瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 急求高手解决!开机后闪出注册表修改选项,安全模式扫描不出病毒

1   1  /  1  页   跳转

急求高手解决!开机后闪出注册表修改选项,安全模式扫描不出病毒

收藏
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:19 | 显示全部 短消息 资料
字号: 1楼

急求高手解决!开机后闪出注册表修改选项,安全模式扫描不出病毒

前几天中了AUTO病毒和几个不知道名字的病毒,然后用AUTO专杀杀了一下,没了,过了几天又出现了,再杀,到现在没出现过,但开机后就会闪出注册表修改的框,然后马上消失,今天耳麦里居然还听到有电影的声音,进程里找到了163d和一个IEXPLORER的东西,IEXPLORER结束后电影声音就没了,以下是用System Repair Engineer扫描后的日志,请各位高手帮忙看看,小弟在此谢过了!
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\RISING\RAV\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kvdxcma.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{3A1247C1-53DA-FF43-ABD3-345F323A48D3}><C:\WINDOWS\system32\avwgcmn.dll>  [N/A]
    <{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}><C:\Program Files\Internet Explorer\PLUGINS\WinSys84.Sys>  [N/A]
    <{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\system32\kvdxcma.dll>  [N/A]
    <{AAF3B135-E338-491A-B3CB-9D75DA02C5D1}><C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys>  []
    <{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys>  []
    <{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat>  []
    <{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A



[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
最后编辑2007-10-07 20:12:45
分享到:
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:20 | 显示全部 短消息 资料
字号: 2楼

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Telephots google / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件(北京)有限公司>
[CnsStd / CnsStd][Running/Auto Start]
  <\SystemRoot\System32\drivers\CnsStd.sys><国风因特软件(北京)有限公司>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kirblgog / kirblgog][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kirblgog.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET][Running/Manual Start]
  <system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:21 | 显示全部 短消息 资料
字号: 3楼

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方优化\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 北京三七二一科技有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:22 | 显示全部 短消息 资料
字号: 4楼

==================================
正在运行的进程
[PID: 392 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [, ]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2494]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 1112 / SYSTEM][C:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1128 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1184 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348 / SYSTEM][C:\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\RISING\RAV\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\system32\sqmapi32.dll]  [N/A, ]
    [C:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 22]
    [C:\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 59]
    [C:\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1548 / SYSTEM][c:\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
    [c:\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [c:\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1604 / haha][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\WINDOWS\system32\sqmapi32.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.win]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\alrex.dll]  [, 1, 0, 1, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\msrav.dll]  [N/A, ]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\PROGRA~1\3721\autolive.dll]  [北京三七二一科技有限公司, 2.5.4.1009]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1752 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1812 / haha][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:22 | 显示全部 短消息 资料
字号: 5楼

[C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [国风因特软件(北京)有限公司, 2.5.0.6]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
[PID: 1920 / haha][c:\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
[PID: 176 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 300 / SYSTEM][C:\program files\internet explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 956 / SYSTEM][C:\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 412 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
[PID: 1076 / haha][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\PROGRA~1\3721\autolive.dll]  [北京三七二一科技有限公司, 2.5.4.1009]
    [C:\PROGRA~1\3721\notifier.dll]  [, 1, 0, 0, 5]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 1512 / haha][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 1520 / haha][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 848 / haha][C:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 1876 / haha][C:\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:23 | 显示全部 短消息 资料
字号: 6楼

[PID: 1424 / haha][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 332 / haha][D:\Maxthon\Maxthon.exe]  [MY Soft Technology, 1, 3, 1, 20]
    [D:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [D:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3912 / haha][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
[PID: 1936 / haha][C:\Program Files\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.4.0.226]
    [C:\Program Files\Thunder\Program\UpdateDownload.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\msgmanage.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 0, 0, 1]
    [C:\Program Files\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Program Files\Thunder\Program\asyn_dns.dll]  [N/A, ]
    [C:\Program Files\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
    [C:\Program Files\Thunder\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.win]  [N/A, ]
    [C:\Program Files\Thunder\Program\iTargetAd.dll]  [N/A, ]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3588 / haha][E:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxatl.dll]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\system32\addrjzhelp.dll]  [N/A, ]
    [C:\WINDOWS\system32\allatl.dll]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.2]
    [C:\Program Files\Internet Explorer\PLUGINS\NinSys74.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [E:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\qdshm.dll]  [N/A, ]
gototop
 
温柔里流浪
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-10-07
  • 来自:
发表于: 2007-10-07 20:23 | 显示全部 短消息 资料
字号: 7楼

=================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
    C:\WINDOWS\system32\qdshm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
    C:\WINDOWS\system32\qdshm.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=servet.exe
shellexecute=servet.exe
shell\Auto\command=servet.exe
[D:\]
[AutoRun]
open=servet.exe
shellexecute=servet.exe
shell\Auto\command=servet.exe
[E:\]
[AutoRun]
open=servet.exe
shellexecute=servet.exe
shell\Auto\command=servet.exe
[F:\]
[AutoRun]
open=servet.exe
shellexecute=servet.exe
shell\Auto\command=servet.exe
[G:\]
[AutoRun]
open=servet.exe
shellexecute=servet.exe
shell\Auto\command=servet.exe

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1520, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1520, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 848, C:\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1876, C:\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 332, D:\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 332, D:\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1936, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1936, C:\PROGRAM FILES\THUNDER\PROGRAM\THUNDER5.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT