瑞星卡卡安全论坛
华英杰 - 2007-7-10 22:00:00
中了Backdoor.Gpigeon.vpd,每次瑞星都能杀不掉,而且有时会弹出IE窗口提示电脑中毒,然后出来窗口要求输入手机注册软件杀毒,上传的是Sreng日志,肯求各位高手帮忙。
附件:
8974712007710214944.txt
春流到夏爱娜 - 2007-7-10 23:59:00
只有下个矮人4.0dos工具箱,先记下病毒的路径,如:"x:\windows\***\***" 然后安装矮人4.0dos重启计算机。进入dos模式在dos下进到带病毒的文件夹后,删掉病毒文件就行。如要杀掉"clfjo.sys"就在带病毒文件的根目录下输入:"DEL CLFJO.SYS"即可。装好以后,重新启动。会有两个选择,1----正常进入系统。2---进入dos。用方向键选择进入dos后,一直选第一项就是什么都不加载了。记下病毒所在的目录比如病毒在c:\windows\system32\那么你就输入c:回车--然后是cd空格windows回车----cd空格system32回车,然后输入dir空格病毒名(如tjoy.dll)就会发现他,然后输入del空格病毒名,就会删除了!!所有的杀毒软件都杀不了的病 毒都能轻松解决!!! 删完后重起,一次解决!!!,虽然麻烦点,但是对付你怎么也删不了的病毒和文 件有奇效!总比重装系统来的简单把??我昨天下午刚试了一遍。肯定行。 必须装完后重起选择DOS模式。什么都不用载!!!
还可用:后门病毒
建议下载专杀工具 配合杀毒软件使用
http://it.rising.com.cn/Channels/Service/index.shtml
华英杰 - 2007-7-11 22:27:00
【回复“春流到夏爱娜”的帖子】
瑞星专杀工具试过不行。
是不是只要进到DOS状态就可以啊。我有可能起动DOS的光盘是不是也可以,还有就是:"x:\windows\***\***"是不是就是瑞星显示病毒所在目录,我的显示C:\Program Files\Internet Explorer\IEXPLEORE.EXE,哪么我要到什么目录下去删除什么文件啊,谢谢!
newcenturymoon - 2007-7-11 22:58:00
下载 System Repair Engineer,
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
蜗牛先生 - 2007-7-12 8:45:00
2楼我跟你一样,用瑞星杀毒,病毒也是显示在C:\Program Files\Internet Explorer\IEXPLEORE.EXE。不知道要怎么办??
华英杰 - 2007-7-14 9:34:00
日志:
[CODE]
2007-07-10,20:31:17
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<RaidTool><C:\Program Files\VIA\RAID\raid_tool.exe> [VIA Technologies]
<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RdfSnap2002><> [N/A]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera> [N/A]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r> [Gemplus]
<Regtool><C:\Program Files\Gemplus\GemSafe Libraries\BIN\Regtool.exe> []
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\Gemplus(Personal)\MenuOrder\MenuOrder.exe> []
<qcsszjcz><c:\chenhu2\chenqxms.exe> [陈虎]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
<HF_GameClient><; C:\Program Files\浩方对战平台\gameclient.exe> [上海浩方在线信息技术有限公司]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RdfSnap2002><; C:\Program Files\浩方对战平台\gameclient.exe> [上海浩方在线信息技术有限公司]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
华英杰 - 2007-7-14 9:35:00
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[windows msn / windows msn][Stopped/Auto Start]
<C:\WINDOWS\G_Server1.23.exe><N/A>
[Zretsor Hchost / Zretsor Hchost][Stopped/Auto Start]
<C:\WINDOWS\WINDOWS\system32\scohst.txt><N/A>
==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[d346bus / d346bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
<system32\DRIVERS\e1000325.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[GKeyUSB / GKeyUSB][Stopped/Manual Start]
<System32\Drivers\GKeyUSB.sys><Gemplus>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[MidiSyn / MidiSyn][Stopped/Manual Start]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
<system32\drivers\senfilt.sys><Sensaura>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[tmfhqx3 / tmfhqx38][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\tmfhqx38.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Sony Ericsson Cable Emulation Bus (WDM) / zebrceb][Running/Manual Start]
<system32\DRIVERS\zebrceb.sys><MCCI>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
华英杰 - 2007-7-14 9:35:00
==================================
浏览器加载项
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Acme3D Control]
{C2664CD4-DA1C-11D3-9BE2-00A0C9E084E6} <C:\WINDOWS\DOWNLO~1\npi3dbox.dll, Micro Sova Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[IcbcSslCacheCleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[cardctl Class]
{B753331A-9543-41D2-83B2-492E5ADB7911} <C:\WINDOWS\system32\ICCARD~1.DLL, Infosec Technologies Co., Ltd.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Acme3D Control]
{C2664CD4-DA1C-11D3-9BE2-00A0C9E084E6} <C:\WINDOWS\DOWNLO~1\npi3dbox.dll, Micro Sova Co., Ltd.>
[CSetLET Class]
{C35D7AE1-0865-4A30-BF07-29FA29324155} <C:\WINDOWS\system32\GDSetLET.dll, >
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\system32\USBKey.dll, >
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[IcbcSslCacheCleanerCtrl Class]
{E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[]
{FB7199AB-79BF-11D2-8D94-0000F875C541} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
华英杰 - 2007-7-14 9:36:00
==================================
正在运行的进程
[PID: 600 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winlib .dll] [N/A, ]
[C:\WINDOWS\system32\msplrct.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4121]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1500 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
华英杰 - 2007-7-14 9:41:00
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 6.0.000]
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 6.0.0.2003040700]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1704 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1772 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 532 / mirenhua][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 1.0.0.2003040700]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 384 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1128 / mirenhua][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 1260 / SYSTEM][C:\Program Files\Internet Explorer\IexplOre.ExE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1672 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 456 / mirenhua][C:\Program Files\VIA\RAID\raid_tool.exe] [VIA Technologies, 4, 0, 6, 0]
[C:\Program Files\VIA\RAID\drvInterface.dll] [VIA, 4, 0, 4, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1104 / mirenhua][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 5, 0, 1, 57]
[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Devices, Inc., 5, 0, 0, 473]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1136 / mirenhua][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 0, 0, 18]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 884 / mirenhua][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5168]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5168]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5168]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5168]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2052 / mirenhua][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
华英杰 - 2007-7-14 9:42:00
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2084 / mirenhua][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2092 / mirenhua][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 2296 / mirenhua][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2368 / mirenhua][C:\Program Files\Gemplus\GemSafe Libraries\BIN\Regtool.exe] [, 3, 0, 9, 0]
[C:\Program Files\Gemplus\GemSafe Libraries\BIN\GemPPM.dll] [Gemplus, 3, 0, 2, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Gemplus\Common\Resources\LocHub.dll] [GEMPLUS, 1, 0, 8, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2404 / mirenhua][C:\chenhu2\chenqxms.exe] [陈虎, 1.000]
[C:\PROGRA~1\COMMON~1\MICROS~1\Speech\sapi.dll] [Microsoft Corporation, 5.1.4111.00 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 2452 / mirenhua][C:\WINDOWS\system32\CTFMON.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2704 / mirenhua][C:\Program Files\Winamp\winamp.exe] [Nullsoft, 5,2,4,703]
华英杰 - 2007-7-14 9:42:00
[C:\Program Files\Winamp\NSCRT.dll] [Nullsoft, Inc., 7.10.0000]
[C:\Program Files\Winamp\System\aacPlusDecoder.w5s] [N/A, ]
[C:\Program Files\Winamp\System\jnetlib.w5s] [N/A, ]
[C:\Program Files\Winamp\System\playlist.w5s] [N/A, ]
[C:\Program Files\Winamp\System\png.w5s] [N/A, ]
[C:\Program Files\Winamp\System\tagz.w5s] [N/A, ]
[C:\Program Files\Winamp\System\watcher.w5s] [N/A, ]
[C:\Program Files\Winamp\System\xml.w5s] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_ape.dll] [Matthew T. Ashland, 3.99]
[C:\Program Files\Winamp\Plugins\in_cdda.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_cue.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_dshow.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_flac.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_linein.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_midi.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\read_file.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_mod.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_mp3.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_mp4.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\libmp4v2.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_mpc.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_nsv.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_vorbis.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_wave.dll] [N/A, ]
[C:\Program Files\Winamp\libsndfile.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\in_wm.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Winamp\Plugins\out_disk.dll] [Nullsoft, 5,2,4,703]
[C:\Program Files\Winamp\Plugins\out_ds.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\out_lame.dll] [MUKOLI, 1.6.3]
[C:\Program Files\Winamp\Plugins\out_wave.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_cd_menu.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_context.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_dragndrop.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_ff.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\freeform\wacs\jpgload\jpgload.wac] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_find_on_disk.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_hotkeys.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_jumpex.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_MiniLyrics.dll] [N/A, ]
[C:\Program Files\Minilyrics\MiniLyrics.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_ml.dll] [N/A, ]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[C:\Program Files\Winamp\Plugins\ml_nowplaying.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_bookmarks.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_history.dll] [N/A, ]
[C:\Program Files\Winamp\nde.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_local.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Winamp\Plugins\ml_playlists.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_disc.dll] [N/A, ]
[C:\Program Files\Winamp\primosdk.dll] [Sonic Solutions, 2.8.65.500]
[C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 2.8.65.500]
[C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.79a]
[C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 2.8.65.500]
[C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 2.8.65.500]
[C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 2.8.65.500]
[C:\Program Files\Winamp\Plugins\ml_gusb_us.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_online.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_pmp.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\pmp_ipod.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\pmp_njb.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\pmp_p4s.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_transcode.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_wire.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\ml_xpdxs.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_saveas.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_skinsubmenu.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_timerestore.dll] [N/A, ]
[C:\Program Files\Winamp\Plugins\gen_tray.dll] [N/A, ]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 3532 / mirenhua][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1372 / mirenhua][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\Program Files\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 3944 / mirenhua][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
华英杰 - 2007-7-14 9:43:00
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 2740 / mirenhua][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 1960 / mirenhua][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[PID: 1252 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1732 / mirenhua][C:\Documents and Settings\mirenhua\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Documents and Settings\mirenhua\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\WINDOWS\system32\NpOpenStore.dll] [N/A, ]
[C:\WINDOWS\system32\NPCard.dll] [N/A, ]
[C:\WINDOWS\system32\RsaFun.dll] [N/A, ]
[C:\WINDOWS\system32\GPKPCSC.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\PROGRAM FILES\VIA\RAID\RAID_TOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1104, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1136, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2052, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2084, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2092, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2296, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2368, C:\PROGRAM FILES\GEMPLUS\GEMSAFE LIBRARIES\BIN\REGTOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2404, C:\CHENHU2\CHENQXMS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2704, C:\PROGRAM FILES\WINAMP\WINAMP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1372, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
华英杰 - 2007-7-14 9:46:00
3楼的高手,日志已上传了,帖子里也有.TXT的日志,请帮忙诊断,谢谢!
newcenturymoon - 2007-7-14 10:21:00
注意:删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区!
下面所提到的文件中如果有哪项你认识或者确认不是病毒 请不要删除!
安全模式下(开机后不断 按F8键 然后出来一个高级菜单 选择第一项 安全模式 进入系统)
打开sreng (就是你扫日志的软件)
启动项目 注册表 删除如下项目
<gemstrmw><C:\WINDOWS\system32\gemstrmw.exe /r> [Gemplus]
<qcsszjcz><c:\chenhu2\chenqxms.exe> [陈虎]
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
windows msn / windows msn
Zretsor Hchost / Zretsor Hchost
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
点击 菜单栏下方的 文件夹按钮(搜索右边的按钮)
从左边的资源管理器 进入C盘
删除如下文件
C:\WINDOWS\WINDOWS\system32\scohst.txt
C:\WINDOWS\G_Server1.23.exe
C:\WINDOWS\system32\msplrct.dll
panxiaoting - 2007-7-14 10:33:00
去下载“灰鸽子”客户端卸载程序
从楼主提供的病毒名看,是典型的灰鸽子变种
小心被黑客盗取隐私,金山对灰鸽子做了完整的介绍
(http://www.duba.net/zt/huigezi/)
“灰鸽子”客户端卸载程序下载地址:http://www.huigezi.net/uninstall/
这是黑客官方提供的卸载工具
可能会有部分杀软报告病毒
但金山和瑞星不会
华英杰 - 2007-7-16 22:32:00
先按15楼的做法试了一下,目前还没有找到客户端卸载程序,专杀工具找到一个灰鸽子病毒,能清除,不知道重起后能不能再找到,试一下以后再按14楼的方法做,先谢谢两位。
华英杰 - 2007-7-16 22:34:00
先按15楼的做法试了一下,目前还没有找到客户端卸载程序,专杀工具找到一个灰鸽子病毒,能清除,不知道重起后能不能再找到,试一下以后再按14楼的方法做,先谢谢两位。
华英杰 - 2007-7-18 23:57:00
按14楼的做法搞定,呵呵,非常感谢,但还有公司的一台笔记本电脑也中了同样的病毒,把日志发来,请再帮忙看一下,非常感谢!
华英杰 - 2007-7-18 23:58:00
[CODE]
2007-07-18,23:38:43
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<ATIModeChange><Ati2mdxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AtiPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<DadApp><C:\Program Files\Dell\AccessDirect\dadapp.exe> []
<PCTVOICE><pctspk.exe> []
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<MULTIMEDIA KEYBOARD><C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe> [Netropa Corp.]
<PRPCMonitor><PRPCUI.exe> [Intel Corporation]
<IgfxTray><C:\WINNT\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINNT\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Net_Drives><C:\Program Files\Cisco Systems\VPN Client\UTC_Profiles\Net_Drives.exe shell> [N/A]
<Realtime Monitor><C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s> [Computer Associates International, Inc.]
<Sxplog><C:\SYSMGT\SxpInst\sxpstub.exe> [Computer Associates International, Inc.]
<SDJobCheck><triggusr.exe> [N/A]
<qcsszjcz><c:\chenhu2\chenqxms.exe> [陈虎]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><CSGina.dll> [(Verified)"Cisco Systems, Inc."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINNT\System32\setup\wmpocm.exe /ShowWMP> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer Access><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express Access><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\System32\logon.scr> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-2052><; "C:\Program Files\D-Tools\daemon.exe" -lang 1033> [DAEMON'S HOME]
华英杰 - 2007-7-18 23:59:00
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><>
[CA-License Client / CA_LIC_CLNT][Stopped/Manual Start]
<C:\WINNT\Lic98Rmt.exe><N/A>
[CA-License Server / CA_LIC_SRVR][Stopped/Manual Start]
<C:\WINNT\Lic98RmtD.exe><N/A>
[Cisco Systems, Inc. VPN Service / CVPND][Running/Auto Start]
<c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe><Cisco Systems, Inc.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[eTrust Antivirus RPC Server / InoRPC][Running/Auto Start]
<"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"><Computer Associates International, Inc.>
[eTrust Antivirus Realtime Server / InoRT][Running/Auto Start]
<"C:\Program Files\CA\eTrust Antivirus\InoRT.exe"><Computer Associates International, Inc.>
[eTrust Antivirus Job Server / InoTask][Running/Auto Start]
<"C:\Program Files\CA\eTrust Antivirus\InoTask.exe"><Computer Associates International, Inc.>
[Event Log Watch / LogWatch][Running/Auto Start]
<C:\WINNT\LogWatNT.exe><N/A>
[Netropa NHK Server / nhksrv][Running/Auto Start]
<C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe><N/A>
[Unicenter Software Delivery / SDService][Running/Auto Start]
<"C:\SYSMGT\TNGSD\BIN\SDSERV.EXE"><Computer Associates International, Inc.>
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
<C:\WINNT\System32\mspmspsv.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\acpidisk.sys><N/A>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom 570x Gigabit Integrated Controller / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57w2k.sys><Broadcom Corporation>
[Cirrus WDM Audio Codec Driver / cs429x][Stopped/Manual Start]
<system32\drivers\cwawdm.sys><Cirrus Logic, Inc.>
[Cisco Systems VPN Adapter / CVirtA][Stopped/Manual Start]
<system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[Cisco Systems Inc. IPSec Driver / CVPNDRVA][Running/Auto Start]
<\??\c:\WINNT\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
[d346bus / d346bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d346prt.sys><>
[TI UltraMedia CardBus Controller Filter Driver / DevUpper][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\tiumflt.sys><Texas Instruments Inc.>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Stopped/Disabled]
<System32\drivers\dmload.sys><VERITAS Software Corp.>
[Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
<system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[3Com EtherLink XL B/C Adapter Driver / EL90BC][Stopped/Manual Start]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[3Com 3C90X-BC Family PCI EtherLink Adapter / EL90Xbc][Stopped/Manual Start]
<System32\DRIVERS\el90Xbc5.SYS><3Com Corporation>
[GTICARD / GTICARD][Running/Manual Start]
<system32\DRIVERS\gticard.sys><Texas Instruments>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[INO_FLPY / INO_FLPY][Running/Boot Start]
<\SystemRoot\system32\Drivers\ino_flpy.sys><Computer Associates>
[INO_FLTR / INO_FLTR][Running/Auto Start]
<\??\C:\WINNT\system32\Drivers\ino_fltr.sys><Computer Associates>
[AEGIS Protocol (IEEE 802.1x) v1.4.0.13 / MDC8021X][Running/Auto Start]
<system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[Multimedia Keyboard Filter Driver / msikbd2k][Running/System Start]
<System32\DRIVERS\msikbd2k.sys><Netropa Corporation>
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINNT\system32\drivers\mxdispdr.sys><N/A>
[O2Micro SmartCardBus Reader / O2SCBUS][Stopped/Manual Start]
<system32\DRIVERS\ozscr.sys><O2Micro>
[OMCI WDM Device Driver / omci][Running/System Start]
<System32\DRIVERS\omci.sys><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial][Stopped/Manual Start]
<System32\DRIVERS\ptserial.sys><PCTEL, INC.>
[Level II Serial port driver / Serial][Running/System Start]
<system32\DRIVERS\LEVELII.SYS><CARRIER>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
<System32\DRIVERS\smcirda.sys><SMC>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
<system32\drivers\STAC97.sys><SigmaTel, Inc.>
[StreamDispatcher / StreamDispatcher][Running/Auto Start]
<system32\DRIVERS\strmdisp.sys><Conexant Systems, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tiumfwl / tiumfwl][Running/Manual Start]
<system32\drivers\tiumfwl.sys><Texas Instruments Inc.>
[W2k Vmodem / Vmodem][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[vsdatant / vsdatant][Stopped/Manual Start]
<\??\C:\WINNT\system32\vsdatant.sys><Zone Labs Inc.>
[W2k Vvoice / Vvoice][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vvoice.sys><PCtel, Inc.>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Stopped/Manual Start]
<system32\drivers\wA301a.sys><Intel Corporation>
[AIM 3.0 Part 01 Codec Driver CH-7009-B / {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55}][Stopped/Manual Start]
<system32\drivers\wA301b.sys><Intel Corporation>
华英杰 - 2007-7-18 23:59:00
==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <D:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 180][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 204][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe] [N/A, ]
[C:\WINNT\system32\CSGina.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\winlib .dll] [N/A, ]
[C:\WINNT\system32\msplrct.dll] [N/A, ]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[PID: 252][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2191.1.296.2]
[PID: 264][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2184.1]
[PID: 392][C:\WINNT\System32\SCardSvr.exe] [Microsoft Corporation, 5.00.2195.6609]
[PID: 464][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 524][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2175.1]
[C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2143.1]
[PID: 584][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\AdobePDF.dll] [Adobe Systems Incorporated., 6.0.000]
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 6.0.0.2003040700]
[PID: 620][C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe] [N/A, ]
[PID: 676][c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe] [Cisco Systems, Inc., 4.0.2 (D)]
[C:\WINNT\system32\vsdata.dll] [Zone Labs Inc., 3.7.078.001]
[PID: 724][C:\Program Files\CA\eTrust Antivirus\InoRpc.exe] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InConfig.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InoOEM.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\INOCORE.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\DistCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\ScanLog.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InocDB.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\wBkRsrc.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\secAddIn.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InocAdn.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InDrvCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\secAPI.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\InoScan.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\ScanRes.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\poldecod.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\polAdn.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\RPCMtAdn.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\NameAPIX.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\RPCMtAPI.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InoAlert.dll] [Computer Associates International, Inc., 7.1.192.0]
[PID: 792][C:\Program Files\CA\eTrust Antivirus\InoRT.exe] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\ScanLog.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InConfig.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InoOEM.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\INOCORE.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InocDB.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\DistCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\wBkRsrc.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\InoScan.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\ScanRes.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\arclib.dll] [Computer Associates International, Inc., 7.2.0.18]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\VetE.dll] [CA, Inc., Version 30.8.0.0]
华英杰 - 2007-7-18 23:59:00
[PID: 808][C:\Program Files\CA\eTrust Antivirus\InoTask.exe] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InoAlert.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\ScanLog.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InConfig.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InoOEM.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\INOCORE.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InocDB.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\RPCMtAPI.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\InDrvCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\DistCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\secAPI.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\CA\eTrust Antivirus\wBkRsrc.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\InoScan.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\ScanRes.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\arclib.dll] [Computer Associates International, Inc., 7.2.0.18]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\Avh32dll.dll] [CA, Inc., Version 30.8.0.0]
[PID: 884][C:\WINNT\LogWatNT.exe] [N/A, ]
[C:\CA_LIC\lic98.dll] [Computer Associates, 01.46]
[PID: 940][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 960][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2137.1]
[PID: 996][C:\SYSMGT\TNGSD\BIN\SDSERV.EXE] [Computer Associates International, Inc., 4, 0, 2102, 0]
[PID: 1064][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 1144][C:\WINNT\System32\mspmspsv.exe] [Microsoft Corporation, 7.10.00.3068]
[PID: 1156][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0]
[PID: 1204][C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE] [Computer Associates International, Inc., 4, 0, 2107, 0]
[C:\SYSMGT\TNGSD\BIN\ACPORT32.dll] [Computer Associates International, Inc., 4, 0, 2106, 0]
[C:\SYSMGT\TNGSD\BIN\RDCNF.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDStrCnv.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDCAWIN.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDWINAPI.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\CTRLCOM.dll] [Computer Associates International, Inc., 4, 0, 2107, 0]
[C:\SYSMGT\TNGSD\BIN\SDWCHAR.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDNLS.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDOSAPI.dll] [Computer Associates, 1, 0, 0, 1]
[C:\SYSMGT\TNGSD\BIN\ASMCOM32.dll] [Computer Associates International, Inc., 4, 0, 2106, 0]
[C:\SYSMGT\TNGSD\BIN\NATFCL32.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDLIC.dll] [Computer Associates International, Inc., 4, 0, 2107, 0]
[C:\SYSMGT\TNGSD\BIN\SDRES.dll] [Computer Associates International, Inc., 4, 0, 2901, 0]
[C:\SYSMGT\TNGSD\BIN\GENERAL.dll] [Computer Associates International, Inc., 4, 0, 2106, 0]
[C:\SYSMGT\TNGSD\BIN\COMPON.dll] [Computer Associates International, Inc., 4, 0, 2107, 0]
[C:\SYSMGT\TNGSD\BIN\sdevent.dll] [Computer Associates International, Inc., 4, 0, 2106, 0]
[C:\SYSMGT\TNGSD\BIN\SDINFOV.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDFILSYS.dll] [Computer Associates International, Inc., 4, 0, 2107, 0]
[C:\SYSMGT\TNGSD\BIN\FILECOPY.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\TRIGGAPI.dll] [Computer Associates International, Inc., 4, 0, 2107, 0]
[PID: 1116][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.2920.0000]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\Program Files\Internet Explorer\mui\0804\browselc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Internet Explorer\mui\0804\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3889]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003040700]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL] [Microsoft Corporation, 11.0.5510.0]
[C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\pkmws.dll] [Microsoft Corporation, 11.0.5510.0]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll] [, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\CA\eTrust Antivirus\InoShell.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 1.0.0.2003040700]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
华英杰 - 2007-7-19 0:00:00
[PID: 1412][C:\Program Files\Dell\AccessDirect\dadapp.exe] [N/A, ]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1448][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1452][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\SynTPAPI.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1468][C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] [Netropa Corp., 1.00]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\msiosd32.dll] [N/A, ]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1480][C:\WINNT\system32\PRPCUI.exe] [Intel Corporation, 3.0.0.0]
[C:\WINNT\system32\PRPCUI.dll] [Intel Corporation, 3.0.0.0]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\PRPCLANG.DLL] [Intel Corp., 2.0.0.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1524][C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe] [Netropa Corporation, 1.70]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1532][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3889]
[PID: 1576][C:\Program Files\Netropa\Onscreen Display\OSD.exe] [Netropa Corp., 2.01]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1596][C:\PROGRA~1\CA\ETRUST~1\realmon.exe] [Computer Associates International, Inc., 7.1.192.0]
[C:\PROGRA~1\CA\ETRUST~1\InConfig.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\PROGRA~1\CA\ETRUST~1\InoOEM.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\PROGRA~1\CA\ETRUST~1\INOCORE.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\PROGRA~1\CA\ETRUST~1\InDrvCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\SYSMGT\CA_APPSW\VIRUSSCAN\DistCfg.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\PROGRA~1\CA\ETRUST~1\secAPI.dll] [Computer Associates International, Inc., 7.1.192.0]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\CA_LIC\lic98.dll] [Computer Associates, 01.46]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1620][C:\chenhu2\chenqxms.exe] [陈虎, 1.000]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\PROGRA~1\COMMON~1\MICROS~1\Speech\sapi.dll] [Microsoft Corporation, 5.1.4324.00 built by: lab06_n(spgbld)]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[PID: 1608][C:\SYSMGT\SxpInst\sxplog32.exe] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\SXPFILEC.dll] [Computer Associates International, Inc., 6.4/67]
[C:\Program Files\CA\DCS\CAWIN\CAWINEXF.dll] [Computer Associates International, Inc., 1.20.18]
[C:\SYSMGT\SxpInst\ccsTrc32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\TNGSD\BIN\SDStrCnv.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\TNGSD\BIN\SDCAWIN.dll] [Computer Associates International, Inc., 4, 0, 2102, 0]
[C:\SYSMGT\SxpInst\CCSINI32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\CCSLCK32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\CCSTOO32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\SXPAAF32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\SXP2MSI.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\SxpInst\CCSCMP32.dll] [Computer Associates International, Inc., 6.4/67]
[C:\SYSMGT\TNGSD\SD\NLS\sxplog32.ENU] [Computer Associates International, Inc., 6.4/56]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[PID: 1548][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1636][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 1128, 5462]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_en.dll] [Google Inc., 1, 2, 1128, 5462]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll] [Google Inc., 1, 2, 1128, 5462]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
华英杰 - 2007-7-19 0:00:00
[PID: 1424][C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE] [Microsoft Corporation, 9.0.6604]
[C:\Program Files\Microsoft Office\Office\OUTLLIB.dll] [Microsoft Corporation, 9.0.6627]
[C:\Program Files\Microsoft Office\Office\MSO9.DLL] [Microsoft Corporation, 9.0.7616]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Microsoft Office\Office\2052\outllibr.dll] [Microsoft Corporation, 9.0.3821]
[C:\Program Files\Common Files\System\MAPI\2052\nt\msmapi32.dll] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\GAPI32.dll] [Microsoft Corporation, 5.5.2803.0]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSABP32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSUI32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\OUTEX.dll] [Microsoft Corporation, 8.30.3122.0]
[C:\Program Files\Microsoft Office\Office\OUTLRPC.dll] [Microsoft Corporation, 9.0.3519]
[C:\Program Files\Common Files\System\MAPI\2052\nt\mspst32.dll] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSMDB32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Adobe\Acrobat 6.0\PDFMaker\Mail\Outlook\PDFMOutlook.dll] [Adobe Systems Incorporated, 6.0.0.0]
[C:\Program Files\Microsoft Office\Office\2052\fldpub.dll] [Microsoft Corporation, 9.0]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\Common Files\System\MAPI\2052\NT\ExSec32.dll] [Microsoft Corporation, 5.5.3124.0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\Program Files\Microsoft Office\Office\RTFHTML.dll] [Microsoft Corporation, 9.0.6418]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\PROGRA~1\Adobe\ACROBA~1.0\PDFMaker\Common\ADOBEP~1.DLL] [, ]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252E.DLL] [Hewlett-Packard Company, 4.14.0.13]
[C:\Program Files\Common Files\System\MAPI\2052\nt\mapi32.dll] [Microsoft Corporation, 1.0.2518.0]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Internet Explorer\mui\0804\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\Program Files\Microsoft Office\Office\OUTLCTL.DLL] [Microsoft Corporation, 9.0.2323]
[PID: 1752][C:\Program Files\Common Files\System\MAPI\2052\nt\MAPISP32.EXE] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\msmapi32.dll] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\GAPI32.dll] [Microsoft Corporation, 5.5.2803.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSABP32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSUI32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\OUTEX.dll] [Microsoft Corporation, 8.30.3122.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\EMSMDB32.DLL] [Microsoft Corporation, 5.5.3121.0]
[C:\Program Files\Common Files\System\MAPI\2052\nt\mspst32.dll] [Microsoft Corporation, 5.5.3121.0]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\chenhu2\cqxms.dll] [N/A, ]
[PID: 596][C:\DZH5\internet\hypwise.exe] [N/A, ]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\DZH5\internet\olepro32.dll] [Microsoft Corporation, 5.0.4275]
[PID: 1884][C:\Program Files\Microsoft Office\Office\EXCEL.EXE] [Microsoft Corporation, 9.0.8216]
[C:\Program Files\Microsoft Office\Office\MSO9.DLL] [Microsoft Corporation, 9.0.7616]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9969]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\WINNT\system32\FM20.DLL] [Microsoft Corporation, 11.0.5601]
[C:\PROGRA~1\Adobe\ACROBA~1.0\PDFMaker\Common\ADOBEP~1.DLL] [, ]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252E.DLL] [Hewlett-Packard Company, 4.14.0.13]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252G.DLL] [Hewlett-Packard Company, 4.14.0.13]
[PID: 1896][C:\Program Files\Microsoft Office\Office\WINWORD.EXE] [Microsoft Corporation, 9.0.8216]
[C:\Program Files\Microsoft Office\Office\MSO9.DLL] [Microsoft Corporation, 9.0.7616]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL] [Microsoft Corporation, 6.04.9969]
[C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\2052\VBE6INTL.DLL] [Microsoft Corporation, 6.03.9070]
[C:\PROGRA~1\Adobe\ACROBA~1.0\PDFMaker\Common\ADOBEP~1.DLL] [, ]
[C:\Program Files\Common Files\Microsoft Shared\Proof\MSSPELL3.DLL] [Microsoft Corporation, 1.1.6215]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\Common Files\Microsoft Shared\Proof\2052\MSGR2SC.DLL] [Microsoft Corporation, 1.0]
[C:\Program Files\Common Files\Microsoft Shared\Proof\2052\MSGR2EN.DLL] [Microsoft Corporation, 2.0]
[C:\Program Files\Common Files\Microsoft Shared\Proof\wdbrkchs.dll] [Microsoft Corporation, 1.0]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252E.DLL] [Hewlett-Packard Company, 4.14.0.13]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPBF252G.DLL] [Hewlett-Packard Company, 4.14.0.13]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
华英杰 - 2007-7-19 0:01:00
[PID: 1348][C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe] [Autodesk, Inc., 1.0.0.1]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll] [Autodesk, Inc., 1.0.0.1]
[PID: 544][C:\Program Files\AutoCAD LT 2004\aclt.exe] [Autodesk, Inc., R16.00.086]
[C:\Program Files\AutoCAD LT 2004\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Autodesk Shared\ac1st16.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\AutoCAD LT 2004\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Common Files\Autodesk Shared\acdb16.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcGe16.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\MFC70.DLL] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\AutoCAD LT 2004\acui16.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ANav.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\adui16.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\dswhip.dll] [Autodesk Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\heidi8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\dlint8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\SFTTABAC.dll] [Softel vdm, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\UserData.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\adctrls.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\adui16res.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AnavRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acui16res.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\DsWhipRes.dll] [Autodesk Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\sfttabacRes.dll] [Softel vdm, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ADCtrlsRes.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\SCREE.DLL] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acltres2.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acltbtn.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acltres.dll] [Autodesk, Inc., 16.0.0.86]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\Program Files\AutoCAD LT 2004\PrxyInet.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\PrxyInetRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\oleaprot.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\colorRes.dll] [, 16.0.0.86]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\drv\gdi8.hdi] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\drv\gdi8Res.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\drv\szb8.hdi] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\drv\rblast8.hdi] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\drv\gdifont8.hdi] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\acgs.dll] [Autodesk Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acgsRes.dll] [Autodesk Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\hcreg8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\hcreg8Res.dll] [Autodesk, Inc., 8.0.16.86]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\Program Files\AutoCAD LT 2004\AcApp.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcDblClkEdit.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcDblClkEditPE.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcDblClkEditRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acdim.arx] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ShareAC.dll] [Autodesk, Inc, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ShareMFC.dll] [Autodesk, Inc, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcDimRes.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\aceplotx.arx] [Autodesk, 16.0.0.86]
[c:\program files\common files\autodesk shared\achapi16.dbx] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcEplotXRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\achlnkui.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\achlnkuiRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSign.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSignRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSpaceTrans.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSpaceTransRes.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTp.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTc.DLL] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTcUi.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTcRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTcUiRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\whohas.arx] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\whohasRes.dll] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\acltStatusBar.arx] [, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSaveVp.arx] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSaveVpRes.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\WSCommCntrAcCon.arx] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\WSCommCntrAcConRes.dll] [Autodesk, 16.0.0.86]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
华英杰 - 2007-7-19 0:01:00
[C:\Program Files\AutoCAD LT 2004\acmted.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcMtedRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcTpCatalogRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\textedit.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\TexteditRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSecOpt.arx] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcSecOptRes.dll] [Autodesk, Inc., 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\apperr.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\plotcfg8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\pctres8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\apperrRes.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\plcfmgr.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\MSVCI70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\AutoCAD LT 2004\plcfmgrRes.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\plcferr.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\pm8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\pmres8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\pmutil8.dll] [Autodesk, Inc., 8.0.16.86]
[C:\Program Files\AutoCAD LT 2004\Acopm.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\Acpi.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ATL70.DLL] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\AutoCAD LT 2004\axdb16.dll] [, ]
[C:\Program Files\AutoCAD LT 2004\AcPiRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcOpmRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcObjClassImp.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcOcSchemaUtil.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcObjClassImpRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\ACOPMEXT.ARX] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcOpmExtRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcPEXCtlRes.dll] [Autodesk Inc,., 16.0.0.86]
[c:\program files\common files\autodesk shared\Ax16ENUres.dll] [Autodesk, Inc, 16.0.0.86]
[c:\program files\common files\autodesk shared\AcMPolygonObj16CHSRes.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\AcPEXCtl.arx] [Autodesk Inc,., 16.0.0.86]
[c:\program files\common files\autodesk shared\Ax16CHSres.dll] [Autodesk, Inc, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\dwgaids.arx] [Autodesk, 16.0.0.86]
[C:\Program Files\AutoCAD LT 2004\Dwgaidsres.dll] [Autodesk, 16.0.0.86]
[PID: 324][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Internet Explorer\mui\0804\browselc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL] [Microsoft Corporation, 3.00.8449]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.0.2003040700]
[C:\Program Files\Common Files\CPUSH\cpush.dll] [, 1.0.4.3]
[D:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll] [金泰丰(广州)科技有限公司, 2, 3, 0, 0]
[C:\Program Files\Internet Explorer\mui\0804\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINNT\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102]
华英杰 - 2007-7-19 0:02:00
[PID: 1188][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[C:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [, 1, 0, 0, 1]
[C:\chenhu2\cqxms.dll] [N/A, ]
[C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\WizardCtrl.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.6626]
[C:\WINNT\System32\devenum.dll] [, ]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[C:\Program Files\Internet Explorer\mui\0804\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
[C:\Program Files\Tencent\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Tencent\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 9, 93]
[PID: 652][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2124][D:\Documents and Settings\mirh\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 6.7.4 01Aug02]
[C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\chenhu2\cqxms.dll] [N/A, ]
[D:\Documents and Settings\mirh\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
华英杰 - 2007-7-19 0:02:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 724, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INORPC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 792, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INORT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 808, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INOTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, C:\WINNT\LOGWATNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 996, C:\SYSMGT\TNGSD\BIN\SDSERV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1144, C:\WINNT\SYSTEM32\MSPMSPSV.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1144, C:\WINNT\SYSTEM32\MSPMSPSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1204, C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1412, C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1468, C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1480, C:\WINNT\SYSTEM32\PRPCUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1524, C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1576, C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1596, C:\PROGRA~1\CA\ETRUST~1\REALMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1620, C:\CHENHU2\CHENQXMS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1608, C:\SYSMGT\SXPINST\SXPLOG32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1548, C:\WINNT\SYSTEM32\CTFMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1424, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1752, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\2052\NT\MAPISP32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 596, C:\DZH5\INTERNET\HYPWISE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1884, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1896, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1188, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 652, C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
华英杰 - 2007-7-19 0:03:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 724, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INORPC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 792, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INORT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 808, C:\PROGRAM FILES\CA\ETRUST ANTIVIRUS\INOTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, C:\WINNT\LOGWATNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 996, C:\SYSMGT\TNGSD\BIN\SDSERV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1144, C:\WINNT\SYSTEM32\MSPMSPSV.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 1144, C:\WINNT\SYSTEM32\MSPMSPSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1204, C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1412, C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1468, C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1480, C:\WINNT\SYSTEM32\PRPCUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1524, C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1576, C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1596, C:\PROGRA~1\CA\ETRUST~1\REALMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1620, C:\CHENHU2\CHENQXMS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1608, C:\SYSMGT\SXPINST\SXPLOG32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1548, C:\WINNT\SYSTEM32\CTFMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1424, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1752, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\2052\NT\MAPISP32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 596, C:\DZH5\INTERNET\HYPWISE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1884, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1896, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1188, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 652, C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
© 2000 - 2026 Rising Corp. Ltd.