高手看看这是怎么回事？ bbs.ikaka.com

afsadfs - 2009-4-7 13:20:00

突然弹出窗口 SVCHOST 错误 unknown software exception (0xc00000fd) 位置 0x5fde87ad 点取消会断网浏览窗口也会变成 WIN98那种样子不能关机得重启请问是不是中病毒了该如何解决？谢谢

用户系统信息：Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

piao2008 - 2009-4-7 13:21:00

扫SRENG日志发这论坛来

下载最新版本的SRENG工具：http://www.kztechs.com/sreng/download.html
操作方法可以看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

帅哥阿福 - 2009-4-7 13:21:00

扫SRENG日志发这论坛来
下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

夲號ヱ被ジ盜 - 2009-4-7 13:26:00

afsadfs - 2009-4-7 13:42:00

扫描了下分几段贴
[CODE]

2009-04-07,13:41:27

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows XP Publisher]
<{BE9DEA3A-893C-43F3-BC33-99574575A9F0}><C:\Program Files\Internet Explorer\PowerDn.Rel> [File is missing]
<{9D107C52-D0FB-410F-A9B2-540484621EF1}><C:\WINDOWS\system32\pdhgncli.dll> [File is missing]
<{7055B656-422B-4EA3-B2A5-DF11E7F06582}><C:\WINDOWS\system32\ngllbmlm.dll> [File is missing]
<{704E787F-DE5A-4DC7-83F7-D7FC77F3AA03}><C:\WINDOWS\system32\ngkenonf.dll> [File is missing]
<{868044BE-B5F3-4D03-B321-334B549A29D2}><C:\WINDOWS\system32\omogkkbe.dll> [File is missing]
<{CE69AF1E-931C-40BD-A76A-9B98DECDA05A}><C:\WINDOWS\system32\cempafhe.dll> [File is missing]
<{3F7469B6-AB21-414E-B39C-03E2A20AE898}><C:\WINDOWS\system32\jfnkmpbm.dll> [File is missing]
<{F8D1EC19-4FC8-457C-8757-29C0B3FA1573}><C:\WINDOWS\system32\fodhechp.dll> [File is missing]
<{8D85F004-1B24-4B0C-8214-C7445FCD793D}><C:\WINDOWS\system32\odolfggk.dll> [File is missing]
<{25B68D98-95FD-4741-9F5B-3C21B9410564}><C:\WINDOWS\system32\ilbmodpo.dll> [File is missing]
<{BB28D5D4-AE9B-4912-B31F-7991AC9B282F}><C:\WINDOWS\system32\bbiodldk.dll> [File is missing]
<{D5FFD941-EE2F-44E2-B637-DDFAB8E6D228}><C:\WINDOWS\system32\dlffdpkh.dll> [File is missing]
<{1A45B97D-FE0F-452D-B0F9-3892C636FEFD}><C:\WINDOWS\system32\haklbpnd.dll> [File is missing]
<{B3FB390F-9A9E-4E45-9C83-D09FB273C45D}><C:\WINDOWS\system32\bjfbjpgf.dll> [File is missing]
<{E5606DAE-A5E6-4E98-A59B-D68FCA0115F9}><C:\WINDOWS\system32\elmgmdae.dll> [File is missing]
<{20BCA3AC-F3BC-4554-BF88-3D765A2CCE15}><C:\WINDOWS\system32\igbcajac.dll> [File is missing]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
<9D107C52><C:\WINDOWS\system32\pdhgncli.dll> [File is missing]
<7055B656><C:\WINDOWS\system32\ngllbmlm.dll> [File is missing]
<704E787F><C:\WINDOWS\system32\ngkenonf.dll> [File is missing]
<868044BE><C:\WINDOWS\system32\omogkkbe.dll> [File is missing]
<CE69AF1E><C:\WINDOWS\system32\cempafhe.dll> [File is missing]
<3F7469B6><C:\WINDOWS\system32\jfnkmpbm.dll> [File is missing]
<F8D1EC19><C:\WINDOWS\system32\fodhechp.dll> [File is missing]
<8D85F004><C:\WINDOWS\system32\odolfggk.dll> [File is missing]
<25B68D98><C:\WINDOWS\system32\ilbmodpo.dll> [File is missing]
<BB28D5D4><C:\WINDOWS\system32\bbiodldk.dll> [File is missing]
<D5FFD941><C:\WINDOWS\system32\dlffdpkh.dll> [File is missing]
<1A45B97D><C:\WINDOWS\system32\haklbpnd.dll> [File is missing]
<B3FB390F><C:\WINDOWS\system32\bjfbjpgf.dll> [File is missing]
<E5606DAE><C:\WINDOWS\system32\elmgmdae.dll> [File is missing]
<20BCA3AC><C:\WINDOWS\system32\igbcajac.dll> [File is missing]
<msnmsg><C:\Program Files\Messenger\msgmr.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR> [Microsoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Grid Service><; "C:\Program Files\GridService\peer.exe" -n Grid> [FS2YOU]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PPS Accelerator><; C:\Program Files\PPStream\ppsap.exe> [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE> [N/A]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<恢复BOOT菜单><; c:\windows\BOOT-hf.exe> [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Microsoft .Net Framework COM+ Support / .Net CLR][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k ".Net CLR"-->C:\WINDOWS\system32\c63082.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[caching commonly used font data. WPF / Foundation (WPF)][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\gwcres.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[protectedcontent might not bedown / NumberService][Others/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\iischema.dll><N/A>
[Procedure / Procedure][Running/Auto Start]
<C:\WINDOWS\sm><N/A>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[User Profile Hive Cleanup / UPHClean][Stopped/Auto Start]
<C:\Program Files\UPHClean\uphclean.exe><(File is missing)>
[xglgboo / xglgboo][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\fztlcfyo.dll><N/A>
[Network Provisioning Service / xmlprov][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Hotcore helper / hotcore3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\hotcore3.sys><Paragon Software Group>
[HWiNFO32 Kernel Driver / HWiNFO32][Running/Auto Start]
<\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS><REALiX(tm)>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[msiffei / msiffei][Stopped/Manual Start]
<System32\Drivers\msiffei.sys><N/A>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) MIDI UART / nvmpu401][Running/Manual Start]
<system32\drivers\nvmpu401.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Universal Image Mounter Controller / UimBus][Running/System Start]
<system32\DRIVERS\UimBus.sys><Windows (R) 2000 DDK provider>
[UIM Drive Backup Image Plugin / Uim_IM][Running/System Start]
<System32\Drivers\Uim_IM.sys><Paragon>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{BE9DEA3A-893C-43F3-BC33-99574575A9F0} <C:\Program Files\Internet Explorer\PowerDn.Rel, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{BE9DEA3A-893C-43F3-BC33-99574575A9F0} <C:\Program Files\Internet Explorer\PowerDn.Rel, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&U使用纳米机器人下载并收藏]
<C:\Program Files\NamiRobot\Data\du.html, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

afsadfs - 2009-4-7 13:43:00

==================================
正在运行的进程
[PID: 476 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4112]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4112]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][C:\Program Files\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
[C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
[C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
[C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
[C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
[C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[PID: 1484 / new][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4112]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 1532 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1596 / new][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\NamiRobot\Data\NamipanExt1.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\StormII\spfa.dll] [北京暴风网际科技有限公司, 3, 8, 12, 1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\vsfilter.dll] [Gabest, 1, 0, 0, 9]
[C:\Program Files\Common Files\Thunder Network\KanKan\RealMediaSplitter.1.0.2.4.(685).ax] [Gabest, 1, 0, 2, 4]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 1628 / SYSTEM][C:\Program Files\Rising\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[C:\Program Files\Rising\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1808 / new][C:\Program Files\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
[C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 71]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
[C:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
[C:\Program Files\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[C:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
[C:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.93]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
[C:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
[C:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 2032 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 9, 1, 15]
[C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\Program Files\StormII\P2PCLient.dll] [, 3, 8, 12, 25]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\StormII\bfoptdll.dll] [北京暴风网际科技有限公司, 3, 8, 7, 16]
[C:\Program Files\StormII\box\BoxLog.dll] [北京暴风网际科技有限公司, 3, 9, 2, 19]
[PID: 228 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396 / SYSTEM][C:\WINDOWS\sm] [N/A, ]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / SYSTEM][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
[C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[PID: 804 / SYSTEM][C:\Program Files\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
[C:\Program Files\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
[C:\Program Files\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
[C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
[C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]

afsadfs - 2009-4-7 13:44:00

[C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
[C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[PID: 888 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2676 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3732 / new][C:\Program Files\GridService\peeradapter.exe] [FS2YOU, 2, 1, 10, 8366]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3788 / new][C:\Program Files\GridService\peer.exe] [FS2YOU, 2, 1, 10, 8366]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / new][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.8]
[C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.8]
[C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9]
[C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.3]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.3]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.3]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.8]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.8]
[C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.8]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.73]
[C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2524 / new][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,978,1833]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,978,1833]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [TENCENT, 8,0,978,1833]
[C:\Program Files\Tencent\QQ\AddrSearch.dll] [Tencent, 2, 3, 10, 12]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [TENCENT, 8,0,978,1833]
[PID: 760 / new][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 5, 225, 0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2444 / new][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3376 / new][E:\安装\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[PID: 2176 / new][E:\安装\sreng2\SRE1a10268b.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\安装\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

afsadfs - 2009-4-7 13:45:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 v.onondown.com.cn
127.0.0.2 ymsdasdw1.cn
127.0.0.3 h96b.info
127.0.0.0 xxx.zttwp.cn
127.0.0.0 www.hackerbf.cn
127.0.0.0 zzz.2008wyt.net
127.1.1.1 999.2005wyt.com
127.0.0.0 ww.popdm.cn
127.1.1.1 bbt.etimes888.com
127.1.1.1 219.147.13.53
127.1.1.1 dl.360safe.com
127.1.1.1 www.sunlight.org.cn
127.1.1.1 w.wonthe.cn
127.1.1.1 20068080.cn
127.1.1.1 l.neter888.cn
127.1.1.1 stat.untang.com
127.1.1.1 www.ikdy.cn
127.0.0.0 geekbyfeng.cn
127.0.0.0 121.14.101.68
127.0.0.0 ppp.etimes888.com
127.0.0.0 www.bypk.com
127.0.0.0 CSC3-2004-crl.verisign.com
127.0.0.1 va9sdhun23.cn
127.0.0.0 udp.hjob123.com
127.1.1.1 999.hfdy2828.com
127.1.1.1 www.hfdy2929.com
127.1.1.1 www.xiazaide1.cn
127.1.1.1 www.vuf51579.cn
127.1.1.1 wm.eo2q.cn
127.1.1.1 d.www-263.com
127.1.1.1 www.ssy1688.cn
127.1.1.1 121.12.173.218
127.1.1.1 qq.18i16.net
127.1.1.1 a.baidu-6661.com
127.1.1.1 www.vuf51579.cn
127.1.1.1 www.1079223105.cn
127.1.1.1 home.xzx6.cn
127.1.1.1 top.fgc3.cn
127.1.1.1 165.246.44.228
127.1.1.1 wwww.ttfafa.com
127.1.1.1 pa.tt-09.com
127.0.0.2 bnasnd83nd.cn
127.0.0.0 www.gamehacker.com.cn
127.0.0.0 gamehacker.com.cn
127.1.1.1 www.cctv-100008.cn
127.1.1.1 222.73.208.141
127.0.0.3 adlaji.cn
127.1.1.1 aiyyw.com
127.0.0.1 858656.com
127.1.1.1 bnasnd83nd.cn
127.0.0.1 my123.com
127.0.0.0 user1.12-27.net
127.0.0.1 8749.com
127.0.0.0 fengent.cn
127.0.0.1 4199.com
127.0.0.1 user1.16-22.net
127.0.0.1 7379.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com
127.0.0.1 7255.com
127.0.0.1 user1.23-12.net
127.0.0.1 3448.com
127.0.0.1 www.guccia.net
127.0.0.1 7939.com
127.0.0.1 a.o1o1o1.nEt
127.0.0.1 8009.com
127.0.0.1 user1.12-73.cn
127.0.0.1 piaoxue.com
127.0.0.1 3n8nlasd.cn
127.0.0.1 kzdh.com
127.0.0.0 www.sony888.cn
127.0.0.1 about.blank.la
127.0.0.0 user1.asp-33.cn
127.0.0.1 6781.com
127.0.0.0 www.netkwek.cn
127.0.0.1 7322.com
127.0.0.0 ymsdkad6.cn
127.0.0.1 localhost
127.0.0.0 www.lkwueir.cn
127.0.0.1 06.jacai.com
127.0.1.1 user1.23-17.net
127.0.0.1 1.jopenkk.com
127.0.0.0 upa.luzhiai.net
127.0.0.1 1.jopenqc.com
127.0.0.0 www.guccia.net
127.0.0.1 1.joppnqq.com
127.0.0.0 4m9mnlmi.cn
127.0.0.1 1.xqhgm.com
127.0.0.0 mm119mkssd.cn
127.0.0.1 100.332233.com
127.0.0.0 61.128.171.115:8080
127.0.0.1 121.11.90.79
127.0.0.0 www.1119111.com
127.0.0.1 121565.net
127.0.0.0 win.nihao69.cn
127.0.0.1 125.90.88.38
127.0.0.1 16888.6to23.com
127.0.0.1 2.joppnqq.com
127.0.0.0 puc.lianxiac.net
127.0.0.1 204.177.92.68
127.0.0.0 pud.lianxiac.net
127.0.0.1 210.74.145.236
127.0.0.0 210.76.0.133
127.0.0.1 219.129.239.220
127.0.0.0 61.166.32.2
127.0.0.1 219.153.40.221
127.0.0.0 218.92.186.27
127.0.0.1 219.153.46.27
127.0.0.0 www.fsfsfag.cn
127.0.0.1 219.153.52.123
127.0.0.0 ovo.ovovov.cn
127.0.0.1 221.195.42.71
127.0.0.0 dw.com.com
127.0.0.1 222.73.218.115
127.0.0.1 203.110.168.233:80
127.0.0.1 3.joppnqq.com
127.0.0.1 203.110.168.221:80
127.0.0.1 363xx.com
127.0.0.1 www1.ip10086.com.cm
127.0.0.1 4199.com
127.0.0.1 blog.ip10086.com.cn
127.0.0.1 43242.com
127.0.0.1 www.ccji68.cn
127.0.0.1 5.xqhgm.com
127.0.0.0 t.myblank.cn
127.0.0.1 520.mm5208.com
127.0.0.0 x.myblank.cn
127.0.0.1 59.34.131.54
127.0.0.1 210.51.45.5
127.0.0.1 59.34.198.228
127.0.0.1 www.ew1q.cn
127.0.0.1 59.34.198.88
127.0.0.1 59.34.198.97
127.0.0.1 60.190.114.101
127.0.0.1 60.190.218.34
127.0.0.0 qq-xing.com.cn
127.0.0.1 60.191.124.252
127.0.0.1 61.145.117.212
127.0.0.1 61.157.109.222
127.0.0.1 75.126.3.216
127.0.0.1 220.250.64.21
127.0.0.1 75.126.3.217
127.0.0.1 75.126.3.218
127.0.0.0 59.125.231.177:17777
127.0.0.1 75.126.3.220
127.0.0.1 75.126.3.221
127.0.0.1 75.126.3.222
127.0.0.1 772630.com
127.0.0.1 832823.cn
127.0.0.1 8749.com
127.0.0.1 888.jopenqc.com
127.0.0.1 89382.cn
127.0.0.1 8v8.biz
127.0.0.1 97725.com
127.0.0.1 9gg.biz
127.0.0.1 www.9000music.com
127.0.0.1 test.591jx.com
127.0.0.1 a.topxxxx.cn
127.0.0.1 picon.chinaren.com
127.0.0.1 www.5566.net
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 www.qyule.com
127.0.0.1 it.itjc.cn
127.0.0.1 www.linkwww.com
127.0.0.1 vod.kaicn.com
127.0.0.1 www.tx8688.com
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 www.huanqiu.com
127.0.0.1 www.haokanla.com
127.0.0.1 play.unionsky.cn
127.0.0.1 www.52v.com
127.0.0.1 www.gghka.cn
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 www.stiae.cn
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 www.google-analytics.com
127.0.0.1 hz.mmstat.com
127.0.0.1 www.game175.cn
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1 p.etimes888.com
127.0.0.1 hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 www.yl9999.com
127.0.0.1 www.dajiadoushe.cn
127.0.0.1 v.onondown.com.cn
127.0.0.1 www.interoo.net
127.0.0.1 bally1.bally-bally.net
127.0.0.1 www.bao5605509.cn
127.0.0.1 www.rty456.cn
127.0.0.1 www.werqwer.cn
127.0.0.1 1.360-1.cn
127.0.0.1 user1.23-16.net
127.0.0.1 www.guccia.net
127.0.0.1 www.interoo.net
127.0.0.1 upa.netsool.net
127.0.0.1 js.users.51.la
127.0.0.1 vip2.51.la
127.0.0.1 web.51.la
127.0.0.1 qq.gong2008.com
127.0.0.1 2008tl.copyip.com
127.0.0.1 tla.laozihuolaile.cn
127.0.0.1 www.tx6868.cn
127.0.0.1 p001.tiloaiai.com
127.0.0.1 s1.tl8tl.com
127.0.0.1 s1.gong2008.com
127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3732, C:\PROGRAM FILES\GRIDSERVICE\PEERADAPTER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3788, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3376, E:\安装\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
C:\PROGRA~1\SOGOUI~1\400~1.209\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

帅哥阿福 - 2009-4-7 13:52:00

C:\WINDOWS\system32\ctfmon.exe丢失，建议从其他同版本系统上复制该文件，拷贝到本机。

下载文件批量提取工具提取下面文件
http://bbs.ikaka.com/attachment.aspx?attachmentid=486266

C:\WINDOWS\iischema.dll
C:\WINDOWS\sm
C:\WINDOWS\system32\fztlcfyo.dll
C:\WINDOWS\System32\xmlprov.dll
C:\WINDOWS\System32\DRIVERS\aliide.sys

上传病毒样本到可疑文件交流区，地址为：http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx

另外hosts文件被修改，使用卡卡助手-高级工具-系统修复来恢复。

afsadfs - 2009-4-7 14:06:00

2009-04-07 06:07:46 -- C:\WINDOWS\iischema.dll >> E:\安装\文件批量提取工具\备份文件夹\iischema.dll -- 失败
2009-04-07 06:07:48 -- C:\WINDOWS\sm >> E:\安装\文件批量提取工具\备份文件夹\sm -- 失败
2009-04-07 06:07:50 -- C:\WINDOWS\system32\fztlcfyo.dll >> E:\安装\文件批量提取工具\备份文件夹\fztlcfyo.dll -- 失败
2009-04-07 06:07:52 -- C:\WINDOWS\System32\xmlprov.dll >> E:\安装\文件批量提取工具\备份文件夹\xmlprov.dll -- 失败
2009-04-07 06:07:54 -- C:\WINDOWS\System32\DRIVERS\aliide.sys >> E:\安装\文件批量提取工具\备份文件夹\aliide.sys -- 失败
怎么办？

afsadfs - 2009-4-7 14:17:00

。。。。。。。。。。。。。。。。

chuanshao - 2009-4-7 14:17:00

c:\windows\system32\ctfmon.exe 从同版本系统中找这个文件替换到你电脑上
全盘搜索soundman.exe 然后将其上传到http://www.virustotal.com/zh-cn/ 检测一下

1.建议使用XDelBox删除以下文件：(XDelBox1.8),系统盘非C盘的或是vista系统的建议下载费尔木马强力清除助手删除以下文件：
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作（重启计算机以后会有一个系统菜单选择Go Xdelbox To Del Files）。运行xdelbox前最好卸载所有可移动存储设备。

c:\windows\sm
c:\program files\internet explorer\powerdn.rel
c:\windows\system32\pdhgncli.dll
c:\windows\system32\ngllbmlm.dll
c:\windows\system32\ngkenonf.dll
c:\windows\system32\omogkkbe.dll
c:\windows\system32\cempafhe.dll
c:\windows\system32\jfnkmpbm.dll
c:\windows\system32\fodhechp.dll
c:\windows\system32\odolfggk.dll
c:\windows\system32\ilbmodpo.dll
c:\windows\system32\bbiodldk.dll
c:\windows\system32\dlffdpkh.dll
c:\windows\system32\haklbpnd.dll
c:\windows\system32\bjfbjpgf.dll
c:\windows\system32\elmgmdae.dll
c:\windows\system32\igbcajac.dll
c:\program files\messenger\msgmr.dll
c:\windows\system32\c63082.dll
c:\windows\system32\xmlprov.dll
c:\windows\system32\fztlcfyo.dll
c:\windows\iischema.dll
c:\windows\system32\gwcres.dll
c:\windows\system32\drivers\msiffei.sys

2.删除重启后使用SREng修复下面各项：

启动项目－－注册表之如下项删除：
[{BE9DEA3A-893C-43F3-BC33-99574575A9F0}] <C:\Program Files\Internet Explorer\PowerDn.Rel>
[{9D107C52-D0FB-410F-A9B2-540484621EF1}] <C:\WINDOWS\system32\pdhgncli.dll>
[{7055B656-422B-4EA3-B2A5-DF11E7F06582}] <C:\WINDOWS\system32\ngllbmlm.dll>
[{704E787F-DE5A-4DC7-83F7-D7FC77F3AA03}] <C:\WINDOWS\system32\ngkenonf.dll>
[{868044BE-B5F3-4D03-B321-334B549A29D2}] <C:\WINDOWS\system32\omogkkbe.dll>
[{CE69AF1E-931C-40BD-A76A-9B98DECDA05A}] <C:\WINDOWS\system32\cempafhe.dll>
[{3F7469B6-AB21-414E-B39C-03E2A20AE898}] <C:\WINDOWS\system32\jfnkmpbm.dll>
[{F8D1EC19-4FC8-457C-8757-29C0B3FA1573}] <C:\WINDOWS\system32\fodhechp.dll>
[{8D85F004-1B24-4B0C-8214-C7445FCD793D}] <C:\WINDOWS\system32\odolfggk.dll>
[{25B68D98-95FD-4741-9F5B-3C21B9410564}] <C:\WINDOWS\system32\ilbmodpo.dll>
[{BB28D5D4-AE9B-4912-B31F-7991AC9B282F}] <C:\WINDOWS\system32\bbiodldk.dll>
[{D5FFD941-EE2F-44E2-B637-DDFAB8E6D228}] <C:\WINDOWS\system32\dlffdpkh.dll>
[{1A45B97D-FE0F-452D-B0F9-3892C636FEFD}] <C:\WINDOWS\system32\haklbpnd.dll>
[{B3FB390F-9A9E-4E45-9C83-D09FB273C45D}] <C:\WINDOWS\system32\bjfbjpgf.dll>
[{E5606DAE-A5E6-4E98-A59B-D68FCA0115F9}] <C:\WINDOWS\system32\elmgmdae.dll>
[{20BCA3AC-F3BC-4554-BF88-3D765A2CCE15}] <C:\WINDOWS\system32\igbcajac.dll>
[9D107C52] <C:\WINDOWS\system32\pdhgncli.dll>
[7055B656] <C:\WINDOWS\system32\ngllbmlm.dll>
[704E787F] <C:\WINDOWS\system32\ngkenonf.dll>
[868044BE] <C:\WINDOWS\system32\omogkkbe.dll>
[CE69AF1E] <C:\WINDOWS\system32\cempafhe.dll>
[3F7469B6] <C:\WINDOWS\system32\jfnkmpbm.dll>
[F8D1EC19] <C:\WINDOWS\system32\fodhechp.dll>
[8D85F004] <C:\WINDOWS\system32\odolfggk.dll>
[25B68D98] <C:\WINDOWS\system32\ilbmodpo.dll>
[BB28D5D4] <C:\WINDOWS\system32\bbiodldk.dll>
[D5FFD941] <C:\WINDOWS\system32\dlffdpkh.dll>
[1A45B97D] <C:\WINDOWS\system32\haklbpnd.dll>
[B3FB390F] <C:\WINDOWS\system32\bjfbjpgf.dll>
[E5606DAE] <C:\WINDOWS\system32\elmgmdae.dll>
[20BCA3AC] <C:\WINDOWS\system32\igbcajac.dll>
[msnmsg] <C:\Program Files\Messenger\msgmr.dll>

启动项目－－服务－－ Win32服务应用程序之如下项禁用：
[Microsoft .Net Framework COM+ Support / .Net CLR] <C:\WINDOWS\System32\svchost.exe -k ".Net CLR"-->C:\WINDOWS\system32\c63082.dll>
[Procedure / Procedure] <C:\WINDOWS\sm>
[Network Provisioning Service / xmlprov] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll>
[xglgboo / xglgboo] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\fztlcfyo.dll>
[protectedcontent might not bedown / NumberService] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\iischema.dll>
[caching commonly used font data. WPF / Foundation (WPF)] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\gwcres.dll>

启动项目－－服务－－驱动程序之如下项禁用：
[msiffei / msiffei] <System32\Drivers\msiffei.sys>

系统修复－－　浏览器加载项之如下项删除：
[] <C:\Program Files\Internet Explorer\PowerDn.Rel>

系统修复－－ HOSTS文件－－重置

**************以上分析报告由SREngLog分析助手提供******************
分析：chuanshao
时间：2009-4-7

下载windows清理助手清理恶意软件
http://www.arswp.com/download/arswp/arswp.rar (升级后使用)
下载临时文件清理工具
http://www.dodudou.com/down/ATF-Cleaner-cn.exe

afsadfs - 2009-4-7 14:56:00

启动项目－－服务－－ Win32服务应用程序之如下项禁用：请问 “禁用”就是删除的意思吗

瑞星卡卡安全论坛