\Program Files\Logitech\SetPoint\GameHook.dll] [Logitech Inc., 2.42.257] [C:\Program Files\Logitech\SetPoint\lgscroll.dll] [Logitech Inc., 2.42.257] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-17 20:51 \| 显示全部短消息资料字号：小中大 6楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 60.191.64.72 www.hao123.com 60.191.64.72 www.gjj.cc 60.191.64.73 search.114.vnet.cn 60.191.64.73 www.baidu,com 60.191.64.73 www.4399.com 60.191.64.73 www.4399.net 60.191.64.73 www.4399.cn 60.191.64.73 www.4399.cc 60.191.64.73 www.4399.org 60.191.64.73 www.gameyes.com 60.191.64.73 www.xiaoyouxi.com 60.191.64.73 4399.com 60.191.64.73 4399.net 60.191.64.73 4399.cn 60.191.64.73 4399.cc 60.191.64.73 4399.org 60.191.64.73 gameyes.com 60.191.64.73 xiaoyouxi.com ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-18 01:32 \| 显示全部短消息资料字号：小中大 7楼不管用呀！用KillBox不能一次删除对应文件。急呀！
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-18 11:38 \| 显示全部短消息资料字号：小中大 8楼 swexl.sys和twfox.dll无法删除，怎么办？还是系统启动时显示：加载c:\windows\system32\twfox.dll时出错，拒绝访问再扫一次日志：启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG] <updateMgr><"D:\a\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1> [N/A] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <LDM><C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe> [Logitech] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] <NWEReboot><> [N/A] <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <Logitech Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <IESAddr><> [N/A] <UVS10 Preload><C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe> [Ulead Systems, Inc.] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL> [(Verified)Microsoft Corporation] <GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [Microsoft Corporation] ================================== 启动文件夹 [Logitech SetPoint] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N> [Logitech Desktop Messenger] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N> [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\a\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-18 11:39 \| 显示全部短消息资料字号：小中大 9楼 ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start] <"C:\Program Files\CyberLink\Shared files\RichVideo.exe"><> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Ulead Burning Helper / UleadBurningHelper][Running/Auto Start] <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation> ================================== 驱动程序 [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start] <system32\drivers\ALCXSENS.SYS><Sensaura> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [AMD Athlon64 Processor Driver / AmdK8][Running/System Start] <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [egajdafi / egajdafi][Stopped/Boot Start] <\SystemRoot\system32\drivers\egajdafi.sys><N/A> [eijcifgg / eijcifgg][Stopped/Boot Start] <\SystemRoot\system32\drivers\eijcifgg.sys><N/A> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [gcdehghf / gcdehghf][Stopped/Boot Start] <\SystemRoot\system32\drivers\gcdehghf.sys><N/A> [GMSIPCI / GMSIPCI][Stopped/Manual Start] <\??\L:\INSTALL\GMSIPCI.SYS><N/A> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [InCD File System / InCDFs][Stopped/Disabled] <system32\drivers\InCDFs.sys><N/A> [InCDPass / InCDPass][Stopped/System Start] <system32\drivers\InCDPass.sys><N/A> [InCD Reader / InCDRm][Stopped/System Start] <system32\drivers\InCDRm.sys><N/A> [Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start] <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.> [Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start] <system32\DRIVERS\LMouKE.Sys><Logitech, Inc.> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司> [Motorola USB Composite Device driver (WDM) / mo_abus][Stopped/Manual Start] <system32\DRIVERS\mo_abus.sys><MCCI> [Motorola 1xEV-DO Handset Filter / mo_amdfl][Stopped/Manual Start] <system32\DRIVERS\mo_amdfl.sys><MCCI> [Motorola 1xEV-DO Handset Drivers / mo_amdm][Stopped/Manual Start] <system32\DRIVERS\mo_amdm.sys><MCCI> [mProcRs / mProcRs][Running/Auto Start] <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [npkcusb / npkcusb][Stopped/Auto Start] <\??\D:\a\Tencent\npkcusb.sys><N/A> [nv / nv][Running/Manual Start] <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [nvatabus / nvatabus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation> [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation> [NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising> [RsFwDrv / RsFwDrv][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start] <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start] <system32\DRIVERS\ss_bus.sys><MCCI> [SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start] <system32\DRIVERS\ss_mdfl.sys><MCCI> [SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start] <system32\DRIVERS\ss_mdm.sys><MCCI> [swex / swexl][Running/Boot Start] <\SystemRoot\System32\DRIVERS\swexl.sys><N/A> [Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start] <system32\DRIVERS\usbsermpt.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start] <system32\DRIVERS\WudfPf.sys><Microsoft Corporation> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] <system32\DRIVERS\wudfrd.sys><Microsoft Corporation> ==================================
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:	发表于： 2007-05-18 11:39 \| 显示全部短消息资料字号：小中大 10楼浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [Cbho Object] {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <, N/A> [Groove GFS Browser Helper] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL, Microsoft Corporation> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [Send to OneNote from Internet Explorer button] {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll, Microsoft Corporation> [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, Microsoft Corporation> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\a\Tencent\QQ.EXE, TENCENT> [FlashGet] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\a\FLASHGET\flashget.exe, Amaze Soft> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\a\FLASHGET\fgiebar.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation> [Cbho Object] {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <, N/A> [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} <, N/A> [Windows Live Sign-in Helper] {9030D464-4C02-4ABF-8ECC-5164760863C6} <, N/A> [IeCatch2 Class] {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\a\FLASHGET\fgiebar.dll, Amaze Soft> [JetCarNetscape Class] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\a\FLASHGET\jccatch.dll, Amaze Soft> [&使用迅雷下载] <d:\a\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <d:\a\Thunder\getallurl.htm, N/A> [上传到QQ网络硬盘] <D:\a\Tencent\AddToNetDisk.htm, N/A> [使用网际快车下载] <D:\a\FLASHGET\jc_link.htm, N/A> [使用网际快车下载全部链接] <D:\a\FLASHGET\jc_all.htm, N/A> [导出到 Microsoft Excel(&X)] <res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000, N/A> [导出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A> [添加到QQ自定义面板] <D:\a\Tencent\AddPanel.htm, N/A> [添加到QQ表情] <D:\a\Tencent\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\a\Tencent\SendMMS.htm, N/A> [用比特精灵下载(&B)] <C:\Program Files\BitSpirit\bsurl.htm, N/A> [百度-搜索MP3] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A> [百度-搜索图片] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A> [百度-搜索新闻] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A> [百度-搜索歌词] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A> [百度-搜索网页] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A> [百度-搜索贴吧] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A> [百度-词典搜索] <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A> ==================================
HKG36 初生襁褓狮帖子:14 注册: 2007-05-16 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT