瑞星卡卡安全论坛
yangjie1976 - 2007-7-26 21:49:00
如体啊,急死了,网上说有恶意代码,可我怎么杀呢,哪位能帮帮忙?
yangjie1976 - 2007-7-26 22:05:00
1.任何一种杀毒软件都无法安装,即使偶然能装上也不运行.
2.网页只要是和杀毒相关的都自动关闭.
3.启动时选安全模式进不去,会重新启动.
4.恶意代码查杀的专杀工具都不运行,也会自动退出
超级游戏迷 - 2007-7-26 22:09:00
下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、请确认当前你机的系统时间是和真实时间一致,不一致请双击系统托盘的时间图标将系统时间改为正常。
3、打开已经解压缩的SRENG文件夹,将解压后的文件夹名改为111,进入111文件夹后直接将SREng.exe这个可执行文件改名为111.bat、111.scr、111.com或111.pif,或者改为111.exe,然后再双击运行;
4、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
5、找到并打开日志,把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上,不要修改地传上来(日志很长,一个帖子搞不完,请手动将全部内容在同一个主题帖下分多个回复帖子传上来)。
友情提示:
1、
扫描日志前请先关闭所有打开的软件(如QQ、迅雷等下载程序什么的程序)和IE窗口(请注意,是关闭而不是最小化窗口)2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
3、SRENG操作图文详解:
http://forum.ikaka.com/topic.asp?board=67&artid=8125594
yangjie1976 - 2007-7-26 22:36:00
下载后,扫描总是报错,然后该程序就不响应了,我要疯了
yangjie1976 - 2007-7-26 22:55:00
启动该软件弹出提示气泡,打开详情出现
原因 API名字 危险等级
RVA错误:LoadlibraryA 高
RVA错误:LoadlibraryExA 高
RVA错误:LoadlibraryExW 高
RVA错误:LoadlibraryW 高
被下面模块所HOOK
\SYSTEMROOT\SYSTEM32\DRIVERS\KLIF.SYS
yangjie1976 - 2007-7-26 23:27:00
[CODE]
2007-07-26,23:06:46
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Publisher]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
<Super Rabbit SRRestore><C:\PROGRA~1\SUPERR~1\SUPERR\SRRest.exe /autosave> [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{66130756-0756-6133-5661-756137566133}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
yangjie1976 - 2007-7-26 23:29:00
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
<IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
<IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
<IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
<IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
<IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
<IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
<IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
<IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
<IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
<IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
<IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
<IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
<IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
<IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
<IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
<IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
<IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
<IFEO[KAVDX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
<IFEO[KAVPFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
<IFEO[KAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
<IFEO[KAVStart.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
<IFEO[KISLnchr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
<IFEO[KMailMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
<IFEO[KMFilter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
<IFEO[KPFW32X.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
<IFEO[KPFWSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
<IFEO[KRegEx.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.COM]
<IFEO[krepair.COM]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
<IFEO[KsLoader.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
<IFEO[KVCenter.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
<IFEO[KvDetect.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
<IFEO[KvfwMcl.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<IFEO[KVMonXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
<IFEO[KVMonXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
yangjie1976 - 2007-7-26 23:31:00
<IFEO[kvol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
<IFEO[kvolself.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
<IFEO[KvReport.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
<IFEO[KVScan.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
<IFEO[KVStub.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
<IFEO[kvupload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<IFEO[KvXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
<IFEO[KvXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
<IFEO[KWatch9x.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
<IFEO[KWatchX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
<IFEO[loaddll.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
<IFEO[MagicSet.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
<IFEO[mcconsol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
<IFEO[mmqczj.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
<IFEO[mmsk.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
<IFEO[PFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
<IFEO[PFWLiveUpdate.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
<IFEO[QHSET.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
<IFEO[Ras.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
<IFEO[Rav.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
<IFEO[RavMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
<IFEO[RavMonD.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
<IFEO[RavStub.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
<IFEO[RavTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
<IFEO[RegClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
<IFEO[rfwcfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
<IFEO[RfwMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
<IFEO[RsAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
<IFEO[Rsaupd.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
<IFEO[runiep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
<IFEO[safelive.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
<IFEO[shcfg32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
<IFEO[SmartUp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
<IFEO[SREng.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
<IFEO[symlcsvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
<IFEO[SysSafe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
<IFEO[TrojanDetector.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
<IFEO[Trojanwall.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
<IFEO[TrojDie.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
<IFEO[UIHost.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
<IFEO[UmxAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
yangjie1976 - 2007-7-26 23:32:00
<IFEO[UmxAttachment.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
<IFEO[UmxCfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
<IFEO[UmxFwHlp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
<IFEO[UmxPol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
<IFEO[UpLive.EXE.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
<IFEO[WoptiClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[kavsvc / kavsvc][Stopped/Disabled]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><N/A>
==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Kl1 / Kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
<System32\drivers\klmc.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
==================================
浏览器加载项
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
yangjie1976 - 2007-7-26 23:36:00
==================================
正在运行的进程
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1460 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
[PID: 1072 / yangjie][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[PID: 1360 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520 / yangjie][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
[PID: 1612 / yangjie][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6, 0, 0, 20]
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 0, 012]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 896 / yangjie][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 2, 0, 9]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 848 / yangjie][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d7f5cc0\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08b505b1\system.windows.forms.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2172.1893]
[c:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
[c:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8f98473\system.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_061c5d2a\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2172.2073]
[c:\program files\ati technologies\ati.ace\aem.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f03b6fe1\system.drawing.dll] [N/A, ]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2066]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\dem.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosinfo.dll] [ATI Technologies Inc., 1.2.2117.25446]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll] [ATI Technologies Inc., 1.2.2160.26282]
[c:\program files\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll] [ATI Technologies Inc., 1.2.2117.25456]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdriversettings.dll] [ATI Technologies Inc., 1.2.2144.26908]
[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\atidemgr.dll] [ATI Technologies Inc., 1.2.2172.1849]
[c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll] [ATI Technologies Inc., 1.2.2117.25448]
yangjie1976 - 2007-7-26 23:37:00
[c:\program files\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll] [ATI Technologies Inc., 1.2.2117.25450]
[c:\program files\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2073]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25458]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1948]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1909]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1971]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1967]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25466]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1924]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25458]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll] [ATI Technologies Inc., 1.2.2117.25446]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2010]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25445]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1990]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25466]
[c:\program files\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1958]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll] [ATI Technologies Inc., 1.2.2117.25455]
[c:\program files\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1963]
[c:\program files\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll] [ATI Technologies Inc., 1.2.2117.25448]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1955]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1951]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2036]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1932]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2024]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1924]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25448]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2032]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1935]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25449]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2019]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2014]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2028]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25469]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1928]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1979]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1986]
[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll] [ATI Technologies Inc., 1.2.2117.25466]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1975]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25450]
[c:\program files\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll] [ATI Technologies Inc., 1.2.2159.17889]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.2001]
[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1994]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1998]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25456]
[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll] [ATI Technologies Inc., 1.2.2172.1940]
[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25456]
[c:\program files\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25457]
[c:\program files\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll] [ATI Technologies Inc., 1.2.2117.25466]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll] [Microsoft Corporation, 7.10.3052.4]
yangjie1976 - 2007-7-26 23:39:00
[c:\program files\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll] [ATI Technologies Inc., 1.2.2117.25448]
[c:\program files\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\dem.graphics.workstationsettings.dll] [ATI Technologies Inc., 1.2.2117.25458]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25463]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll] [ATI Technologies Inc., 1.2.2117.25445]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll] [ATI Technologies Inc., 1.2.2166.27665]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll] [ATI Technologies Inc., 1.2.2117.25455]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25463]
[c:\program files\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll] [ATI Technologies Inc., 1.2.2117.25449]
[c:\program files\ati technologies\ati.ace\apm.foundation.dll] [ATI Technologies Inc., 1.2.2117.25457]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 2032 / yangjie][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[PID: 608 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2072 / yangjie][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d7f5cc0\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08b505b1\system.windows.forms.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2172.1893]
[c:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
[c:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8f98473\system.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_061c5d2a\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\cli.component.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2074]
[c:\program files\ati technologies\ati.ace\cli.foundation.clients.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\cli.component.dashboard.shared.dll] [ATI Technologies Inc., 1.2.2117.25445]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2172.2073]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\aem.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
yangjie1976 - 2007-7-26 23:41:00
[c:\program files\ati technologies\ati.ace\cli.caste.local.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2077]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2069]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f03b6fe1\system.drawing.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1948]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1998]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2006]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1906]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2002]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2037]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1932]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2025]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1924]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2033]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1937]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2021]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2015]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2028]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1928]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1972]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1968]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1920]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.2010]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1991]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1960]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1976]
[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1964]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1955]
[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1951]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1983]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1987]
[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1995]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1911]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.dashboard.dll] [ATI Technologies Inc., 1.2.2172.1941]
[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25456]
[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25463]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25463]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25450]
[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25448]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25444]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25449]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25468]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25469]
[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25465]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25457]
[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25466]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25458]
[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25445]
[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25466]
[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25449]
[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25450]
[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25446]
[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25447]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25467]
[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25456]
[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25448]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25458]
[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 2084 / yangjie][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7d7f5cc0\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573]
yangjie1976 - 2007-7-26 23:43:00
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08b505b1\system.windows.forms.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2172.1893]
[c:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2117.25442]
[c:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2117.25464]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f8f98473\system.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2172.2072]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_061c5d2a\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\ati technologies\ati.ace\cli.component.systemtray.dll] [ATI Technologies Inc., 1.2.2172.2048]
[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.2.2117.25443]
[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2172.2073]
[c:\program files\ati technologies\ati.ace\apm.foundation.dll] [ATI Technologies Inc., 1.2.2117.25457]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f03b6fe1\system.drawing.dll] [N/A, ]
[c:\program files\ati technologies\ati.ace\zh-chs\cli.component.systemtray.resources.dll] [ATI Technologies Inc., 1.2.2172.2048]
[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 2676 / yangjie][D:\111\111.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll] [N/A, ]
[D:\111\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[D:\]
[AutoRun]
open=07566133.exe
shell\open=打开(&O)
shell\open\Command=07566133.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=07566133.exe
[E:\]
[AutoRun]
open=07566133.exe
shell\open=打开(&O)
shell\open\Command=07566133.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=07566133.exe
[F:\]
[AutoRun]
open=07566133.exe
shell\open=打开(&O)
shell\open\Command=07566133.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=07566133.exe
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 896, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 848, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 848, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2072, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2072, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2084, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2084, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \SystemRoot\System32\drivers\klif.sys)
yangjie1976 - 2007-7-26 23:44:00
==================================
隐藏进程
N/A
==================================
[/CODE]
yangjie1976 - 2007-7-26 23:45:00
日志发完了
yangjie1976 - 2007-7-26 23:53:00
yangjie1976 - 2007-7-27 14:43:00
哪位大侠帮帮忙啊?
Leoooo - 2007-7-28 13:23:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
4 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
6 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
超级游戏迷 - 2007-7-28 13:33:00
启动项目
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{66130756-0756-6133-5661-756137566133}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
<IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
<IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
<IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
<IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
<IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
<IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
<IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
<IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
<IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
<IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
<IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
<IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
<IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
<IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
<IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
<IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
<IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
<IFEO[KAVDX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
<IFEO[KAVPFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
<IFEO[KAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
<IFEO[KAVStart.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
<IFEO[KISLnchr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
<IFEO[KMailMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
<IFEO[KMFilter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
<IFEO[KPFW32X.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
<IFEO[KPFWSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
<IFEO[KRegEx.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.COM]
<IFEO[krepair.COM]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
<IFEO[KsLoader.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
<IFEO[KVCenter.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
<IFEO[KvDetect.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
<IFEO[KvfwMcl.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<IFEO[KVMonXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
<IFEO[KVMonXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
<IFEO[kvol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
<IFEO[kvolself.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
<IFEO[KvReport.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
在双击打开SRENG扫描工具的窗口,“启动项目”--“注册表”--在列表中选中以上有问题的注册表值项,点下方的“删除”按钮,删除以上注册表值项。
超级游戏迷 - 2007-7-28 13:34:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
<IFEO[KVScan.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<IFEO[KVSrvXP.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
<IFEO[KVStub.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
<IFEO[kvupload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<IFEO[KvXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
<IFEO[KvXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
<IFEO[KWatch9x.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
<IFEO[KWatchX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
<IFEO[loaddll.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
<IFEO[MagicSet.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
<IFEO[mcconsol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
<IFEO[mmqczj.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
<IFEO[mmsk.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
<IFEO[PFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
<IFEO[PFWLiveUpdate.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
<IFEO[QHSET.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
<IFEO[Ras.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
<IFEO[Rav.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
<IFEO[RavMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
<IFEO[RavMonD.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
<IFEO[RavStub.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
<IFEO[RavTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
<IFEO[RegClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
<IFEO[rfwcfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
<IFEO[RfwMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
<IFEO[rfwsrv.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
<IFEO[RsAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
<IFEO[Rsaupd.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
<IFEO[runiep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
<IFEO[safelive.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
<IFEO[shcfg32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
<IFEO[SmartUp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
<IFEO[SREng.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
<IFEO[symlcsvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
<IFEO[SysSafe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
<IFEO[TrojanDetector.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
<IFEO[Trojanwall.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
<IFEO[TrojDie.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
<IFEO[UIHost.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
<IFEO[UmxAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
<IFEO[UmxAttachment.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
<IFEO[UmxCfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
<IFEO[UmxFwHlp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
<IFEO[UmxPol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
<IFEO[UpLive.EXE.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
<IFEO[WoptiClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\07566133.dat> []
在双击打开SRENG扫描工具的窗口,“启动项目”--“注册表”--在列表中选中以上有问题的注册表值项,点下方的删除按钮,删除以上全部注册表值项。
超级游戏迷 - 2007-7-28 13:36:00
=================================
用WINRAR删除以下进程文件:
C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dat
C:\Program Files\Common Files\Microsoft Shared\MSINFO\07566133.dll
D:\07566133.exe
D:\Autorun.inf
E:\07566133.exe
E:\Autorun.inf
F:\07566133.exe
F:\Autorun.inf
==================================
注意:杀此毒期间不可用双击、右键打开以及用资源管理器打开除系统盘以外的所有驱动器,切记!
1
© 2000 - 2026 Rising Corp. Ltd.