瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 久未查杀,一查整出一堆,麻烦给看看干净了没有,副杀毒日志&SRE日志
ccoccocco - 2010-12-23 12:41:00
RT

其实就这么大点事,以前老编故事说的挺严重总觉得过意不去


这次就实话实说了。


多少麻烦看一眼吧


我有一点强迫症,神经比较敏感,觉得机器有毒就有点睡不好觉,谢谢大家



因为传不了附件,看着可能费劲了点,实在抱歉……


PS:瑞星的杀毒日志可能因为格式问题传不上来,而且里面6个毒可能有4个是错杀……


用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Chrome/3.0.195.0 Safari/531.0 SE 2.X
ccoccocco - 2010-12-23 12:42:00
不行,压缩包也传不上来

[CODE]


2010-12-23,12:23:15


System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能


以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程




启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <DAEMON Tools><"d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <QQ2009><"D:\Program Files\Tencent\QQ\Bin\QQ.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <YY><D:\Program Files\duowan\yy\Start.exe>  [(Verified)Duowan Entertainment Information Technology (Beijing) Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <Grid Service><"C:\Program Files\GridService\peer.exe" -n Grid>  [FS2YOU]
    <ComputerZ><D:\Program Files\LuDaShi\ComputerZ_CN.exe -splash>  [(Verified)Chengdu Qiying Technology Co.,Ltd.]
    <RavTRAY><"D:\Program Files\Rising\Rav\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <SafetyBox><"D:\Program Files\Rising\RFB\SafetyBox.exe" -tray>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RFWTRAY><"C:\Program Files\Rising\RFW\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{8F3DF423-2D0C-45E2-8B43-2A88E2EF44AA}]
    <浏览器自定义设置><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]


==================================
启动文件夹
N/A
networkedition - 2010-12-23 12:45:00
弄成压缩包再上传。
ccoccocco - 2010-12-23 12:51:00
==================================
服务
[Application Layer Gateway Service / ALG][Running/Manual Start]
  <C:\WINDOWS\System32\alg.exe><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Windows Audio / AudioSrv][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\audiosrv.dll><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><Microsoft Corporation>
[Computer Browser / Browser][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><Microsoft Corporation>
[ClipBook / ClipSrv][Stopped/Disabled]
  <C:\WINDOWS\system32\clipsrv.exe><Microsoft Corporation>
[COM+ System Application / COMSysApp][Stopped/Manual Start]
  <C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}><Microsoft Corporation>
[Cryptographic Services / CryptSvc][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\cryptsvc.dll><Microsoft Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Logical Disk Manager / dmserver][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dmserver.dll><Microsoft Corp.>
[DNS Client / Dnscache][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k NetworkService-->%SystemRoot%\System32\dnsrslvr.dll><Microsoft Corporation>
[Wired AutoConfig / Dot3svc][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k dot3svc-->%SystemRoot%\System32\dot3svc.dll><Microsoft Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[RFW Service / RsRFWMon][Running/Auto Start]
  <"C:\Program Files\Rising\RFW\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[SafetyBox Service / RsSafetyBoxMon][Running/Auto Start]
  <"d:\Program Files\Rising\RFB\rssmond.exe"><Beijing Rising Information Technology Co., Ltd.>


==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AuthenTec TruePrint USB WDF Driver / ATSwpWDF][Running/Manual Start]
  <System32\Drivers\ATSwpWDF.sys><AuthenTec, Inc.>
[Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[HBtnKey / HBtnKey][Running/Manual Start]
  <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hooksys / hooksys][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Hooksys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookTdi / HookTdi][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\HookTdi.sys><Beijing Rising Information Technology Co., Ltd.>
[HpqKbFilter Driver / HpqKbFiltr][Running/Manual Start]
  <system32\DRIVERS\HpqKbFiltr.sys><Hewlett-Packard Development Company, L.P.>
[hptpro / hptpro][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\VSTDPV3.SYS><Conexant Systems, Inc.>
[HyperVM / HyperVM][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\hvm.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><N/A>
[Mouse Suite Driver / pelmouse][Running/System Start]
  <system32\DRIVERS\pelmouse.sys><TPMX Electronics Ltd.>
[PS/2 Mouse Filter Driver / pelps2m][Running/Manual Start]
  <system32\DRIVERS\pelps2m.sys><Primax Electronics Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QuakeDRV / QuakeDRV][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[Rising RfwARP Driver / RFWARP][Running/Auto Start]
  <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwNdis Driver / RFWNDIS][Running/Manual Start]
  <system32\DRIVERS\rfwndis.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\C:\Program Files\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect5 Service / RsProtect5][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\RSPROTECT.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Stopped/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\VSTCNXT3.SYS><Conexant Systems, Inc.>
[ComputerZ / ComputerZ][Running/Manual Start]
  <\??\D:\Program Files\LuDaShi\ComputerZ.sys><鲁大师>


==================================
ccoccocco - 2010-12-23 12:51:00
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {2D90D33C-DE76-42D0-9040-E4466DDC24AC} <, >
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[]
  {2D90D33C-DE76-42D0-9040-E4466DDC24AC} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.0.1962.dll, (Signed) 深圳市迅雷网络技术有限公司>
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5927.310.(884).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.32.(884).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.>
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5927.310.(884).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.59150.261.(958).dll, (Signed) 深圳市迅雷网络技术有限公司>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[SEInterface Class]
  {FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} <C:\Program Files\SogouExplorer\seapi.dll, (Signed) Sohu.com Inc.>
[&U使用米人下载并收藏]
  <D:\Program Files\NamiRobot\Data\du.html, N/A>
[&使用优蛋下载]
  <D:\Program Files\UDown\getUrl.htm, N/A>
[&使用优蛋下载全部链接]
  <D:\Program Files\UDown\getAllUrl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm, N/A>
[使用迅雷查看图片]
  <C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm, N/A>
[使用迅雷离线下载]
  <C:\Program Files\Thunder Network\Thunder\Program\OfflineDownload.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>


==================================
ccoccocco - 2010-12-23 12:52:00
正在运行的进程
[PID: 1264 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1324 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1360 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
[PID: 1408 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
[PID: 1420 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4222]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2550]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1708 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1904 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.14]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1936 / SYSTEM][D:\Program Files\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [D:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Program Files\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [D:\Program Files\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Program Files\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.19]
    [D:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Program Files\Rising\Rav\mondrvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Program Files\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 57]
    [D:\Program Files\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Program Files\Rising\Rav\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Program Files\Rising\Rav\mondrvm.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 31]
    [D:\Program Files\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 32]
    [D:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 54]
    [D:\Program Files\Rising\Rav\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [D:\Program Files\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Program Files\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\hookTdi.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9]
    [D:\Program Files\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 39]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [D:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [D:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [D:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Program Files\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Program Files\Rising\Rav\bawhite.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [D:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.31]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68]
    [D:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17]
    [D:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26]
    [D:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Program Files\Rising\Rav\engext.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [D:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Program Files\Rising\Rav\scantj.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9]
    [D:\Program Files\Rising\Rav\extsfx.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [D:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [D:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Program Files\Rising\Rav\vmicore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 15]
    [D:\Program Files\Rising\Rav\ur029.dat]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [D:\Program Files\Rising\Rav\extarch.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Program Files\Rising\Rav\extcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4]
    [D:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Program Files\Rising\Rav\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.64]
    [D:\Program Files\Rising\Rav\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 95]
    [D:\Program Files\Rising\Rav\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26]
    [D:\Program Files\Rising\Rav\ur028.dat]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6]
[PID: 1992 / SYSTEM][C:\Program Files\Rising\RFW\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [C:\Program Files\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\RFW\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RFW\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RFW\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [C:\Program Files\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.6]
    [C:\Program Files\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\RFW\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.83]
    [C:\Program Files\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RFW\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.0]
    [C:\Program Files\Rising\RFW\fishweb.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 24]
    [C:\Program Files\Rising\RFW\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [C:\Program Files\Rising\RFW\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RFW\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 25.0.0.5]
    [C:\Program Files\Rising\RFW\RfwArp.dll]  [Beijing Rising Information Technology Co., Ltd., 25.0.0.1]
    [C:\Program Files\Rising\RFW\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RFW\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\RFW\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RFW\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [C:\Program Files\Rising\RFW\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RFW\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68]
    [C:\Program Files\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\fwfish.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4]
    [C:\Program Files\Rising\RFW\fwcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\RFW\fwfs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RFW\fwvirlib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RFW\fwlibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RFW\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RFW\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\RFW\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
[PID: 2008 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 472 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 552 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4222]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2514]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2550]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 640 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1812 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [d:\Program Files\WinRAR\rarext.dll]  [, ]
    [C:\WINDOWS\system32\ravext.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\WINDOWS\system32\KakaExt.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [d:\PROGRA~1\Kingsoft\KnightV\Tools\KVD\kscdrush.dll]  [金山软件股份有限公司, 5, 0, 0, 0]
    [D:\Program Files\NamiRobot\Data\NamipanExt1.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 392 / Administrator][C:\Program Files\SogouInput\5.0.1.4193\sogoupinyintray.exe]  [Sogou.com Inc., 5.0.1.4193]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
[PID: 456 / Administrator][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6,0,0,82]
ccoccocco - 2010-12-23 12:53:00
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 5161, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
[PID: 748 / Administrator][C:\Program Files\GridService\peer.exe]  [FS2YOU, 2, 1, 10, 8366]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
[PID: 760 / Administrator][D:\Program Files\LuDaShi\ComputerZ_CN.exe]  [成都奇英科技有限公司, 2.75.10.1215]
    [D:\Program Files\LuDaShi\ComputerZ2.dll]  [鲁大师, 1.0.10.1110]
    [D:\Program Files\LuDaShi\ComputerZ0.dll]  [鲁大师, 1.0.10.1215]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
[PID: 856 / Administrator][D:\Program Files\Rising\Rav\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\Rav\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.13]
    [D:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Program Files\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Program Files\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Program Files\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [D:\Program Files\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.11]
    [D:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Program Files\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\Program Files\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [D:\Program Files\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.76]
    [D:\Program Files\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.5]
    [D:\Program Files\Rising\Rav\UsbServ.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Program Files\Rising\Rav\ScanTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.51]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Program Files\Rising\Rav\dfw.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.65]
    [D:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.30]
    [D:\Program Files\Rising\Rav\GCompt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.47]
    [D:\Program Files\Rising\Rav\Isol.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [D:\Program Files\Rising\Rav\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 864 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 900 / Administrator][C:\Program Files\Rising\RFW\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\RFW\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.13]
    [C:\Program Files\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RFW\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RFW\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [C:\Program Files\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RFW\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RFW\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.11]
    [C:\Program Files\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RFW\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.5]
    [C:\Program Files\Rising\RFW\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 46]
    [C:\Program Files\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.6]
    [C:\Program Files\Rising\RFW\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
[PID: 1116 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
[PID: 1492 / Administrator][D:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.10.0.0]
    [D:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.10.0.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [D:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.1.3.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\bwtmount.dll]  [DT Soft Ltd., 1.00.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [DT Soft Ltd., 1.10.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.02.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\iszmount.dll]  [DT Soft Ltd., 1.03.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [DT Soft Ltd., 1.24.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [DT Soft Ltd., 1.12.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [DT Soft Ltd., 1.01.0.0]
    [D:\Program Files\DAEMON Tools\Plugins\Images\pfcmount.dll]  [DT Soft Ltd., 1.00.0.0]
    [D:\Program Files\DAEMON Tools\pfctoc.dll]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
[PID: 336 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2296 / Administrator][D:\Program Files\Tencent\QQ\Bin\TXPlatform.exe]  [Tencent, 1, 45, 1530, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [D:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll]  [Tencent, 1, 45, 1530, 0]
[PID: 3360 / Administrator][D:\Program Files\duowan\yy\DuoSpeak.exe]  [广州多玩信息技术有限公司, 1.0.0.1]
    [D:\Program Files\duowan\yy\PUBFUNC.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\duowan\yy\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\duowan\yy\LCtrl.dll]  [广州多玩信息技术有限公司, 1.0.0.1]
    [D:\Program Files\duowan\yy\xgdi.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\duowan\yy\LayoutWrapper.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\duowan\yy\LayoutUI.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\Http.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\Smile.dll]  [广州多玩信息技术有限公司, 1.0.0.1]
    [D:\Program Files\duowan\yy\statistics.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\richeditEx.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\duowan\yy\protocol.dll]  [N/A, ]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
    [D:\Program Files\duowan\yy\PluginSDK.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\duowan\yy\Plugin\DefaultPlugin\defaultplugin.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\crashreport.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\IM.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\duowan\yy\yygroup.dll]  [广州多玩信息技术有限公司, 1.0.0.1]
    [D:\Program Files\duowan\yy\keyhook.dll]  [N/A, ]
    [D:\Program Files\duowan\yy\CommModule.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\duowan\yy\MsgHistory.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Program Files\duowan\yy\sqlite3.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
[PID: 404 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 600 / Administrator][d:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [d:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
    [d:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [d:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [d:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [d:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\AntiSpyware\rsxml1.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [d:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [d:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.78]
    [d:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 940 / Administrator][D:\Backup\我的文档\下载\sreng2(2)\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 2860 / Administrator][D:\Backup\我的文档\下载\sreng2(2)\SRE3cb1113b.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\AntiSpyware\RegCall.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 5.0.1.4193]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [D:\Backup\我的文档\下载\sreng2(2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
ccoccocco - 2010-12-23 12:53:00
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
RSVP UDP Service Provider
    C:\WINDOWS\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
RSVP TCP Service Provider
    C:\WINDOWS\system32\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A775B99D-0BB5-4BCB-9AC6-6C28D0C79E4A}] SEQPACKET 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A775B99D-0BB5-4BCB-9AC6-6C28D0C79E4A}] DATAGRAM 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{81255403-E6EC-467C-AF8A-2C42E11CC58A}] SEQPACKET 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{81255403-E6EC-467C-AF8A-2C42E11CC58A}] DATAGRAM 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{739FCBA9-C63E-4463-87BA-D68991C9E1FA}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{739FCBA9-C63E-4463-87BA-D68991C9E1FA}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CBD1967-6C39-4808-987E-2ACE8650DA25}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4CBD1967-6C39-4808-987E-2ACE8650DA25}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{152A0A5A-25FD-438F-BF04-B180CF0B9BAD}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{152A0A5A-25FD-438F-BF04-B180CF0B9BAD}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
202.152.181.181 bbs.eve-china.com
202.152.181.181 www.eve-china.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1360, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1420, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1596, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2008, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许: SeSystemtimePrivilege [PID = 2008, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 552, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1232, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1812, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 456, C:\PROGRAM FILES\ANALOG DEVICES\CORE\SMAX4PNP.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\501~1.419\SGTool.exe
[已启用] User_Feed_Synchronization-{EDB6B204-CB66-4A6F-9215-9A5A2E88D382}.job
        C:\WINDOWS\system32\msfeedssync.exe

==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB925850,  Windows Media Player 11
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB902344,  启用了 WMDRM 的 Media Player 更新程序 (KB902344)
KB909520,  Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB2141007,  Windows XP 更新程序 (KB2141007)
KB2345886,  Windows XP 更新程序 (KB2345886)
KB931125,  根证书更新 [2010 年 10 月] (KB931125)
KB2447568,  用于 Windows XP 的 Internet Explorer 8 兼容性视图列表的更新程序 (KB2447568)
KB2443685,  Windows XP 更新程序 (KB2443685)
KB982670,  用于 Windows XP x86 的 Microsoft .NET Framework 4 Client Profile (KB982670)
KB2467659,  用于 Windows XP 的 Internet Explorer 更新程序 (KB2467659)
KB2416400,  用于 Windows XP 的 Internet Explorer 8 累积安全更新程序 (KB2416400) MS10-090
KB890830,  Windows 恶意软件删除工具 - 2010 年 12 月 (KB890830)

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
ccoccocco - 2010-12-23 12:53:00
发现日期    威胁名称    危险等级    威胁描述    处理结果   
2010-12-23 01:27:29    Trojan.PSW.Win32.GameOL.pno    高    木马    删除成功   
2010-12-23 01:21:34    Trojan.Win32.Yalrevo.a    高    病毒    删除成功   
2010-12-23 00:42:29    Dropper.Win32.Delf.aer    高    木马    删除成功   
2010-12-23 00:42:21    Trojan.Win32.Generic.12643149    高    木马    删除成功   
2010-12-23 00:33:14    Trojan.Win32.Generic.11F26805    高    木马    删除成功   
2010-12-23 00:32:51    Worm.Antinny.ar    高    蠕虫    删除成功
networkedition - 2010-12-23 13:09:00
弄成附件发呀:kaka6:
txt和rar都可以呀。
ccoccocco - 2010-12-23 13:13:00
都试过,都不行。

点发帖,告我说,页面不存在或不可访问,我退回来一看,贴子发出来了,附件没上去
networkedition - 2010-12-23 13:23:00
日志未见异常。
ccoccocco - 2010-12-23 13:40:00
踏实了,非常感谢
1
查看完整版本: 久未查杀,一查整出一堆,麻烦给看看干净了没有,副杀毒日志&SRE日志
© 2000 - 2024 Rising Corp. Ltd.