1   1  /  1  页   跳转

请帮忙看到底中了什么毒?

收藏
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:36 | 显示全部 短消息 资料
字号: 1楼

请帮忙看到底中了什么毒?

先是瑞星的“绿伞”变成了红伞,跟着打开瑞星就显示“应用程序正常初始化(0xc00000ba)失败,瑞星没办法打开了?请问中了什么毒

在线查杀的病毒名是Trjan.PSW.Win32.WSgame.ab及Trjan.PSW.onlineGames.xym


日志如下:

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
最后编辑2007-09-04 20:17:02.217000000
分享到:
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:38 | 显示全部 短消息 资料
字号: 2楼

[CODE]

2007-09-01,09:14:03

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <Super Rabbit SRRestore><rem  E:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave>  [Super Rabbit Soft]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <PCSuiteTrayApplication><E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
    <HP Software Update><E:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Development Company, L.P.]
    <QuickTime Task><"E:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}><C:\Program Files\Internet Explorer\rksldk.dll>  []
    <{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\System32\mhdoor0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:39 | 显示全部 短消息 资料
字号: 3楼

[CODE]

2007-09-01,09:14:03

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <Super Rabbit SRRestore><rem  E:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave>  [Super Rabbit Soft]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <PCSuiteTrayApplication><E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
    <HP Software Update><E:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Development Company, L.P.]
    <QuickTime Task><"E:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}><C:\Program Files\Internet Explorer\rksldk.dll>  []
    <{3422FB0F-95EB-458A-8B56-39552017A4EF}><C:\WINDOWS\System32\mhdoor0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:40 | 显示全部 短消息 资料
字号: 4楼

=================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[]
  {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} <C:\Program Files\Common Files\goskdl.dll, N/A>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <, N/A>
[]
  {BF1F4A1A-BDCD-43ac-9D17-261D2C197AB8} <http://assistant.3721.com/uninstall.htm, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[CHtmlClientView Object]
  {1AF783BD-BFC0-48A2-816E-A667B2BC69E9} <C:\WINDOWS\Downloaded Program Files\Ip1HtmlClientView.dll, Beijing WebWin Digital Tech Co.,ltd.>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINDOWS\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[PowerCreator VGAPlayer Control]
  {339C1EE2-1029-46B8-81F1-360217F26FC4} <C:\WINDOWS\DOWNLO~1\VGAPLA~1.OCX, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\aliedit.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[PPlayerX Control]
  {A2C271DF-91C3-11D5-9FA6-860301900128} <C:\WINDOWS\Downloaded Program Files\pplayer.ocx, Paragon Micro International>
[NOXLATE-BANR]
  {AE563722-B4F5-11D4-A415-00108302FDFD} <C:\WINDOWS\DOWNLO~1\InstBanr.ocx, Autodesk, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[AcPreview 控件]
  {F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <E:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A>
[&Download by NetAnts]
  <DA47E-8D5C-4d7e-B4B6-E16E19218555}, N/A>
[Download &All by NetAnts]
  <, N/A>
[使用网际快车下载]
  <E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:41 | 显示全部 短消息 资料
字号: 5楼

==================================
正在运行的进程
[PID: 520 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 680 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1012 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\WINHTTP.dll]  [Microsoft Corporation, 5.1.2600.1039 (xpsp1.020511-1800)]
    [C:\WINDOWS\System32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1108 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1200 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1456 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 34, 0, 0]
    [C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.01.01]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.003]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.01.01]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.01.01]
    [C:\WINDOWS\system32\hpzll43a.dll]  [Hewlett-Packard Company, 60.053.243.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43a.dll]  [Hewlett-Packard Corporation, 60.053.243.00]
[PID: 1556 / SYSTEM][E:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1816 / Jedi][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [E:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Internet Explorer\rksldk.dll]  [N/A, ]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [E:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 336 / Jedi][e:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [e:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
[PID: 916 / Jedi][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1096 / Jedi][E:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
[PID: 1180 / Jedi][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1292 / Jedi][E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:43 | 显示全部 短消息 资料
字号: 6楼

[E:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 51.0.230.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 51.0.230.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\WINDOWS\System32\hpzipr12.dll]  [HP, 10, 1, 1, 2]
[PID: 180 / Jedi][E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [E:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\WINDOWS\System32\hpzipr12.dll]  [HP, 10, 1, 1, 2]
[PID: 416 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 476 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 5.13.01.2181]
[PID: 860 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 976 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2076 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe]  [Nokia., 6, 82, 69, 3]
    [C:\Program Files\PC Connectivity Solution\NclTools.dll]  [Nokia, 6, 82, 26, 2]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLIrDAMM.dll]  [Nokia Corp., 6, 82, 31, 0]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLRSMM.dll]  [Nokia Corp., 6, 82, 39, 1]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLUSBMM.dll]  [Nokia Corp., 6, 82, 48, 0]
[PID: 2792 / Jedi][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wucltui.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\wuaucpl.cpl]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\System32\mucltui.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\MUI\FALLBACK\0804\mucltui.dll.mui]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2960 / Jedi][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2848 / Jedi][E:\Program Files\VnetClient1.6\VnetClient.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
[PID: 2596 / Jedi][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
    [E:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\Downloaded Program Files\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Rising\RavWeb\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\PSAPI.DLL]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\RavWeb\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:44 | 显示全部 短消息 资料
字号: 7楼

[C:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 81]
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\RavWeb\RsVM.dll]  [, 19, 0, 0, 20]
    [C:\Program Files\Rising\RavWeb\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 57]
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\RavWeb\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [E:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 3756 / Jedi][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3772 / Jedi][E:\Program Files\FlashGet\flashget.exe]  [Amaze Soft, 1, 4, 0, 0]
    [C:\WINDOWS\System32\CD_Clint.dll]  [ , 3, 2, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
    [E:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[PID: 2836 / Jedi][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 292 / Jedi][E:\Program Files\Microsoft Office\Office10\WINWORD.EXE]  [Microsoft Corporation, 10.0.2627]
    [C:\Program Files\Common Files\Microsoft Shared\office10\mso.dll]  [Microsoft Corporation, 10.0.2625]
    [C:\Program Files\Common Files\Microsoft Shared\office10\riched20.dll]  [Microsoft Corporation, 5.40.11.2210]
    [E:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [E:\PROGRA~1\MICROS~1\Office10\Addins\SYMINPUT.DLL]  [Microsoft Corporation, 1.01.0028]
    [C:\WINDOWS\System32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
    [C:\WINDOWS\System32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 0, 0, 0]
    [E:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [E:\Program Files\Microsoft Office\Office10\msostyle.dll]  [Microsoft Corporation, 10.0.2219]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 10.0.2609]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzle43a.dll]  [HP, 60.053.243.00]
[PID: 3916 / Jedi][F:\download\软件\系统扫描工具\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
    [F:\download\软件\系统扫描工具\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 4076 / Jedi][F:\download\软件\系统扫描工具\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [F:\download\软件\系统扫描工具\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\mhdoor0.dll]  [N/A, ]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:44 | 显示全部 短消息 资料
字号: 8楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. []
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 916, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1096, E:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1292, E:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 180, E:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2076, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2848, E:\PROGRAM FILES\VNETCLIENT1.6\VNETCLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3756, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3756, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3772, E:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-01 09:45 | 显示全部 短消息 资料
字号: 9楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. []
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 916, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1096, E:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1292, E:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 180, E:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2076, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2848, E:\PROGRAM FILES\VNETCLIENT1.6\VNETCLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3756, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3756, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3772, E:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
韭菜夹子
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2006-05-24
  • 来自:
发表于: 2007-09-04 20:17 | 显示全部 短消息 资料
字号: 10楼

按照上面说的方法,已经能杀毒,瑞星可重新开启,谢谢。
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT