病毒杀也杀不掉啊！ bbs.ikaka.com

戀〆傷 - 2008-7-17 0:08:00

有个病毒老实杀不掉啊！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; WPS; QQDownload 1.7)

戀〆傷 - 2008-7-17 0:10:00

[CODE]

2008-07-16,23:58:21

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

戀〆傷 - 2008-7-17 0:10:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<jiajiasr><D:\Program Files\jj4\jiajiasr.exe> [加加工作组]
<MSMSGS><"D:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<swg><D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<QQDownload><"D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<ALi5289><D:\Program Files\ULI5289\ALi5289.exe> [ALi Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ZSSnp211><D:\WINDOWS\ZSSnp211.exe> [ZSMCSNAP]
<Domino><D:\WINDOWS\Domino.exe> []
<360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safebox><"D:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<Eps_Reg.exe><D:\DOCUME~1\ZHOUQI~1.48C\LOCALS~1\Temp\Eps_Reg.exe /L /NSmartCard2000> [ft]
<runeip><"F:\新建文件夹 (3)\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

戀〆傷 - 2008-7-17 0:11:00

==================================
启动文件夹
[QQ游戏启动加速程序]
<D:\Documents and Settings\zhouqianwen.48C62189F14146D\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<D:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"F:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[CnsStd / CnsStd][Running/Auto Start]
<\SystemRoot\System32\drivers\CnsStd.sys><国风因特软件（北京）有限公司>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[ldsang / ldsang][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ldsang.sys><N/A>
[m5289 / m5289][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[USB Token Holder Service / R5BaseSmc][Running/Manual Start]
<system32\DRIVERS\smccard.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\D:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Prolific Serial port driver / Serport][Stopped/Manual Start]
<system32\DRIVERS\serport.sys><Prolific Technology Inc.>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\D:\WINDOWS\system32\TesSafe.sys><TENCENT>
[ULi AGP Bus Filter Driver / uliagpkx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\agpkx.sys><ULi Electronics Inc.>
[ZSMC USB PC Camera (ZS211) / ZSMC211][Stopped/Manual Start]
<System32\Drivers\ZS211.sys><ZSMC.Corporation>

戀〆傷 - 2008-7-17 0:12:00

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <F:\PPLive\PPLive.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <D:\WINDOWS\system32\aliedit\pta.dll, >
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <D:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[GerneralPeerID Class]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\Thunder\Components\InMedia\peerid.dll, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <D:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <D:\Program Files\StormII\Codec\rmoc3260.dll, RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <D:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Thunder\ComDlls\ThunderAgent_Now.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <D:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <D:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <D:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\Thunder\Components\InMedia\MediaAddin15.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <D:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, Google Inc.>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <D:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5710.37.128.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <D:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <D:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\Thunder\Components\DownAndPlay\DapPlayer3.0.44.68.472.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <D:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用超级旋风下载]
<D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
<E:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<E:\Thunder\Program\getallurl.htm, N/A>
[收藏到QQ书签]
<http://shuqian.qq.com/favit.html, N/A>

戀〆傷 - 2008-7-17 0:12:00

==================================
正在运行的进程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516 / SYSTEM][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 584 / SYSTEM][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596 / SYSTEM][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872 / SYSTEM][F:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[PID: 888 / SYSTEM][D:\WINDOWS\system\internat.exe] [N/A, ]
[PID: 916 / SYSTEM][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / LOCAL SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1516 / SYSTEM][F:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[F:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[F:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[F:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1572 / SYSTEM][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1620 / LOCAL SERVICE][D:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1820 / zhouqianwen][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.34]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[PID: 1828 / zhouqianwen][D:\WINDOWS\ZSSnp211.exe] [ZSMCSNAP, 3, 6, 818, 7]
[D:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1836 / zhouqianwen][D:\WINDOWS\Domino.exe] [, 3, 6, 818, 7]
[D:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1888 / zhouqianwen][F:\新建文件夹 (3)\runiep.exe] [Beijing Rising Technology Co., Ltd., 5.0.0.16]
[F:\新建文件夹 (3)\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[F:\新建文件夹 (3)\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[PID: 1920 / zhouqianwen][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[PID: 1928 / zhouqianwen][D:\Program Files\jj4\jiajiasr.exe] [加加工作组, 4, 1, 0, 47]
[PID: 1960 / zhouqianwen][D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll] [Google Inc., 2, 0, 301, 7164]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[PID: 1972 / zhouqianwen][D:\Program Files\Tencent\QQDownload\QQDownload.exe] [Tencent Technology (Shenzhen) Company Limited, 1, 8, 201, 201]
[D:\Program Files\Tencent\QQDownload\xmain.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 8, 202, 202]
[D:\Program Files\Tencent\QQDownload\xcore.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 90]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 948 / SYSTEM][D:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15]
[D:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[PID: 700 / SYSTEM][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2652 / LOCAL SERVICE][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3820 / zhouqianwen][D:\Program Files\Tencent\QQ2008\QQ.exe] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQBaseClassInDll.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQHelperDll.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\BasicCtrlDll.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\Program Files\Tencent\QQ2008\MSIMG32.dll] [N/A, ]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQ2008\FinePlus.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\fphelper.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\Program Files\Tencent\QQ2008\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\Program Files\Tencent\QQ2008\QQAPI.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\LoginCtrl.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\LoginCtrlRes.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQRes.dll] [TENCENT, 8, 0, 830, 1811]
[D:\Program Files\Tencent\QQ2008\QQMainFrame.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQ2008\UnReadMsgMgr.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\QQPlugin.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\CQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\Tencent\QQ2008\NewSkin.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\MailSummary.dll] [TENCENT, 8,0,773,1801]
[D:\Program Files\Tencent\QQ2008\QQSpace.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[D:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Tencent\QQ2008\QQKnowledgeSearch.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\OEMApplication.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQGroupMng.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQAvatar.dll] [N/A, ]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Tencent\QQ2008\QQAllInOne.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\Program Files\Tencent\QQ2008\CameraDll.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQPet.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QRingMng.dll] [N/A, ]
[D:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Tencent\QQ2008\QQSysMsgMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\UserDefinedHead.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQConfigPlugin.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQCustomFace.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\LongConnection.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\PhoneAPI.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQ2008\QQFileTransfer.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\PersonalDesktop.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\GroupConnection.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\ImageOle.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQSceneMng.dll] [N/A, ]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\Program Files\Tencent\QQ2008\QQLiveQMng.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\BQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\CommercesMng.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[D:\Program Files\Tencent\QQ2008\QQMagicFace.dll] [TENCENT, 8,0,830,1811]
[D:\Program Files\Tencent\QQ2008\QQSettingCtrl.dll] [TENCENT, 8,0,830,1811]
[D:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 47]
[D:\Program Files\Tencent\QQ2008\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 0, 1, 10]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\QQGAME\GamePublic.dll] [N/A, ]
[D:\QQGAME\Common\Utility.dll] [N/A, ]
[D:\QQGAME\Factory.dll] [N/A, ]
[D:\QQGAME\Logic\UIStyle.dll] [N/A, ]
[D:\QQGAME\ProtHand\QQProt.dll] [N/A, ]
[D:\QQGAME\Socket\NetMod.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\videodevice.dll] [Tencent, 2, 1, 0, 0]
[D:\Program Files\Tencent\QQ2008\inplus.dll] [Tencent, 2, 1, 0, 0]
[D:\WINDOWS\system32\l3codecx.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
[PID: 4092 / zhouqianwen][D:\Program Files\Tencent\QQ2008\TXPlatform.exe] [Tencent, 1, 5, 225, 0]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[PID: 3016 / zhouqianwen][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[E:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[E:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[E:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[E:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[d:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 3684 / zhouqianwen][D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\QQPenguin.exe] [深圳市腾讯计算机系统有限公司, 3.3.0.20]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\TenFact.dll] [Tencent, 01.1.9.1]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\framework.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MainLogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\PetManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\RIAgentCore.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\SceneManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\RSM.dll] [深圳腾讯计算机系统有限公司, 1.0.0.1]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\TenPet1.dll] [Tencent, 01.1.9.1]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\QQCrypt.dll] [N/A, ]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\GUISystem.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\BaseComponent.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\DataCenter.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MutexResourceManagerPrj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\OnlineManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\PetNetWork.DLL] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\QC.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\LiveUpdate.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\BubbleManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\community.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\FeedLogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\FriendsListPrj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\GamePlayPrj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MultiPetFlash.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\MultiPetGameManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\PetDazzle.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\QQMsgTips.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\travellogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\SceneScriptPlayerPrj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\studylogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\systemconfigureprj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\ToyLogicPrj.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\worklogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\ConditionHelper.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPenguin\DecorationPrj.dll] [N/A, ]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 3932 / zhouqianwen][D:\Program Files\Tencent\QQ2008\qqpet\QQPig\QQPig.exe] [深圳市腾讯计算机系统有限公司, 1, 5, 0, 6]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\factory.dll] [N/A, ]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\MainLogic.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\PEL.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\RSM.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\SCM.dll] [, 1, 0, 0, 1]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\TerSafe.dll] [tencent, 1, 0, 11, 6]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\SceneManager.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\Community.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\tenfact.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\tenpet1.dll] [N/A, ]
[D:\Program Files\Tencent\QQ2008\qqpet\QQPig\BaseComponent.dll] [N/A, ]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 3164 / zhouqianwen][F:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.7]
[D:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[F:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]

戀〆傷 - 2008-7-17 0:12:00

[F:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[PID: 3532 / zhouqianwen][D:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[PID: 2080 / zhouqianwen][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[E:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[E:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[E:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[E:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[d:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 3296 / zhouqianwen][D:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[PID: 2180 / zhouqianwen][D:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\Program Files\Tencent\QQ2008\qdshm.dll] [, 1, 0, 101, 20]
[D:\Program Files\Tencent\QQ2008\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WinRAR\rarext.dll] [N/A, ]
[F:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\PROGRA~1\Kongsoft\EASYCD~1\MENUHA~1.DLL] [N/A, ]
[E:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[E:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[E:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[PID: 2224 / zhouqianwen][F:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 53]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[F:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[F:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[F:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 72]
[D:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[F:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[F:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[F:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[F:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.63]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[F:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 72]
[F:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[F:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5]
[F:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[F:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.32]
[F:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[F:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[F:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[F:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.25]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2792 / zhouqianwen][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[E:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[E:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[E:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[E:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[d:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690]
[D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[F:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\PYJJ4.IME] [加加工作组, 4, 1, 0, 47]
[PID: 3120 / zhouqianwen][D:\DOCUME~1\ZHOUQI~1.48C\LOCALS~1\Temp\Rar$EX25.500\SREngLdr.EXE] [Smallfrogs Studio, 2.6.11.992]
[PID: 3252 / zhouqianwen][D:\DOCUME~1\ZHOUQI~1.48C\LOCALS~1\Temp\Rar$EX25.500\SRE2b76b692.EXE] [Smallfrogs Studio, 2.6.11.992]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001]
[D:\DOCUME~1\ZHOUQI~1.48C\LOCALS~1\Temp\Rar$EX25.500\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

戀〆傷 - 2008-7-17 0:13:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\打开(&O)\command=setup.exe
[F:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\打开(&O)\command=setup.exe

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 gxgxy.net
127.0.0.1 c0mo.com
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1828, D:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1836, D:\WINDOWS\DOMINO.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1888, F:\新建文件夹 (3)\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1972, D:\PROGRAM FILES\TENCENT\QQDOWNLOAD\QQDOWNLOAD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3164, F:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2224, F:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3120, D:\DOCUME~1\ZHOUQI~1.48C\LOCALS~1\TEMP\RAR$EX25.500\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

浒苔 - 2008-7-17 0:38:00

我也遇到了呀，正好学习了呀，哈哈哈

aaccbbdd - 2008-7-17 8:08:00

希望楼主说明杀不掉是怎么回事？？
病毒的路径和名称呢？？
日志以附件上传！！

戀〆傷 - 2008-7-17 11:52:00

d:\windows\system\internat.exe>>upx_c

aaccbbdd - 2008-7-17 11:54:00

删除internat.exe文件就OK了

文件的路径
d:\windows\system\internat.exe

戀〆傷 - 2008-7-17 11:57:00

怎么删也删不掉啊....

aaccbbdd - 2008-7-17 12:01:00

用附件
暴力删除
附件
解压后运行

Ps：病毒的路径是D:\windows\system\internat.exe
软件里要删除的文件的路径就填这个

>>后是瑞星虚拟运行产生的
系统里并没有>>后的文件

upx_c代表病毒是加了upx壳

瑞星杀毒软件由于使用虚拟机脱壳杀毒技术
能轻易咔嚓upx加壳病毒

瑞星卡卡安全论坛