这么毒呀，这么厉害，老杀不干净，帮帮忙呀 bbs.ikaka.com

纯一 - 2007-5-11 11:14:00

[CODE]

2007-05-11,10:30:45

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<jvbwjj36b2><C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\servicer.exe> [N/A]
<s2i1dqdvb><C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\c0nime.exe> [N/A]
<9><C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\iexpl0re.exe> [N/A]
<QQDownload><"D:\Program Files\QQDownload\QQDownload.exe" autostart> [N/A]
<rundll32><C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<fy><C:\WINDOWS\Sysfy4\svchost.exe> [N/A]
<sun><C:\WINDOWS\SysSun2\svchost.exe> [N/A]
<wl><C:\WINDOWS\Syswl3\svchost.exe> [N/A]
<wm><C:\WINDOWS\Syswm7\svchost.exe> [N/A]
<sj><C:\WINDOWS\Syssj5\svchost.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<EPSON ME 1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P10 "EPSON ME 1" /O6 "USB001" /M "ME 1"> []
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<EPSON ME 1 (副本 1)><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P19 "EPSON ME 1 (副本 1)" /O6 "USB001" /M "ME 1"> []
<EPSON ME 1 (副本 ><> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]

附件: 5933282007511110402.jpg

纯一 - 2007-5-11 11:15:00

<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KSVSvc><C:\WINDOWS\KSVSvc.exe /i> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<kav><"D:\avp.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\Userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]

==================================
启动文件夹
[EPSON Online Register]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Online Register.lnk --> C:\PROGRA~1\EPSON\ONLINE~1\ONLINE~1.EXE []><N>
[服务器管理]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务器管理.lnk --> C:\PROGRA~1\NINETO~1\iCSP_SM\IPROCE~2.EXE [ ]><N>
[HKBNKeymap]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HKBNKeymap.lnk --> C:\PROGRA~1\Welltech\HKBNKE~1\HKBNKE~1.EXE []><N>
[Service Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Flash Video]
<C:\Documents and Settings\Bluewater\「开始」菜单\程序\启动\Flash Video.lnk --> C:\PROGRA~1\FLVPLA~1\FLVPLA~1.EXE [N/A]><N>
[腾讯QQ]
<C:\Documents and Settings\Bluewater\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\QQ2007\QQ.exe [TENCENT]><N>
[HKBN 2b]
<C:\Documents and Settings\Bluewater\「开始」菜单\程序\启动\HKBN 2b.lnk --> D:\2b\ASULAU~1.EXE [N/A]><N>

==================================
服务
[6047E07B / 6047E07B][Stopped/Disabled]
<C:\WINDOWS\system32\6047E07B.EXE -service><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[卡巴斯基反病毒软件6.0 / AVP][Stopped/Auto Start]
<D:\avp.exe -r><N/A>
[Performance Moniter / DATEING][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\XZZNW.DLL,Export 1087><Microsoft Corporation>
[Logical Disk Manager / dmserver][Others/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%ProgramFiles%\hkttrjbx.dll><N/A>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Network Engine / License][Others/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\kdngs.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[ninetowns_iCSP_sm / ninetowns_iCSP_sm][Running/Auto Start]
<c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe><九城口岸软件科技有限公司>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Std runq Service / runq][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\jmfi\wwsv.dll,Service -s><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Others/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>

纯一 - 2007-5-11 11:16:00

==================================
驱动程序
[abhcop / abhcop][Stopped/System Start]
<system32\drivers\abhcop.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Aureal Game Port Enumerator / admjoy][Running/Manual Start]
<system32\DRIVERS\admjoy.sys><Aureal, Inc.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtaa / ati2mtaa][Stopped/Manual Start]
<System32\DRIVERS\ati2mtaa.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[V-Gear TalkCam Pro / DCamUSBEMPIA][Stopped/Manual Start]
<System32\DRIVERS\emDevice.sys><eMPIA Technology, Inc.>
[Sundance ST201 based Adapter NT Driver / DLH5X][Running/Manual Start]
<System32\DRIVERS\DLH5XND5.sys><D-Link Corporation>
[USB Audio Device / emAudio][Stopped/Manual Start]
<system32\drivers\emAudio.sys><Empia Technology, Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[USB Device Lower Filter / FiltUSBEMPIA][Stopped/Manual Start]
<System32\DRIVERS\emFilter.sys><eMPIA Technology Inc.>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[hcalway / hcalway][Stopped/System Start]
<system32\DRIVERS\hcalway.sys><N/A>
[hkttrjbx / hkttrjbx][Stopped/Manual Start]
<\??\C:\Program Files\hkttrjbx.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0][Running/Auto Start]
<\??\C:\WINDOWS\system32\new.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\Program Files\QQ2006\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\Program Files\QQ2006\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
<System32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[USB Still Image Capture Device / ScanUSBEMPIA][Stopped/Manual Start]
<System32\DRIVERS\emScan.sys><eMPIA Technology, Inc.>
[Sony Ericsson Device 046 Driver driver (WDM) / SE2Ebus]

纯一 - 2007-5-11 11:16:00

[Stopped/Manual Start]
<system32\DRIVERS\SE2Ebus.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Filter / SE2Emdfl][Stopped/Manual Start]
<system32\DRIVERS\SE2Emdfl.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Driver / SE2Emdm][Stopped/Manual Start]
<system32\DRIVERS\SE2Emdm.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) / SE2Emgmt][Stopped/Manual Start]
<system32\DRIVERS\SE2Emgmt.sys><MCCI>
[Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) / se2Eunic][Stopped/Manual Start]
<system32\DRIVERS\se2Eunic.sys><MCCI>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
<system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[CRW-Vu SCReader / WATCHKEY][Stopped/Auto Start]
<System32\DRIVERS\wdkey.SYS><Beijing WatchData System Co., Ltd.>
[WINIO / WINIO][Stopped/Manual Start]
<\??\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xinstall / xinstall][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\xinstall.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\ComDlls\XunLeiBHO_006.dll, N/A>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\scieplugin.dll, Kaspersky Lab>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\QQ2007\QQ.EXE, TENCENT>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINDOWS\system32\QQLiveInstaller.dll, >
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Kingsoft DUBA OnlineScan]
{C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINDOWS\System32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[BoBoControl Class]
{EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\Downloaded Program Files\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[MeadCo ScriptX]
{1663ED61-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[MeadCo Extended HTML Printing]
{1663ED6A-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCPrintX.dll, Mead & Co Limited>
[Project1.UserCpuCardCtl]
{16F2448E-8C16-11D1-9A11-0080C8E1561F} <C:\WINDOWS\System32\usercpucard.ocx, hgjg>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\uc\mail\DHTMLED.OCX, Microsoft Corporation>
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <D:\tphandle.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\讯雷\ComDlls\XunLeiBHO_006.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
<D:\Program Files\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\Program Files\QQDownload\getAllurl.htm, N/A>
[&使用迅雷下载]
<D:\讯雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\讯雷\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\QQ2007\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\QQ2007\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\QQ2007\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\QQ2007\SendMMS.htm, N/A>

纯一 - 2007-5-11 11:17:00

==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 684][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\olite\bin\oci.dll] [Oracle Corporation, 8.0.5.0.1]
[C:\olite\bin\ORA805.dll] [Oracle Corporation, 8.0.5.0.0]
[C:\olite\bin\CORE40.dll] [Oracle Corporation, 4.0.5.0.0]
[C:\olite\bin\NLSRTL33.dll] [Oracle Corporation, 3.3.2.0.0]
[C:\olite\bin\NL80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\OTRACE80.dll] [Oracle Corporation, 8.0.4.0.0]
[C:\olite\bin\NS80.dll] [Oracle Corporation, 8.0.4.0.2 Production]
[C:\olite\bin\nasns80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\nz80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NNFG80.dll] [Oracle Corporation, 8.0.4.0.1 Production]
[C:\olite\bin\NNCI80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NNG80.dll] [Oracle Corporation, 8.0.4.0.2 Production]
[C:\olite\bin\NMP80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NPL80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NR80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NT80.dll] [Oracle Corporation, 8.0.4.0.1 Production]
[C:\olite\bin\NCR80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NMS80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NNFD80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NNFN80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\NI80.dll] [Oracle Corporation, 8.0.4.0.0 Production]
[C:\olite\bin\PLS805.dll] [Oracle Corporation, 8.0.5.0.0]
[C:\olite\bin\NDWSI80.DLL] [N/A, ]
[C:\olite\bin\SQLLib80.dll] [Oracle Corporation, 8.0.5.0.0]
[C:\olite\bin\xa80.dll] [Oracle Corporation, 8.0.5.0.0]
[PID: 1108][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 5, 3, 0, 0]
[C:\WINDOWS\system32\virport.dll] [N/A, ]
[PID: 1636][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1816][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[PID: 1860][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1972][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 244][c:\program files\ninetowns corp\icsp_sm\icsp.remoteservice.exe] [九城口岸软件科技有限公司, 1.0.3725.476]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4667e3c1\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2032]
[c:\program files\ninetowns corp\icsp_sm\userservice.mod] [N/A, ]
[c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_312830e4\system.dll] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.log.dll] [Neoworks Limited, 1.2.0.30714]

纯一 - 2007-5-11 11:17:00

[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_04975913\system.xml.dll] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.serviceupdate.dll] [ , 1.0.2553.30829]
[c:\program files\ninetowns corp\icsp_sm\notificationclient.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.sessionmanagement.dll] [ , 1.0.2543.31083]
[c:\program files\ninetowns corp\icsp_sm\serversessionmanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\iserversessionmanagement.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\session.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\smserviceinstaller.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.resumablefiletransfer.dll] [ , 1.0.2543.31091]
[c:\program files\ninetowns corp\icsp_sm\itransferobserver.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.servicemanagement.dll] [ , 1.0.2543.31090]
[c:\program files\ninetowns corp\icsp_sm\sm_cs_stub.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.stub.dll] [ , 1.0.3725.476]
[c:\program files\ninetowns corp\icsp_sm\icsp.enterprisemanagement.dll] [ , 1.0.2543.31086]
[c:\program files\ninetowns corp\icsp_sm\organizationdistributorservicebuyer.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.commonutil.dll] [ , 1.0.3725.476]
[c:\program files\ninetowns corp\icsp_sm\persistententity.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.buyerservicemanagement.dll] [ , 1.0.2543.31087]
[c:\program files\ninetowns corp\icsp_sm\boughtserviceversion.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.stubimplement.dll] [ , 1.0.3725.476]
[c:\program files\ninetowns corp\icsp_sm\backinfo.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\serverinfo.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\remotesmresponsor.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.messagemanagement.dll] [ , 1.0.2543.31082]
[c:\program files\ninetowns corp\icsp_sm\messageque.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\imessagemanagement.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\enterprisemanagementmessageprocessor.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\imessageprocess.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\message.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.priceandordermanagement.dll] [ , 0.0.0.0]
[c:\program files\ninetowns corp\icsp_sm\ordermsglistener.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\transfermanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\itransfer.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\pmservicemanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\iservermanagement.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\servicemodule.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\serviceresumeappl.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\serviceprivilege.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\serviceadapter.mod] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\program files\ninetowns corp\icsp_sm\icsp.ormapping.dll] [ , 1.0.3725.476]
[c:\program files\ninetowns corp\icsp_sm\serviceinstance.mod] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.2037]
[c:\program files\ninetowns corp\icsp_sm\stringutil.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\ismserviceupdate.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\updateinfo.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\unprocessedtaskinfo.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\stubmanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\servicebuyermanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\iservicebuyermanagement.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\bizrelationappl.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\buyerinfo.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\messagequeimpl.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\transfermanagerimpl.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\transfertask.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.commonfunction.dll] [ , 1.0.3725.476]
[c:\program files\ninetowns corp\icsp_sm\generator.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\localloader.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.servermanagement.dll] [ , 1.0.2543.31092]
[c:\program files\ninetowns corp\icsp_sm\smtaskmonitor.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\messagemonitor.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\transfertaskmonitoritemsegment.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.permissionmanagement.dll] [ , 1.0.2543.31089]
[c:\program files\ninetowns corp\icsp_sm\smpermissionmanager.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\imanagerpermissionmonitor.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\permission.mod] [N/A, ]
[PID: 244][c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\4d3b0832\00791104_ad6ec701\es3000ent.framework.mp1.exe] [ , 1.0.0.1]
[c:\program files\ninetowns corp\icsp_sm\icsp.taskmanagement.dll] [ , 1.0.2543.31080]
[c:\program files\ninetowns corp\icsp_sm\taskqueue.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\task.mod] [N/A, ]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\d6169241\00791104_ad6ec701\es3000ent.framework.interfacempi.dll] [ , 1.0.0.0]
[c:\program files\ninetowns corp\icsp_sm\log4net.dll] [Neoworks Limited, 1.2.0.30714]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\6643c216\00791104_ad6ec701\es3000ent.commoncomponents.ormapping.dll] [ , 1.0.0.0]
[c:\program files\ninetowns corp\icsp_sm\dbinfo.mod] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll] [Microsoft Corporation, 5.2.3663.0 (Lab01_N.020724-2000)]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\b3e48895\00791104_ad6ec701\es3000ent.businessrule.dll] [ , 1.0.2547.18743]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\fa47e398\00a64205_ad6ec701\irdexclient.dll] [Ninetowns Inc., 3.1.2252.26297]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\f09a15bd\00a64205_ad6ec701\es3000ent.commoncomponents.qsshareservice.dll] [ , 1.0.2522.17321]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\29fe1c20\00a64205_ad6ec701\interop.jro.dll] [ , 2.6.0.0]
[c:\program files\ninetowns corp\icsp_sm\serviceattribute.mod] [N/A, ]
[c:\program files\ninetowns corp\icsp_sm\icsp.security.dll] [ , 1.0.2543.31080]
[c:\program files\ninetowns corp\icsp_sm\rc4.mod] [N/A, ]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\b6445179\00a64205_ad6ec701\sax.dll] [ , 0.9.7.1]
[c:\documents and settings\localservice\local settings\application data\assembly\dl2\myyync97.gya\509t7gr3.tj4\942fb691\00a64205_ad6ec701\aelfred.dll] [ , 1.0.1721.27620]
[PID: 444][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 17.0.54.110]

纯一 - 2007-5-11 11:18:00

[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\KSVSvc.dll] [N/A, ]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\System32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.7184]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7184]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.10035]
[PID: 472][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 1152][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 1240][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 1308][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 1728][C:\WINDOWS\KSVSvc.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\KSVSvc.dll] [N/A, ]
[PID: 1992][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2168][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2184][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2192][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2296][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2316][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2368][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]
[PID: 2460][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

纯一 - 2007-5-11 11:23:00

5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3444][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]
[PID: 3456][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3512][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3572][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]
[PID: 3580][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]

纯一 - 2007-5-11 11:23:00

[PID: 3388][C:\WINDOWS\svchost.exe] [Microsoft Corporation,
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3644][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3708][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3776][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3848][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]
[PID: 3876][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]

纯一 - 2007-5-11 11:24:00

[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3948][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3972][D:\Program Files\QQ2007\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\QQ2007\TIMProxy.dll] [tencent, 0, 3, 2, 4]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

纯一 - 2007-5-11 11:25:00

[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2516][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2528][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2596][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2608][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2740][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[PID: 2800][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]
[PID: 2880][C:\Program Files\Ninetowns Corp\iCSP_SM\iProcessAgent.exe] [ , 1.0.2246.29914]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4667e3c1\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_06053c42\system.windows.forms.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_312830e4\system.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ee33a043\system.drawing.dll] [N/A, ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2900][C:\Program Files\Welltech\HKBNKeymap\HKBNKeymap.exe] [, 1, 0, 0, 1]
[C:\Program Files\Welltech\HKBNKeymap\K10XX.dll] [, 1, 0, 0, 1]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2964][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]

纯一 - 2007-5-11 11:26:00

[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\KSVSvc.dll] [N/A, ]
[PID: 3112][C:\Program Files\flvplayer\flvplayer.exe] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3116][C:\Documents and Settings\Bluewater\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\KSVSvc.dll] [N/A, ]
[PID: 3124][D:\Program Files\QQ2007\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\Program Files\QQ2007\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ2007\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ2007\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80]
[D:\Program Files\QQ2007\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[D:\Program Files\QQ2007\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\QQ2007\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\QQ2007\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\QQ2007\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[D:\Program Files\QQ2007\LoginCtrl.dll] [N/A, ]
[D:\Program Files\QQ2007\LoginCtrlRes.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\KSVSvc.dll] [N/A, ]
[D:\Program Files\QQ2007\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\Program Files\QQ2007\WizardCtrl.dll] [, 1, 0, 0, 1]
[D:\Program Files\QQ2007\QQMainFrame.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3172][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[d:\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[D:\basegui.dll] [Kaspersky Lab, 6.0.0.300]
[PID: 3236][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3320][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 4, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 4, 2, 22]
[C:\PROGRA~1\jmfi\wsvv.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\jmfi\bexa.dll] [ , 1, 0, 0, 6]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 17.0.54.0]
[D:\Program Files\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[D:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[D:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3328][C:\Program Files\Common Files\Microsoft Shared\Web Folders\SVCHOST.EXE] [N/A, ]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================

HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net

==================================
API HOOK
RVA 错误： LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF6B2FB25)
RVA 错误： LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF6B2FD67)
RVA 错误： LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF6B2FF0B)
RVA 错误： LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF6B2FC49)
RVA 错误： GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF6B2FE8F)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛