瑞星卡卡安全论坛
小新1234567 - 2009-5-10 13:28:00
我用的瑞星杀毒软件,刚杀完,再杀时还有病毒。并且每次杀病毒的个数一样。
我很是纳闷。这问题怎么才能解决呢?请高人指点。谢啦
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)
帅哥阿福 - 2009-5-10 13:29:00
先升级瑞星到最新版本,而后断网杀毒。
如果第一次查杀发现有病毒,则需要重启动计算机,再杀第二遍。
如果第二遍查杀没有病毒了,则说明原病毒是外界传播进来的,需要对系统修补漏洞,加装防火墙,做好防护。
如果第二遍查杀还是有病毒,则说明该病毒是瑞星当前版本无法清除的,需要扫SRENG日志发这论坛来
下载SRENG2.6版工具:
http://www.kztechs.com/sreng/download.htmlSRENG工具的扫描日志操作,看这贴2楼:
http://bbs.ikaka.com/showtopic-8442813.aspx
夲號ヱ被ジ盜 - 2009-5-10 13:29:00
Sreng官方下载SREng/智能扫描(
记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为我爱小狮子.bat
或我爱小狮子.scr
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
aaccbbdd - 2009-5-10 13:44:00
是不是ms08067病毒?
还是什么病毒?
小新1234567 - 2009-5-10 14:04:00
[CODE]
2009-05-10,14:05:04
System Repair Engineer 2.7.1.1261
Smallfrogs (
http://www.KZTechs.com)
Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe> [File is missing]
<QvodPlayer><F:\My Music\QvodPlayer\QvodTerminal.exe> [File is missing]
<FlashGet 3><"F:\新建文件夹\FlashGet\FlashGet3.exe" -minimize> [File is missing]
<eMuleAutoStart><F:\My Music\电驴\eMule\eMule.exe -AutoStart> [File is missing]
<Sidebar><; C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Thunder><; "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
<RavTray><"D:\瑞星2009\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"> [(Verified)Google Inc]
<Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<Apoint><; C:\Program Files\DellTPad\Apoint.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Broadcom Wireless Manager UI><; C:\Windows\system32\WLTRAY.exe> [Dell Inc.]
<DELL Webcam Manager><; "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s> [Creative Technology Ltd.]
<dscactivate><; "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"> [ ]
<mcagent_exe><; C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey> [File is missing]
<NvCplDaemon><; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NVHotkey><; rundll32.exe C:\Windows\system32\nvHotkey.dll,Start> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><; RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvSvc><; RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<OEM02Mon.exe><; C:\Windows\OEM02Mon.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<PCMService><; "C:\Program Files\Dell\MediaDirect\PCMService.exe"> [CyberLink Corp.]
<SigmatelSysTrayApp><; %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe> [File is missing]
<StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"> [File is missing]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Windows Defender><; %ProgramFiles%\Windows Defender\MSASCui.exe -hide> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C1095DB8-62A8-439E-8FE3-E4DA3713C216}><C:\Windows\system32\chgpldbo.dll> [File is missing]
<{A3DD796F-09AB-4F33-ACFE-26FB68AB3ED3}><C:\Windows\system32\ajddnpmf.dll> [File is missing]
<{248E88FB-20F2-48D4-A609-269A844CC344}><C:\Windows\system32\ikoeoofb.dll> [File is missing]
<{F65BDEC7-4BF3-4512-840F-68B166B6D7AC}><F65BDEC7.dll> [N/A]
<{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll> [N/A]
<{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll> [N/A]
<{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll> [N/A]
<{4B8692FF-A3E5-4248-9A2B-1086760031F0}><C:\Windows\system32\kbompiff.dll> [File is missing]
<{CAAC6DD0-81AE-42C1-8BF5-501205375DBF}><C:\Windows\system32\caacmddg.dll> [File is missing]
<{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll> [N/A]
<{633C5B2A-675E-47B9-859C-2B894C8262AA}><C:\Windows\system32\mjjclbia.dll> [File is missing]
<{644E8513-881B-4159-8EC1-3373E405E89E}><C:\Windows\system32\mkkeolhj.dll> [File is missing]
<{29F7F353-A83D-4AB7-AE28-9DBCA265285E}><C:\Windows\system32\ipfnfjlj.dll> [File is missing]
<{0E876AC4-1AFB-45E7-8977-56A5B573B368}><C:\Windows\system32\geonmack.dll> [File is missing]
<{30D92BF6-AAF2-4F0B-A732-C741AB128226}><C:\Windows\system32\jgdpibfm.dll> [File is missing]
<{EBD2F3FF-C15D-4188-8AC4-FD68A9969DEF}><C:\Windows\system32\ebdifjff.dll> [File is missing]
<{A310618D-48B3-4ACB-9589-D121C0D193A6}><C:\Windows\system32\ajhgmhod.dll> [File is missing]
<{CD0F8CA4-DC34-443F-A360-E27DCCE2F02C}><C:\Windows\system32\cdgfocak.dll> [File is missing]
<{C609D72B-DA7E-4C3A-ABE3-AD1208DC9ACC}><C:\Windows\system32\cmgpdnib.dll> [File is missing]
<{0306438F-7E67-4DDA-8EF2-C0AD040FEBE0}><0306438F.dll> [N/A]
<{585FE0DB-F43A-41E1-B71B-8FF5E7139C30}><C:\Windows\system32\lolfegdb.dll> [File is missing]
<{3A0F80C2-CC7A-4A49-B56D-871CBED39CA6}><C:\Windows\system32\jagfogci.dll> [File is missing]
<{704C3595-DB85-40F6-A601-8D6F346907BD}><704C3595.dll> [N/A]
<{16BC0F81-410C-41DF-A902-1B04368BA8AE}><16BC0F81.dll> [N/A]
<{17558221-BE99-4563-9D3B-CDAFCE305178}><C:\Windows\system32\hnlloiih.dll> [File is missing]
<{72B29486-39B6-4241-B234-B57DEF78302F}><72B29486.dll> [N/A]
<{91C7DF6D-AEF5-4136-9252-AF030D7A5931}><91C7DF6D.dll> [N/A]
<{9883B9BD-845B-4F59-AA38-46BED55644B8}><C:\Windows\system32\poojbpbd.dll> [File is missing]
<{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}><16AF66EB.dll> [N/A]
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll> [N/A]
<{70B6927D-46CD-42B0-95DE-4E5566E0948C}><C:\Windows\system32\ngbmpind.dll> [File is missing]
<{F71A67D5-5BBB-47A3-9534-4150FC739257}><F71A67D5.dll> [N/A]
<{E1384213-0948-4A60-A9E3-875B191CC2E7}><E1384213.dll> [N/A]
<{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> [N/A]
<{3ABBAA06-2CA3-491D-A5E5-9A29287F9616}><C:\Windows\system32\jabbaagm.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><C:\Windows\system32\webcheck.dll> [(Verified)Microsoft Windows]
<C1095DB8><C:\Windows\system32\chgpldbo.dll> [File is missing]
<A3DD796F><C:\Windows\system32\ajddnpmf.dll> [File is missing]
<248E88FB><C:\Windows\system32\ikoeoofb.dll> [File is missing]
<4B8692FF><C:\Windows\system32\kbompiff.dll> [File is missing]
<CAAC6DD0><C:\Windows\system32\caacmddg.dll> [File is missing]
<633C5B2A><C:\Windows\system32\mjjclbia.dll> [File is missing]
<644E8513><C:\Windows\system32\mkkeolhj.dll> [File is missing]
<29F7F353><C:\Windows\system32\ipfnfjlj.dll> [File is missing]
<0E876AC4><C:\Windows\system32\geonmack.dll> [File is missing]
<30D92BF6><C:\Windows\system32\jgdpibfm.dll> [File is missing]
<EBD2F3FF><C:\Windows\system32\ebdifjff.dll> [File is missing]
<A310618D><C:\Windows\system32\ajhgmhod.dll> [File is missing]
<CD0F8CA4><C:\Windows\system32\cdgfocak.dll> [File is missing]
<C609D72B><C:\Windows\system32\cmgpdnib.dll> [File is missing]
<585FE0DB><C:\Windows\system32\lolfegdb.dll> [File is missing]
<3A0F80C2><C:\Windows\system32\jagfogci.dll> [File is missing]
<17558221><C:\Windows\system32\hnlloiih.dll> [File is missing]
<9883B9BD><C:\Windows\system32\poojbpbd.dll> [File is missing]
<70B6927D><C:\Windows\system32\ngbmpind.dll> [File is missing]
<3ABBAA06><C:\Windows\system32\jabbaagm.dll> [File is missing]
小新1234567 - 2009-5-10 14:06:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
<WinlogonNotify: GoToAssist><C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll> [(Verified)Citri]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<IFEO[360rpt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<IFEO[360Safe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
<IFEO[360safebox.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<IFEO[360tray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
<IFEO[adam.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
<IFEO[AgentSvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
<IFEO[AntiArp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
<IFEO[AppSvc32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe]
<IFEO[arswp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
<IFEO[AST.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
<IFEO[autoruns.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
<IFEO[avconsol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
<IFEO[avgnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
<IFEO[avgrssvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
<IFEO[AvMonitor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
<IFEO[avp.com]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
<IFEO[ccSvcHst.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
<IFEO[EGHOST.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
<IFEO[filemon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
<IFEO[FTCleanerShell.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
<IFEO[FYFireWall.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
<IFEO[GFRing3.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
<IFEO[GFUpd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
<IFEO[HijackThis.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
<IFEO[IceSword.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
<IFEO[iparmo.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<IFEO[Iparmor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
<IFEO[isPwdSvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
<IFEO[kabaload.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
<IFEO[KASMain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
<IFEO[KASTask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<IFEO[KAV32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
<IFEO[KAVDX.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
<IFEO[KAVPF.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
<IFEO[KAVPFW.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
<IFEO[KAVSetup.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
<IFEO[KAVStart.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
<IFEO[KISLnchr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
<IFEO[KMailMon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
<IFEO[KMFilter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
<IFEO[KPFW32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
<IFEO[KPFW32X.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
<IFEO[KPfwSvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kregex.exe]
<IFEO[Kregex.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
<IFEO[KRepair.com]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
<IFEO[KvfwMcl.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
<IFEO[kvupload.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
<IFEO[kvwsc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
<IFEO[KWatch.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
<IFEO[KWatch9x.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
<IFEO[KWatchX.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
<IFEO[MagicSet.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
<IFEO[mcconsol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
<IFEO[McNASvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
<IFEO[McProxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
<IFEO[Mcshield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
<IFEO[mcsysmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
<IFEO[mmqczj.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
<IFEO[mmsk.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
<IFEO[MpfSrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
<IFEO[Navapsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
<IFEO[Navapw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
<IFEO[nod32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
<IFEO[nod32krn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
<IFEO[nod32kui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
<IFEO[NPFMntor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
<IFEO[PFW.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
<IFEO[PFWLiveUpdate.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessSafe.exe]
<IFEO[ProcessSafe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
<IFEO[procexp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
<IFEO[QHSET.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
<IFEO[QQDoctor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe]
<IFEO[QQDoctorMain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
<IFEO[QQKav.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
<IFEO[RawCopy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
<IFEO[regmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
<IFEO[RegTool.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
<IFEO[rfwstub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
<IFEO[RStray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
<IFEO[rstrui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.exe]
<IFEO[Rtvscan.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
<IFEO[safeboxTray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
<IFEO[safelive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
<IFEO[scan32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe]
<IFEO[SelfUpdate.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
<IFEO[shcfg32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
<IFEO[SREng.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe]
<IFEO[SuperKiller.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
<IFEO[symlcsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
<IFEO[SysSafe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
<IFEO[taskmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
<IFEO[TrojanDetector.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
<IFEO[Trojanwall.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe]
<IFEO[TrojDie.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
<IFEO[UmxAgent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
<IFEO[UmxAttachment.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
<IFEO[UmxCfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
<IFEO[UmxFwHlp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
<IFEO[UmxPol.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
<IFEO[upiea.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
<IFEO[UpLive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe]
<IFEO[USBCleaner.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
<IFEO[vsstat.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
<IFEO[webscanx.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
<IFEO[WoptiClean.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><ntsd -d> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Windows\system32\KVSCRK~1.SCR> [File is missing]
==================================
小新1234567 - 2009-5-10 14:07:00
启动文件夹
[QQ游戏启动加速程序]
<C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QQ游戏启动加速程序.lnk --> D:\游戏\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[QQ游戏启动加速程序]
<C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QQ游戏启动加速程序.lnk --> D:\游戏\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[Andrea ST Filters Service / AESTFilters][Running/Auto Start]
<C:\Windows\system32\aestsrv.exe><Andrea Electronics Corporation>
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
<D:\M\stormliv.exe /asservice><(File is missing)>
[GoToAssist / GoToAssist][Stopped/Manual Start]
<"C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service><Citrix Online, a division of Citrix Systems, Inc.>
[Google Software Updater / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<D:\瑞星2009\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
<"D:\瑞星2009\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<D:\瑞星2009\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<D:\瑞星2009\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[SigmaTel Audio Service / STacSV][Running/Auto Start]
<C:\Windows\system32\STacSV.exe><IDT, Inc.>
[stllssvr / stllssvr][Stopped/Manual Start]
<"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><MicroVision Development, Inc.>
[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]
<C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe><N/A>
[XAudioService / XAudioService][Running/Auto Start]
<C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>
==================================
驱动程序
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[aliimz / aliimz][Stopped/Manual Start]
<System32\Drivers\aliimz.sys><N/A>
[Alps Touch Pad Filter Driver for Windows 2000/XP/Vista / ApfiltrService][Running/Manual Start]
<system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[arc / arc][Stopped/Disabled]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Running/Manual Start]
<system32\DRIVERS\b57nd60x.sys><Broadcom Corporation>
[BCM42RLY / BCM42RLY][Stopped/Manual Start]
<system32\drivers\BCM42RLY.sys><N/A>
[DELL 无线网卡驱动程序 / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl6.sys><Broadcom Corp.>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Stopped/Manual Start]
<system32\DRIVERS\e1e6032.sys><Intel Corporation>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
<system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Disabled]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
<system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[Intel AHCI Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iastor.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Running/Boot Start]
<\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasr.sys><LSI Corporation, Inc.>
[Mraid35x / Mraid35x][Stopped/Disabled]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
<\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
<system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
<system32\DRIVERS\nwlnkfwd.sys><N/A>
[Creative Camera OEM002 Driver / OEM02Dev][Running/Manual Start]
<system32\DRIVERS\OEM02Dev.sys><Creative Technology Ltd.>
[Creative Camera OEM002 Video VFX Driver / OEM02Vfx][Running/Manual Start]
<system32\DRIVERS\OEM02Vfx.sys><EyePower Games Pte. Ltd.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[R300 / R300][Stopped/Manual Start]
<system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[rimmptsk / rimmptsk][Running/Auto Start]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Auto Start]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Auto Start]
<system32\DRIVERS\rixdptsk.sys><REDC>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
<system32\drivers\stwrt.sys><IDT, Inc.>
[Symc8xx / Symc8xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[tqantisy / tqantisys][Running/System Start]
<system32\drivers\tqantisys.sys><N/A>
[uliahci / uliahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
<system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>
==================================
小新1234567 - 2009-5-10 14:07:00
浏览器加载项
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Airey Class]
{1FED1242-3E89-4A67-ABD7-3B010227AF03} <C:\Windows\system32\winboidun.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll, (Signed) Google Inc.>
[FlashGetBHO]
{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} <C:\ProgramData\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[Google Dictionary Compression sdch]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>
[网龙防钓鱼安全助手]
{D032570A-5F63-4812-A094-87D007C23012} <D:\yx\开心\tqat\WLurlFilter.dll, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Google Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[IFlashGetNetscapeEx Class]
{116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\ProgramData\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[VistaWUWebControl Class]
{12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, (Signed) N/A>
[Fade]
{16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\Windows\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[]
{19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, >
[Airey Class]
{1FED1242-3E89-4A67-ABD7-3B010227AF03} <C:\Windows\system32\winboidun.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\Windows\System32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Google Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <, >
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[JetCarNetscape Class]
{2974c985-8151-4de5-b23c-b875f0a8522f} <C:\ProgramData\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[]
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\ProgramData\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\ProgramData\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <D:\M\mps.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin19.dll, (Signed) ShenZhen Thunder Networking Technologies,LTD>
[]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <, >
[]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <, >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5814.166.(433).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.15.(438).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\Windows\System32\msnetobj.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5814.166.(433).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[]
{ACDC15CD-B675-4C7C-86E9-CA92F2DF2896} <, >
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll, (Signed) Google Inc.>
[FlashGetBHO]
{B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\ProgramData\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[]
{B5A34A93-D538-43A7-8371-864CB6148D12} <, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, (Signed) N/A>
[Google Dictionary Compression sdch]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>
[]
{CC2FF467-0BD8-408A-B591-07F8790C7321} <, >
[QQPlayerSvr Proxy Control]
{CD108273-D434-43E6-AA90-1469F97EB398} <d:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 腾讯科技>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Windows\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[网龙防钓鱼安全助手]
{D032570A-5F63-4812-A094-87D007C23012} <D:\yx\开心\tqat\WLurlFilter.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{D5DC8911-DCD3-49CE-AE95-8AD512F2D280} <, >
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <d:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTCheck.ocx, (Signed) Apple Computer, Inc.>
[AgControl Class]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll, (Signed) Microsoft Corporation>
[RevealTrans]
{E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\Windows\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\Windows\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <d:\PROGRA~1\Tencent\QQ\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.44.68.466.dll, ShenZhen Thunder Networking Technologies Ltd.>
[QvodCtrl Class]
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <F:\My Music\QvodPlayer\QvodInsert.dll, N/A>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5890.247.(298).dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <d:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[]
{FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <, >
[使用快车3下载]
<C:\Users\dell\AppData\Roaming\FlashGetBHO\GetUrl.htm, N/A>
[使用快车3下载全部链接]
<C:\Users\dell\AppData\Roaming\FlashGetBHO\GetAllUrl.htm, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
夲號ヱ被ジ盜 - 2009-5-10 14:08:00
木马群+镜像劫持
你想来自动化的还是手动删除?
小新1234567 - 2009-5-10 14:09:00
正在运行的进程
[PID: 424 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 504 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 556 / SYSTEM][C:\Windows\system32\wininit.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 568 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 600 / SYSTEM][C:\Windows\system32\services.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 612 / SYSTEM][C:\Windows\system32\lsass.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 624 / SYSTEM][C:\Windows\system32\lsm.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 776 / SYSTEM][C:\Windows\system32\winlogon.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 800 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 868 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 972 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 988 / SYSTEM][D:\瑞星2009\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\瑞星2009\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[D:\瑞星2009\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[D:\瑞星2009\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 1016 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\stapo.dll] [IDT, Inc., 1.0.5614.0 nd654 cp1]
[C:\Windows\system32\ctapo32.dll] [Creative Technology Ltd., 1.0.0.195]
[PID: 1052 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1076 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1244 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1288 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1440 / SYSTEM][D:\瑞星2009\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[D:\瑞星2009\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\瑞星2009\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\瑞星2009\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\瑞星2009\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[D:\瑞星2009\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 1484 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1608 / SYSTEM][D:\瑞星2009\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\瑞星2009\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\瑞星2009\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[D:\瑞星2009\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[D:\瑞星2009\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[D:\瑞星2009\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[D:\瑞星2009\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
[D:\瑞星2009\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[D:\瑞星2009\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
[D:\瑞星2009\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[D:\瑞星2009\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[D:\瑞星2009\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[D:\瑞星2009\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\瑞星2009\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\瑞星2009\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\瑞星2009\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\瑞星2009\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
[D:\瑞星2009\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\瑞星2009\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\瑞星2009\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
[D:\瑞星2009\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[D:\瑞星2009\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[D:\瑞星2009\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[D:\瑞星2009\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[D:\瑞星2009\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
[D:\瑞星2009\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[D:\瑞星2009\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[D:\瑞星2009\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\瑞星2009\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\瑞星2009\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[D:\瑞星2009\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[PID: 1692 / SYSTEM][D:\瑞星2009\Rising\Rav\RsStub.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\瑞星2009\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 1716 / SYSTEM][C:\Windows\System32\WLTRYSVC.EXE] [N/A, ]
[PID: 1740 / SYSTEM][C:\Windows\System32\bcmwltry.exe] [Dell Inc., 4.170.25.12]
[C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bd6ef85e16d5071c5c18212a522de06f\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.1826 (QFE.050727-1800)]
[C:\Windows\System32\bcmwlrmt.dll] [N/A, ]
[C:\Windows\System32\wltrynt.dll] [Broadcom Corporation, 4.170.25.12]
[C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5224cbcd6772ec31a8674ef12a56df50\System.ni.dll] [Microsoft Corporation, 2.0.50727.1434 (REDBITS.050727-1400)]
[PID: 1756 / SYSTEM][D:\瑞星2009\Rising\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[D:\瑞星2009\Rising\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
[D:\瑞星2009\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\瑞星2009\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\瑞星2009\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 1864 / SYSTEM][C:\Windows\System32\spoolsv.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1952 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2004 / SYSTEM][C:\Windows\system32\WLANExt.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\System32\bcmihvsrv.dll] [Dell Inc., 4.170.25.17]
[PID: 592 / dell][C:\Windows\system32\Dwm.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 7.15.11.5655]
[PID: 816 / dell][C:\Windows\Explorer.EXE] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Windows\system32\nvcpl.dll] [NVIDIA Corporation, 7.15.11.5655]
[C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 7.15.11.5655]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Windows\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 1200 / dell][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 7.15.11.5655]
[PID: 2184 / SYSTEM][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2276 / dell][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe] [Google Inc., 1, 0, 0, 1]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[PID: 2284 / dell][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 4, 1, 509, 1944]
[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\gtn.dll] [Google Inc., 5, 1, 1309, 3572]
[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll] [Google Inc., 5, 1, 1309, 3572]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[PID: 2472 / dell][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.9.662]
[D:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 10, 73]
[D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 4, 2, 333]
[D:\Program Files\Thunder Network\Thunder\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 3, 2, 32]
[D:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
小新1234567 - 2009-5-10 14:10:00
[D:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 27]
[D:\Program Files\Thunder Network\Thunder\Program\zlib1.dll] [, 1.2.3]
[D:\Program Files\Thunder Network\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 3, 2, 2, 55]
[D:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 4]
[D:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll] [, 1, 0, 2, 7]
[D:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1,1,2,13]
[D:\Program Files\Thunder Network\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,48]
[D:\Program Files\Thunder Network\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
[D:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 4, 0, 2, 28]
[D:\Program Files\Thunder Network\Thunder\Program\stream.dll] [ShenZhen Thunder Networking Technologies,Ltd., 2, 1, 2, 1046]
[D:\Program Files\Thunder Network\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 59]
[D:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 42]
[D:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1,1,2,18]
[D:\Program Files\Thunder Network\Thunder\Program\p2sp_pd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[D:\Program Files\Thunder Network\Thunder\Program\emule.dll] [, 1, 1, 2, 48]
[D:\Program Files\Thunder Network\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,31]
[D:\Program Files\Thunder Network\Thunder\Program\media_data.dll] [, 1, 0, 2, 7]
[D:\Program Files\Thunder Network\Thunder\Program\sl.dll] [Thunder Networking Technologies,LTD, 1.0.2.2]
[D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
[D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
[D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30]
[C:\Windows\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed22.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 6, 0, 104]
[D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[D:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
[D:\Program Files\Thunder Network\Thunder\Program\imdt.dll] [Thunder Networking Technologies,LTD, 1.2.0.21]
[D:\瑞星2009\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.70]
[D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [Xunlei Networking Technologies,LTD, 2, 1, 8, 106]
[D:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll] [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
[D:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll] [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 2, 19, 106]
[D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
[D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrThunderHost.dll] [深圳市迅雷网络技术有限公司, 1.0.0.17]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrKernel.dll] [深圳市迅雷网络技术有限公司, 1.0.0.8]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll] [深圳市迅雷网络技术有限公司, 1.0.0.10]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrUpdate.dll] [深圳市迅雷网络技术有限公司, 1.1.0.8]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\AutoHelp.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
[D:\Program Files\Thunder Network\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[D:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
[D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 26]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 3, 0, 2, 131]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\XLSkin.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 4, 0, 0, 38]
[D:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 30]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
[D:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[D:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 20]
[D:\Program Files\Thunder Network\Thunder\Program\xldcsubtask.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
[D:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Program\bt_download.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 28]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 7.15.11.5655]
[D:\Program Files\Thunder Network\Thunder\Program\emule_id.dll] [, 1, 0, 2, 12]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin19.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 1, 7, 82]
[PID: 2912 / SYSTEM][C:\Windows\system32\aestsrv.exe] [Andrea Electronics Corporation, 1.0.32.2]
[PID: 2984 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3228 / SYSTEM][D:\瑞星2009\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\瑞星2009\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[D:\瑞星2009\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[D:\瑞星2009\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
[D:\瑞星2009\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[D:\瑞星2009\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
[D:\瑞星2009\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\瑞星2009\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\瑞星2009\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[D:\瑞星2009\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.46]
[D:\瑞星2009\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
[D:\瑞星2009\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[D:\瑞星2009\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[D:\瑞星2009\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\瑞星2009\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\瑞星2009\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
[D:\瑞星2009\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\SysMail.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
[D:\瑞星2009\Rising\Rav\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\瑞星2009\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[D:\瑞星2009\Rising\Rav\extole.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\瑞星2009\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[D:\瑞星2009\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\瑞星2009\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[D:\瑞星2009\Rising\Rav\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[PID: 3236 / SYSTEM][C:\Windows\system32\STacSV.exe] [IDT, Inc., 1.0.5614.0 nd654 cp1]
aaccbbdd - 2009-5-10 14:10:00
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
小新1234567 - 2009-5-10 14:11:00
[C:\Windows\system32\stapi32.dll] [IDT, Inc., 1.0.5614.0 nd654 cp1]
[PID: 3448 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3504 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3588 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 3628 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe] [Conexant Systems, Inc., 1.00.15.00]
[PID: 3672 / dell][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\MSIMG32.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,714,1791]
[C:\Windows\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\Program Files\彩虹QQ\CaiHong.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
[D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,713,1791]
[C:\Program Files\彩虹QQ\Reporter.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQSettingCtrl.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,714,1791]
[D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[D:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 8,0,713,1791]
[D:\瑞星2009\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.70]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 8,0,713,1791]
[D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\AddrSearch.dll] [Tencent, 2, 3, 10, 12]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[D:\Program Files\Tencent\QQ\QQMagicFace.dll] [TENCENT, 8,0,713,1791]
[D:\游戏\QQGAME\GamePublic.dll] [N/A, ]
[D:\游戏\QQGAME\Common\Utility.dll] [N/A, ]
[D:\游戏\QQGAME\Factory.dll] [N/A, ]
[D:\游戏\QQGAME\Logic\ComAsyn.dll] [N/A, ]
[D:\游戏\QQGAME\ProtHand\QQProt.dll] [N/A, ]
[D:\游戏\QQGAME\Socket\NetMod.dll] [N/A, ]
[D:\游戏\QQGAME\ProtHand\BaseProt.dll] [N/A, ]
[D:\游戏\QQGAME\ProtHand\ScatProt.dll] [N/A, ]
[D:\游戏\QQGAME\Common\Compress.dll] [N/A, ]
[PID: 2828 / dell][D:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[PID: 2656 / dell][C:\Windows\system32\conime.exe] [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[PID: 4332 / dell][D:\瑞星2009\Rising\Rav\RsMain.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\瑞星2009\Rising\Rav\rspalmgr.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.29]
[D:\瑞星2009\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\瑞星2009\Rising\Rav\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\瑞星2009\Rising\Rav\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73]
[C:\Windows\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\瑞星2009\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[D:\瑞星2009\Rising\Rav\ravbmenu.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
[D:\瑞星2009\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
[D:\瑞星2009\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[D:\瑞星2009\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[D:\瑞星2009\Rising\Rav\ravpsafe.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[D:\瑞星2009\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[D:\瑞星2009\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[D:\瑞星2009\Rising\Rav\psafecfg.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\瑞星2009\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\瑞星2009\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\瑞星2009\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\瑞星2009\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[D:\瑞星2009\Rising\Rav\ravxpage.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 86]
[D:\瑞星2009\Rising\Rav\ravxmons.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[D:\瑞星2009\Rising\Rav\ravptool.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[D:\瑞星2009\Rising\Rav\log2file.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[D:\瑞星2009\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[D:\瑞星2009\Rising\Rav\rsvrinfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\瑞星2009\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[D:\瑞星2009\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\瑞星2009\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[PID: 5236 / dell][C:\Program Files\Internet Explorer\IEUser.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[PID: 3536 / dell][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll] [Google Inc., 6, 1, 1518, 856]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_6D0D6FD66D664927.dll] [Google Inc., 6, 1, 1518, 856]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-CN_27C51813E9BF5574.dll] [Google Inc., 6, 1, 1518, 856]
[C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll] [Google Inc., 5, 1, 1309, 3572]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\ProgramData\FlashGetBHO\FlashGetBHO3.dll] [FlashGet, 2, 5, 0, 1037]
[C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll] [Google Inc., 1, 0, 610, 27482]
[D:\瑞星2009\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.70]
[C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 7.15.11.5655]
[C:\Windows\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 4720 / dell][C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe] [Google Inc., 6, 1, 1518, 856]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_6D0D6FD66D664927.dll] [Google Inc., 6, 1, 1518, 856]
[C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_zh-CN_27C51813E9BF5574.dll] [Google Inc., 6, 1, 1518, 856]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[PID: 6596 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 6.0.6001.18226 (vistasp1_gdr.090302-1506)]
[PID: 6568 / dell][C:\Windows\notepad.exe] [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[PID: 7400 / dell][D:\杀毒\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[PID: 7784 / dell][D:\杀毒\sreng2\SRE19ff2133.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.0.0.2093]
[D:\杀毒\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
小新1234567 - 2009-5-10 14:12:00
文件关联
.TXT Error. [C:\Windows\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI Error. [C:\Windows\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
计划任务
[已启用] \\RunAsStdUser Task1516
D:\瑞星2009\Rising\Rav\RSMAIN.EXE
[已启用] \\SogouImeMgr
D:\搜狗\SOGOUI~1\400~1.209\PINYIN~1.EXE /S
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
N/A
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c -i
[已启用] \Microsoft\Windows\MobilePC\HotStart
N/A
[已启用] \Microsoft\Windows\MobilePC\TMM
N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
N/A
[已启用] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
N/A
[已启用] \Microsoft\Windows\Shell\CrawlStartPages
N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Wired\GatherWiredInfo
%windir%\system32\gatherWiredInfo.vbs
[已启用] \Microsoft\Windows\Wireless\GatherWirelessInfo
%windir%\system32\gatherWirelessInfo.vbs
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
小新1234567 - 2009-5-10 14:13:00
终于完啦。下一步该怎么办呢?
aaccbbdd - 2009-5-10 14:15:00
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
小新1234567 - 2009-5-10 14:15:00
哪个效率好点呢?
小新1234567 - 2009-5-10 14:18:00
那就自动化的吧。还请您多多指点
帅哥阿福 - 2009-5-10 14:21:00
打开注册表编辑器,删除HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution 键值。
下载文件批量提取工具提取下面文件
http://bbs.ikaka.com/attachment.aspx?attachmentid=486266System32\Drivers\aliimz.sys
system32\drivers\BCM42RLY.sys
system32\drivers\tqantisys.sys
C:\Windows\System32\bcmwlrmt.dll
上传病毒样本到可疑文件交流区,地址为:
http://bbs.ikaka.com/showforum-20002.aspx或者直接发送给瑞星的邮件服务中心【病毒样本】地址为:
http://mailcenter.rising.com.cn/uploadnew.aspx
夲號ヱ被ジ盜 - 2009-5-10 14:27:00
VISTA。。。没法自动手动
SRENG启动项目注册表编辑删除以下文件
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{F65BDEC7-4BF3-4512-840F-68B166B6D7AC}><F65BDEC7.dll> [N/A]
<{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll> [N/A]
<{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll> [N/A]
<{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll> [N/A]
<{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll> [N/A]
<{0306438F-7E67-4DDA-8EF2-C0AD040FEBE0}><0306438F.dll> [N/A]
<{704C3595-DB85-40F6-A601-8D6F346907BD}><704C3595.dll> [N/A]
<{16BC0F81-410C-41DF-A902-1B04368BA8AE}><16BC0F81.dll> [N/A]
<{72B29486-39B6-4241-B234-B57DEF78302F}><72B29486.dll> [N/A]
<{91C7DF6D-AEF5-4136-9252-AF030D7A5931}><91C7DF6D.dll> [N/A]
<{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}><16AF66EB.dll> [N/A]
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll> [N/A]
<{F71A67D5-5BBB-47A3-9534-4150FC739257}><F71A67D5.dll> [N/A]
<{E1384213-0948-4A60-A9E3-875B191CC2E7}><E1384213.dll> [N/A]
<{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> [N/A]
以下文件用附件工具删除
附件工具运行后打开瑞1星
配合删除:
C:\Windows\system32\webcheck.dll
C:\Windows\system32\chgpldbo.dll
C:\Windows\system32\ajddnpmf.dll
C:\Windows\system32\ikoeoofb.dll
C:\Windows\system32\kbompiff.dll
C:\Windows\system32\caacmddg.dll
C:\Windows\system32\mjjclbia.dll
C:\Windows\system32\mkkeolhj.dll
C:\Windows\system32\ipfnfjlj.dll
C:\Windows\system32\geonmack.dll
C:\Windows\system32\jgdpibfm.dll
C:\Windows\system32\ebdifjff.dll
C:\Windows\system32\ajhgmhod.dll
C:\Windows\system32\cdgfocak.dll
:\Windows\system32\ngbmpind.dll
C:\Windows\system32\lolfegdb.dll
C:\Windows\system32\jagfogci.dll
C:\Windows\system32\hnlloiih.dll
C:\Windows\system32\poojbpbd.dll
C:\Windows\system32\cmgpdnib.dll
C:\Windows\system32\jabbaagm.dll
C:\Windows\System32\bcmwlrmt.dll
D:\Program Files\Tencent\QQ\MSIMG32.dll
D:\Program Files\Tencent\QQ\winsock32.dll
F:\My Music\QvodPlayer\QvodTerminal.exe
F:\新建文件夹\FlashGet\FlashGet3.exe
C:\windows\system32\drivers\BCM42RLY.sys
附件:
EasyDelete1.1.90.rar
小新1234567 - 2009-5-10 14:44:00
上面的名字为IFEO的怎么勾不去呢?难道要删它吗?你能告我你联系方式吗?我直接给你打电话吧!这么太慢,有的有说不清楚
aaccbbdd - 2009-5-10 14:46:00
日志放入附件
(点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。)
完了我给你搞个自动方案
咋样....
天月来了 - 2009-5-10 14:48:00
v系统内怎么个自动呢???
小新1234567 - 2009-5-10 14:56:00
什么日志放入附件啊?
aaccbbdd - 2009-5-10 14:56:00
通用病毒杀灭机不支持V系统?
aaccbbdd - 2009-5-10 14:57:00
就刚刚扫的sreng日志
小新1234567 - 2009-5-10 15:06:00
我QQ 284948678加我,咱QQ聊。就是刚才弄的那个报告放入附件对吗?
小新1234567 - 2009-5-10 15:11:00
放进去啦
小新1234567 - 2009-5-10 16:04:00
哥们,还在吗?说话
古涛名 - 2009-5-10 16:06:00
将附件发上来
© 2000 - 2024 Rising Corp. Ltd.