瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】打魔兽时的突然跳出桌面!!!!!

12   1  /  2  页   跳转

【求助】打魔兽时的突然跳出桌面!!!!!

收藏
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 19:08 | 显示全部 短消息 资料
字号: 1楼

【求助】打魔兽时的突然跳出桌面!!!!!

我在玩魔兽时会莫名奇妙跳到桌面,但点魔兽还能玩,我也没按任何键,就跳出去,每天都会出现此问题,为什么啊 ???怎么解决!!谢谢
最后编辑2007-07-07 21:00:12
分享到:
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:33 | 显示全部 短消息 资料
字号: 2楼

瑞星卡卡电脑诊断日志 v1.20 (2007-7-6 20:18:33)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + Win32 Services
    + HKLM\System\CurrentControlSet\Services
      52B851FE
        [A ] 1. c:\windows\system32\34978a02.exe
          Microsoft Corporation
          鸈0,鸈1,鸈2,
      Lenovo Upgrade Service.bis.release
        [AM] 2. c:\program files\lenovo\liveupdate\liveupdate.exe
          新思软件技术有限公司
          liveupdate
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 08 B5 41 00 68 DA 8A 41 00 64
      LitModeCtrl
        [A ] 3. c:\program files\lenovo\modeswitch\litmodectrl.exe
          TODO: <公司名>
          TODO: <文件说明>
          .text,.rdata,.data,.rsrc,
          6A 74 68 C8 F2 40 00 E8 FA 01 00 00 33 DB 89 5D
      NVSvc
        [AM] 4. c:\windows\system32\nvsvc32.exe
          NVIDIA Corporation
          NVIDIA Driver Helper Service, Version 93.80
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 90 D5 41 00 68 B8 F4 40 00 64
      RfwProxySrv
        [A ] 5. c:\program files\rising\rfw\rfwproxy.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal Proxy Service
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 60 94 40 00 68 40 85 40 00 64
      RfwService
        [AM] 6. c:\program files\rising\rfw\rfwsrv.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal FireWall Service
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 70 AC 41 00 68 A0 8E 41 00 64
      RsCCenter
        [AM] 7. c:\program files\rising\rav\ccenter.exe
          Beijing Rising Technology Co., Ltd.
          CCenter
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
      RsRavMon
        [A ] 8. c:\program files\rising\rav\ravmond.exe
          Beijing Rising Technology Co., Ltd.
          RavMond
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
  + Kernel Drivers
    + HKLM\System\CurrentControlSet\Services
      ADIHdAudAddService
        [A ] 9. c:\windows\system32\drivers\adihdaud.sys
          Analog Devices, Inc.
          High Definition Audio Function Driver(Release Candidate 1)
          .text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
          8B FF 55 8B EC A1 4C EA 01 00 85 C0 B9 40 BB 00
      AEAudioService
        [A ] 10. c:\windows\system32\drivers\aeaudio.sys
          Andrea Electronics Corporation
          Audio Noise Filtering Driver (32-bit)
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
          8B FF 55 8B EC A1 84 2E 02 00 85 C0 B9 40 BB 00
      AmdK8
        [A ] 11. c:\windows\system32\drivers\amdk8.sys
          Advanced Micro Devices
          AMD Processor Driver
          .text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
          8B FF 55 8B EC A1 B4 50 01 00 85 C0 B9 40 BB 00
      BaseTDI
        [A ] 12. c:\windows\system32\drivers\basetdi.sys
          Beijing Rising Technology Co., Ltd.
          basetdi
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
      bcm4sbxp
        [A ] 13. c:\windows\system32\drivers\bcm4sbxp.sys
          Broadcom Corporation
          Broadcom Corporation NDIS 5.1 ethernet driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
      ExpScaner
        [A ] 14. c:\program files\rising\rav\expscan.sys
          ExpScan.sys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
      FixDrv
        [A ] 15. c:\windows\system32\drivers\fixdrv.sys
          .text,.rdata,.data,PAGE,INIT,.reloc,
          8B FF 55 8B EC A1 88 19 01 00 85 C0 B9 40 BB 00
      HdAudAddService
        [A ] 16. c:\windows\system32\drivers\hdaudio.sys
          Windows (R) Server 2003 DDK provider
          High Definition Audio Function Driver v1.0a
          .text,CODE,.rdata,.data,PAGE,PAGED,INIT,.rsrc,.reloc,
          A1 8C B2 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
      HDAudBus
        [A ] 17. c:\windows\system32\drivers\hdaudbus.sys
          Windows (R) Server 2003 DDK provider
          High Definition Audio Bus Driver v1.0a
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
          A1 C0 D0 02 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
      HookCont
        [A ] 18. c:\program files\rising\rav\hookcont.sys
          Rising
          HookCont
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
      HookReg
        [A ] 19. c:\program files\rising\rav\hookreg.sys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
      HookSys
        [A ] 20. c:\program files\rising\rav\hooksys.sys
          Rising
          Hooksys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
      HookUrl
        [A ] 21. c:\program files\rising\rfw\hookurl.sys
          Beijing Rising Technology Co., Ltd.
          HookUrl
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
      HpaFilt
        [A ] 22. c:\windows\system32\drivers\hpafilt.sys
          Litsoft Co. LTD.
          HPA Driver
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
          8B FF 55 8B EC A1 04 29 01 00 85 C0 B9 40 BB 00
      HpaLower
        [A ] 23. c:\windows\system32\drivers\hpalower.sys
          .text,.rdata,.data,PAGE,INIT,.reloc,
          8B FF 55 8B EC A1 04 06 01 00 85 C0 B9 40 BB 00
      Iviaspi
        [A ] 24. c:\windows\system32\drivers\iviaspi.sys
          InterVideo, Inc.
          InterVideo ASPI Shell
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 56 68 00 1E 01 00 8D 45 F4 50
      MEMSCAN
        [A ] 25. c:\program files\rising\rav\memscan.sys
          瑞星软件有限公司
          MemScan Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
      mProcRs
        [A ] 26. c:\program files\rising\rfw\mprocrs.sys
          Beijing Rising Technology Co., Ltd.
          Rising Personal FireWall  mprocrs.sys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
      NPF
        [A ] 27. c:\windows\system32\drivers\npf.sys
          CACE Technologies
          npf
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 81 EC 80 00 00 00 53 56 57 8B 7D 0C 33
      pciidey
        [A ] 28. c:\windows\system32\drivers\pciidey.sys
          Windows (R) 2000 DDK provider
          Channel Resource Driver
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
          56 8B 74 24 0C 66 8B 06 66 05 02 00 57 66 A3 0A
      RsAntiSpyware
        [A ] 29. c:\windows\system32\drivers\rsboot.sys
          Beijing Rising Technology Co., Ltd.
          Anti-RootKit Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
      RsFwDrv
        [A ] 30. c:\program files\rising\rfw\rsfwdrv.sys
          Beijing Rising Technology Co., Ltd.
          nt_fwdrv
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
      RsNTGDI
        [A ] 31. c:\windows\system32\drivers\rsntgdi.sys
          Beijing Rising Technology Co., Ltd.
          RsNTGDI
          .text,.rdata,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
      RSPPSYS
        [A ] 32. c:\program files\rising\rav\rsppsys.sys
          Rising
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:35 | 显示全部 短消息 资料
字号: 3楼

RSPPSYS.SYS
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
      Secdrv
        [A ] 33. c:\windows\system32\drivers\secdrv.sys
          .text,.data,INIT,.reloc,
          55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
      SenFiltService
        [A ] 34. c:\windows\system32\drivers\senfilt.sys
          Sensaura
          Sensaura WDM 3D Audio Driver
          .text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
          E8 5B B9 FB FF E9 76 FF FF FF CC CC CC CC CC CC
      SNP325
        [A ] 35. c:\windows\system32\drivers\snp325.sys
          Sonix Co. Ltd.
          USB PC Camera driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          8B FF 55 8B EC A1 AC 0A 25 00 85 C0 B9 40 BB 00
  + Internet Explorer
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {4E83D567-4697-4F7B-B1F0-A513B01DB89A}
        [AM] 36. c:\program files\chinanet\vnettransfer.dll
          VnetTransfer Module
          .text,.rdata,.data,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 37. d:\我的软件\浩方\浩方对战平台\gameclient.exe
          上海浩方在线信息技术有限公司
          浩方对战平台
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 08 82 51 00 68 7E CB 4D 00 64
      Exec
        [A ] 38. c:\program files\messenger\msmsgs.exe
          Microsoft Corporation
          Windows Messenger
          .text,.data,.rsrc,
          6A 70 68 28 98 00 01 E8 BF 01 00 00 33 DB 53 8B
  + Explorer
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      KuGoo3
        [A ] 39. d:\我的软件\kugoo\kugoo2007\inextend\kugoo3downxcontrol.ocx
          CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
          55 8B EC 83 C4 C4 B8 FC 90 46 00 E8 64 D6 F9 FF
    + HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
      {81716107-A10D-11cf-64CD-11115FE1CF41}
        [A ] 40. c:\windows\system32\nwizzhuxians.exe
          VL橸谚?_Y??G,QV?褤瑒,
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 41. c:\windows\system32\hticons.dll
          Hilgraeve, Inc.
          HyperTerminal Applet Library
          .text,.data,.rsrc,.reloc,
      NvCpl DesktopContext Class
        [AM] 42. c:\windows\system32\nvcpl.dll
          NVIDIA Corporation
          NVIDIA Display Properties Extension
          .text,.rdata,.data,CONST,.rsrc,.reloc,
          6A 0C 68 00 E5 23 10 E8 88 0E 00 00 33 C0 40 89
      Play on my TV helper
        [AM] 42. c:\windows\system32\nvcpl.dll
          NVIDIA Corporation
          NVIDIA Display Properties Extension
          .text,.rdata,.data,CONST,.rsrc,.reloc,
          6A 0C 68 00 E5 23 10 E8 88 0E 00 00 33 C0 40 89
      Desktop Explorer
        [AM] 43. c:\windows\system32\nvshell.dll
          .text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
          6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
      Desktop Explorer Menu
        [AM] 43. c:\windows\system32\nvshell.dll
          .text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
          6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
      nView Desktop Context Menu
        [AM] 43. c:\windows\system32\nvshell.dll
          .text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
          6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
      WinRAR shell extension
        [AM] 44. c:\program files\winrar\rarext.dll
          .text,.data,.tls,.idata,.edata,.rsrc,.reloc,
      RISING
        [AM] 45. c:\windows\system32\ravext.dll
          Beijing Rising Technology Co., Ltd.
          Rising Shell Ext Module
          .text,.rdata,.data,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 45. c:\windows\system32\ravext.dll
          Beijing Rising Technology Co., Ltd.
          Rising Shell Ext Module
          .text,.rdata,.data,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 46. c:\windows\system32\shlhook.dll
          Beijing Rising Technology Co., Ltd.
          shlhook Module
          .text,.rdata,.data,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
  + Logon
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      Rav
        [A ] 47. c:\program files\rising\rav\update\setup.exe
          Beijing Rising Technology Co., Ltd.
          Rising Setup Application
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 20 58 43 00 68 18 AA 42 00 64
      KKDelay
        [A ] 48. c:\program files\rising\antispyware\runonce.exe
          Beijing Rising Technology Co., Ltd.
          RunOnce Application
          .text,.rdata,.data,.rsrc,
          6A 60 68 18 51 40 00 E8 7F 0D 00 00 BF 94 00 00
  + Boot Execute
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 49. c:\windows\system32\bsmain.exe
          Beijing Rising Technology Co., Ltd.
          BootScan
          .text,.data,.rsrc,.reloc,
          55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
        [A ] 50. c:\windows\system32\kknative.exe
          Beijing Rising Technology Co., Ltd.
          NativeAp
          .text,.data,.rsrc,.reloc,
          68 00 00 00 01 E8 91 F1 FF FF 6A 00 E8 A0 FF FF
+ 其他自启动项目
  + c:\autorun.inf
    open
      [A ] 51. c:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shellexecute
      [A ] 51. c:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shell\Auto\command
      [A ] 51. c:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
  + d:\autorun.inf
    open
      [A ] 52. d:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shellexecute
      [A ] 52. d:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shell\Auto\command
      [A ] 52. d:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
  + e:\autorun.inf
    open
      [A ] 53. e:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shellexecute
      [A ] 53. e:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shell\Auto\command
      [A ] 53. e:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
  + f:\autorun.inf
    open
      [A ] 54. f:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shellexecute
      [A ] 54. f:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
    shell\Auto\command
      [A ] 54. f:\auto.exe
        Microsoft Corporation
        鸈0,鸈1,鸈2,
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:37 | 显示全部 短消息 资料
字号: 4楼

谢谢帮我看一下
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:52 | 显示全部 短消息 资料
字号: 5楼

[CODE]

2007-07-06,20:30:07

System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描



启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <Rav><"C:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /ONCE>  [Beijing Rising Technology Co., Ltd.]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
    <N/A><C:\WINDOWS\system32\nwizzhuxians.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]


==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Error Reporting Service / ERSvc][Running/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[lenovo live update / Lenovo Upgrade Service.bis.release][Running/Auto Start]
  <C:\Program Files\Lenovo\LiveUpdate\liveupdate.exe><新思软件技术有限公司>
[LitModeCtrl / LitModeCtrl][Stopped/Manual Start]
  <"C:\Program Files\Lenovo\ModeSwitch\LitModeCtrl.exe"><TODO: <公司名>>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[52B851FE / 52B851FE][Stopped/Auto Start]
  <C:\WINDOWS\system32\34978A02.EXE -k><Microsoft Corporation>
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:53 | 显示全部 短消息 资料
字号: 6楼

驱动程序
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[AEAudio Service / AEAudioService][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cd20xrnt / cd20xrnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
  <system32\drivers\iviaspi.sys><InterVideo, Inc.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[USB PC Camera (SNPSTD325) / SNP325][Running/Manual Start]
  <system32\DRIVERS\snp325.sys><Sonix Co. Ltd.>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>


==================================
浏览器加载项
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\我的软件\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:57 | 显示全部 短消息 资料
字号: 7楼

正在运行的进程
[PID: 560 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1076 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1140 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1492 / Luo hao][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\PROGRA~1\Lenovo\Common\Bin\BBVODH~1.OCX]  [, 4.1.2.6]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\k11836943754.DAT]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizqjsj.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\dh2104.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9380]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9380]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\k11836979914.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837016084.DAT]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\k11837052244.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837088404.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837124574.DAT]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwiztlbb.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11837160764.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837196924.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837233074.DAT]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[PID: 1556 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1744 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 2008 / Luo hao][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11836943754.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837016084.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11836979914.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837233074.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837196924.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837160764.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837124574.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837088404.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837052244.DAT]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[PID: 188 / SYSTEM][C:\Program Files\Lenovo\LiveUpdate\liveupdate.exe]  [新思软件技术有限公司, 3, 2, 4, 18]
    [C:\Program Files\Lenovo\LiveUpdate\HttpLink.dll]  [新思软件技术有限公司, 3, 2, 4, 7]
    [C:\Program Files\Lenovo\LiveUpdate\WINHTTP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Lenovo\LiveUpdate\GdiImage.dll]  [N/A, ]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 220 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9380]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 376 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1804 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 1384 / Luo hao][C:\WINDOWS\CameraFixer.exe]  [, 1, 0, 0, 7]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 480 / Luo hao][C:\WINDOWS\vsnp325.exe]  [, 1, 0, 5, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 2000 / Luo hao][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 2660 / Luo hao][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
[PID: 2716 / Luo hao][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 3, 17, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 3, 8, 18]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 2, 8, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 2, 20, 1]
    [C:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2006, 5, 29, 14]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 5, 26, 9]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2005, 11, 14, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 3, 24, 9]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 5, 24, 16]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 5, 29, 11]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 5, 24, 14]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2006, 3, 14, 10]
    [C:\PROGRA~1\ChinaNet\MAGICD~1.OCX]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2005, 11, 14, 1]
    [C:\WINDOWS\system32\B2DFC677.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11836943754.DAT]  [N/A, ]
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 20:59 | 显示全部 短消息 资料
字号: 8楼

[PID: 372 / Luo hao][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 3088 / Luo hao][C:\WINDOWS\system32\nslookupi.exe]  [N/A, ]
    [C:\WINDOWS\system32\WPCAP.DLL]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
[PID: 4764 / Luo hao][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\k11837196924.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837160764.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837124574.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837088404.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837052244.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837016084.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11836979914.DAT]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11836943754.DAT]  [N/A, ]
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [c:\PROGRA~1\chinanet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\k11837233074.DAT]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
[PID: 3516 / Luo hao][D:\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\k11837233074.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837196924.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837160764.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837124574.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837088404.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837052244.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11837016084.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11836979914.DAT]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11836943754.DAT]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]


==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe


==================================
HOSTS 文件
127.0.0.1      localhost


==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2008, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1384, C:\WINDOWS\CAMERAFIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1384, C:\WINDOWS\CAMERAFIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 480, C:\WINDOWS\VSNP325.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2716, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3088, C:\WINDOWS\SYSTEM32\NSLOOKUPI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3088, C:\WINDOWS\SYSTEM32\NSLOOKUPI.EXE]


==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)


==================================
隐藏进程
N/A

[/CODE]
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 21:00 | 显示全部 短消息 资料
字号: 9楼

好了  好多啊  谢谢帮帮我看一下
gototop
 
神乐乐
头像
初生襁褓狮
  • 帖子:20
  • 注册: 2007-07-06
  • 来自:
发表于: 2007-07-06 21:31 | 显示全部 短消息 资料
字号: 10楼

刚刚这个问题又出现了  好讨厌  有可能回卡机的  救我吧  谢谢
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT