1   1  /  1  页   跳转

【讨论】瑞星监控自动关闭

收藏
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:23 | 显示全部 短消息 资料
字号: 1楼

【讨论】瑞星监控自动关闭

开机 瑞星监控自动关闭,系统提示:services.exe 驱动器中没有软盘。请在驱动器\Device\Harddisk4\DR8中插入软盘

附上扫描日志:请帮忙看一下
2007-07-21,17:55:26

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <NTService><C:\Program Files\Common Files\System\MSOSV.EXE>  []
    <dbrj><C:\WINDOWS\System32\drivers\iExplorer.exe>  []
    <rundll32><C:\Program Files\Common Files\System\MSOSV.EXE>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <Microsoft Autorun9><C:\WINDOWS\System32\Ravasktao.exe>  []
    <Microsoft Autorun7><C:\WINDOWS\System32\nwiztlbu.exe>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Microsoft Autorun11><C:\WINDOWS\System32\nwizwlwzs.exe>  []
    <Microsoft Autorun5><C:\WINDOWS\System32\mosou.exe>  []
    <RAV00AE><C:\WINDOWS\System32\RAV00AE.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <QQREST><C:\WINDOWS\system\SMSS.exe>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <TIMHost><C:\WINDOWS\TIMHost.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <Microsoft Autorun1><C:\WINDOWS\System32\nwizdh.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <RAV008C><C:\WINDOWS\System32\RAV008C.exe>  []
    <Microsoft Autorun4><C:\WINDOWS\System32\dllhost32.exe>  []
    <RAV009B><C:\WINDOWS\System32\RAV009B.exe>  []
    <Microsoft Autorun10><C:\WINDOWS\System32\nwizwmgjs.exe>  []
    <RAV00A0><C:\WINDOWS\System32\RAV00A0.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <Microsoft Autorun6><C:\WINDOWS\System32\mydata.exe>  []
    <RAV00A3><C:\WINDOWS\System32\RAV00A3.exe>  []
    <RAV0091><C:\WINDOWS\System32\RAV0091.exe>  []
    <RAV00B2><C:\WINDOWS\System32\RAV00B2.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><dhapri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><C:\WINDOWS\system32\bdscheca100.dll>  [N/A]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\rising\rav\nhmlmuvw.dll>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  [N/A]
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  [N/A]
    <{88A46432-969E-4F5E-913D-3AAF4B6A3051}><C:\WINDOWS\System32\SvTime.dll>  [N/A]
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  [N/A]
    <{12311A42-AC1B-158F-FD32-5674345F23A1}><C:\WINDOWS\System32\dhapri.dll>  []
    <{4A65498A-7653-9801-1647-987114AB7F44}><C:\WINDOWS\System32\zxdpri.dll>  []
    <{3495D328-661A-4FB0-BA67-8ACDD1704D1E}><C:\WINDOWS\System32\11848157432.dll>  []
    <{44123FF1-8371-9834-9021-184518451FA4}><C:\WINDOWS\System32\qjdpri.dll>  []
    <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll>  []
    <{F382C1EB-375C-573D-1F5E-23455234524F}><C:\WINDOWS\System32\wlcpri.dll>  []
    <{325AB2F3-234A-7469-2F43-E341713ABFA3}><C:\WINDOWS\System32\wgcpri.dll>  []
    <{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\System32\jhapri.dll>  []
    <{425AB2F3-234A-7469-2F43-E341713ABFA4}><C:\WINDOWS\System32\wgdpri.dll>  []
    <{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\qjepri.dll>  []
    <{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\System32\zxepri.dll>  []
    <{E42BC423-3713-224D-3F55-32B35C62B1EE}><C:\WINDOWS\System32\tljpri.dll>  []
    <{259AFD5B-159F-ACD8-954C-ACD545FA6582}><C:\WINDOWS\System32\jzbpri.dll>  []
    <{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{613AF41A-21B1-131B-1BFC-D2A90DF4A2B6}><C:\WINDOWS\System32\xyepri.dll>  []
    <{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
    <N/A><C:\WINDOWS\System32\nwizzhuxians.exe>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\Herosoft\HeroV8\豪杰多~1.SCR>  [N/A]

==================================
启动文件夹
N/A
最后编辑2007-07-21 19:43:45
分享到:
gototop
 
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:24 | 显示全部 短消息 资料
字号: 2楼

==================================
服务
[682B33F6 / 682B33F6][Stopped/Auto Start]
  <C:\WINDOWS\System32\608F67E6.EXE -682B33F6><Microsoft Corporation>
[91D8634A / 91D8634A][Stopped/Auto Start]
  <C:\WINDOWS\System32\C3E772B4.EXE -k><Microsoft Corporation>
[96D508BB / 96D508BB][Stopped/Auto Start]
  <C:\WINDOWS\System32\42E67FB7.EXE -d><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows svcs RunThem / svcs][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\winp\snet.dll>< >
[Networ VSA / Visual VSA WEB][Stopped/Auto Start]
  <C:\WINDOWS\System32\wniapsvr.exe -Run><Microsoft Corporation>
[Telephonyl / windll][Stopped/Auto Start]
  <C:\WINDOWS\System32\winddll.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Windows zpuw RunThem / zpuw][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\ukpr\euzb.dll>< >
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\mxdispdr.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Lenovo L350 USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
  {A692062A-11A1-461B-BEA0-B520F01F9DAE} <C:\WINDOWS\system32\3721.ini, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <d:\Thunder\Thunder.exe, N/A>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.legend.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[百度Flash搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>
gototop
 
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:26 | 显示全部 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\80351032.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\msplrct.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 880 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 1332 / lenovo][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\zxdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tljpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzbpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
    [C:\WINDOWS\System32\SHQMANGR.DLL]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\WINDOWS\System32\Ravasktao.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwiztlbb.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\mh104.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwizwmgjs.dll]  [N/A, ]
    [C:\WINDOWS\System32\80351032.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\dh2104.dll]  [N/A, ]
    [C:\WINDOWS\System32\k11850109684.DAT]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\ljjtzd.dll]  [N/A, ]
    [C:\WINDOWS\System32\k11850109717.DAT]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\nqozyr.dll]  [N/A, ]
    [C:\WINDOWS\System32\k11850109706.DAT]  [N/A, ]
    [C:\WINDOWS\System32\qxvvqt.dll]  [N/A, ]
    [C:\WINDOWS\System32\moyu103.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A3.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV0091.DAT]  [N/A, ]
    [C:\WINDOWS\System32\flitan.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00B2.DAT]  [N/A, ]
    [C:\WINDOWS\System32\nslxvw.dll]  [N/A, ]
    [C:\WINDOWS\System32\msipfilter.dll]  [N/A, ]
    [C:\WINDOWS\System32\k118501097611.DAT]  [N/A, ]
    [C:\WINDOWS\System32\k118501097510.DAT]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [d:\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\WINDOWS\System32\xyepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhbpri.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1416 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
gototop
 
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:27 | 显示全部 短消息 资料
字号: 4楼

[C:\WINDOWS\system32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 1616 / lenovo][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tljpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
[PID: 1956 / lenovo][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\WINDOWS\System32\qjdpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
[PID: 460 / lenovo][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
[PID: 860 / lenovo][C:\WINDOWS\System32\ntsd.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
[PID: 908 / lenovo][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
[PID: 1120 / lenovo][C:\WINDOWS\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
[PID: 228 / lenovo][C:\WINDOWS\System32\9BF3A6CF.exe]  [N/A, ]
gototop
 
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:28 | 显示全部 短消息 资料
字号: 5楼

[C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\7DE5CD86.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\30E59CED.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
[PID: 1852 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zxdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 2700 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
[PID: 2728 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzbpri.dll]  [N/A, ]
    [c:\progra~1\winp\snet.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\winp\stub.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\winp\play.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\winp\vote.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\winp\code.dll]  [, 5, 0, 0, 2]
    [C:\WINDOWS\System32\msipfilter.dll]  [N/A, ]
[PID: 2752 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
[PID: 2984 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\mssql.dll]  [N/A, ]
[PID: 3312 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [c:\progra~1\ukpr\euzb.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\ukpr\hxce.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\ukpr\mchj.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\ukpr\jzeg.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\ukpr\aqvx.dll]  [, 5, 0, 0, 2]
[PID: 1296 / lenovo][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
[PID: 2904 / lenovo][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\System32\netsrvcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [d:\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tljpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\msipfilter.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\WINWB98.IME]  [Microsoft Corporation, 4.00.950]
[PID: 804 / lenovo][D:\新建文件夹\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\System32\netsrvcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00A0.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV009B.DAT]  [N/A, ]
    [C:\WINDOWS\System32\RAV008C.DAT]  [N/A, ]
    [C:\WINDOWS\System32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\System32\RAV00AE.DAT]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\11848157432.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\tljpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\zxdpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\dhapri.dll]  [N/A, ]
    [D:\新建文件夹\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\msipfilter.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD IGMP
    C:\WINDOWS\System32\msipfilter.dll(, N/A)
MSAFD IGMP
    C:\WINDOWS\System32\msipfilter.dll(, N/A)
MSSQL Tcpip [TCP/IP]
    C:\WINDOWS\System32\mssql.dll(, N/A)
MSSQL Tcpip [UDP/IP]
    C:\WINDOWS\System32\mssql.dll(, N/A)
gototop
 
laozhu88
头像
初生襁褓狮
  • 帖子:41
  • 注册: 2006-05-13
  • 来自:
发表于: 2007-07-21 19:29 | 显示全部 短消息 资料
字号: 6楼

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=auto.exe
shell\open=打开(&O)
Shell\open\command=pagefiles.pif
Shell\open\default=1
shell\explore=资源管理器(&X)
shell\explorer\command=pagefiles.pif
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
OPEN=auto.exe
shell\open=打开(&O)
Shell\open\command=pagefiles.pif
Shell\open\default=1
shell\explore=资源管理器(&X)
shell\explorer\command=pagefiles.pif
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
OPEN=auto.exe
shell\open=打开(&O)
Shell\open\command=pagefiles.pif
Shell\open\default=1
shell\explore=资源管理器(&X)
shell\explorer\command=pagefiles.pif
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
OPEN=auto.exe
shell\open=打开(&O)
Shell\open\command=pagefiles.pif
Shell\open\default=1
shell\explore=资源管理器(&X)
shell\explorer\command=pagefiles.pif
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www.tie2bu.com
127.0.0.1      www.byip.cn
127.0.0.1      178.shen9.net
127.0.0.1      www.h-t1.com
127.0.0.1      www.puma164.com
127.0.0.1      www.56jb.com
127.0.0.1      jxdoe.com
127.0.0.1      www.08325.cn
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      ad.uiiiu.com
127.0.0.1      boolom.com
127.0.0.1      www.copyip.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net
127.0.0.1      cool.47555.com
127.0.0.1      www.panama8.com
127.0.0.1      www.zt04.cn

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1616, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1956, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 228, C:\WINDOWS\SYSTEM32\9BF3A6CF.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 228, C:\WINDOWS\SYSTEM32\9BF3A6CF.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\System32\TIMHost.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\System32\TIMHost.dll)

==================================
隐藏进程
    [160] C:\WINDOWS\system\SMSS.exe

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT