中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待）

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:25 \| 只看楼主短消息资料字号：小中大 1楼中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待） [CODE] 2007-09-25,15:00:18 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><ctfmon.exe> [Microsoft Corporation] <Cn99QDNS><C:\Program Files\cn99qdns\Cn99qdns.exe> [] <acdseemc.exe><C:\Program Files\Common Files\ACD Systems\ACDSeeMC.EXE> [(Verified)ACD Systems Ltd] <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NGCtrlRun><; C:\Program Files\VPN RAS Server\NGCtrl.exe> [] <VoipSkype><"C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201 Skype Phone.exe"> [BUFFALO INC.] <VoipSkypeVolCtrl><"C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201SkypePhoneVolCtrl.exe"> [BUFFALO INC.] <PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe> [] <jtsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe> [N/A] <wgsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe> [N/A] <qjsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe> [N/A] <wdsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe> [N/A] <dasa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\daso.exe> [N/A] <zxsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxso.exe> [N/A] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <WinSysM><C:\WINNT\IGM.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher] <Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A] ================================== 启动文件夹 [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N> [服务管理器] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N> [HotSync Manager] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\HotSync Manager.lnk --> C:\PROGRA~1\Palm\HOTSYNC.EXE [Palm, Inc.]><N> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe"><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Running/Auto Start] <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [NG Dlanserver / NG Dlanserver][Running/Auto Start] <"C:\Program Files\VPN RAS Server\NGDLANSERVER.exe" ><> [OracleOraHome81Agent / OracleOraHome81Agent][Stopped/Manual Start] <c:\Oracle\Ora81\bin\dbsnmp.exe><oracle> [OracleOraHome81ClientCache / OracleOraHome81ClientCache][Stopped/Manual Start] <c:\Oracle\Ora81\BIN\ONRSD.EXE><N/A> [OracleOraHome81DataGatherer / OracleOraHome81DataGatherer][Stopped/Manual Start] <c:\Oracle\Ora81\bin\vppdc.exe><N/A> [OracleOraHome81ManagementServer / OracleOraHome81ManagementServer][Stopped/Manual Start] <c:\Oracle\Ora81\bin\OMSNTsrv.exe><N/A> [OracleOraHome81TNSListener / OracleOraHome81TNSListener][Running/Auto Start] <c:\Oracle\Ora81\BIN\TNSLSNR ><N/A> [OracleServiceSP / OracleServiceSP][Others/Auto Start] <c:\oracle\ora81\bin\ORACLE.EXE SP><Oracle Corporation> [OracleWebAssistant0 / OracleWebAssistant0][Running/Auto Start] <c:\Oracle\Ora81\BIN\OWASTSVR.EXE><Oracle Corporation> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [NG LogServer / Sinfor LogServer][Running/Auto Start] <"C:\Program Files\Common Files\sinfor\logs\logs.exe" ><深圳市深信服电子科技有限公司> [SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start] <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation> [UNHDogService / UNHDogService][Running/Auto Start] <C:\WINNT\system32\UNHSRVNT.EXE><Rainbow China> [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation> ================================== 驱动程序 [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] <system32\DRIVERS\b57w2k.sys><Broadcom Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [dmboot / dmboot][Stopped/Disabled] <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [Ft SmartCard Readers Service / fteps1k][Running/Manual Start] <system32\DRIVERS\usbic1k.sys><OEM> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HOSTNT / HOSTNT][Running/Auto Start] <\??\C:\WINNT\system32\drivers\hostnt.sys><N/A> [IP Filter Miniport / IPFilter][Running/Manual Start] <system32\DRIVERS\ipfilter.sys><Sinfor Technologies Co., Ltd.> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.> [MHDRV / MHDRV][Running/Auto Start] <\??\C:\WINNT\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.> [mraid2k / mraid2k][Running/Boot Start] <\SystemRoot\system32\drivers\mraid2k.sys><LSI Logic Corporation> [Netgroup Packet Filter / NPF][Stopped/Manual Start] <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt][Running/Auto Start] <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [ppmoucls / ppmoucls][Running/System Start] <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider> [PenPower Touchpad / pptchpad][Running/System Start] <System32\DRIVERS\pptchpd5.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RCMHDOG / RCMHDOG][Running/System Start] <\??\C:\WINNT\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [svgam / svgam][Running/Manual Start] <system32\DRIVERS\svgam.sys><Intel (R) Corporation> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 2007-09-26 11:14:37
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	分享到：

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:26 \| 只看楼主短消息资料字号：小中大 2楼 ================================== 浏览器加载项 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司> [] {D3626E66-B13B-C628-ACDF-BDABCFA265E1} <C:\Program Files\Common Files\Relive.dll, N/A> [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\Program Files\Tencent\QQ\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation> [CellWeb5 Control] {3F166327-8030-4881-8BD2-EA25350E574A} <C:\WINNT\system32\cellweb5.ocx, Cell Software Inc> [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.> [IcbcSslCacheCleanerCtrl Class] {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行> [上传到QQ网络硬盘] <E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [导出到 Microsoft Excel(&x)] <res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000, N/A> [添加到QQ自定义面板] <E:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [添加到QQ表情] <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <E:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:27 \| 只看楼主短消息资料字号：小中大 3楼 ================================== 正在运行的进程 [PID: 192 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 216 / SYSTEM][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 240 / SYSTEM][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997] [PID: 268 / SYSTEM][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 280 / SYSTEM][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011] [PID: 368 / SYSTEM][C:\WINNT\System32\termsrv.exe] [Microsoft Corporation, 5.00.2195.6696] [PID: 472 / SYSTEM][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 560 / SYSTEM][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059] [C:\WINNT\system32\HP1005LM.DLL] [Software 2000 Limited, 2.7] [C:\WINNT\system32\spool\PRTPROCS\W32X86\HP1005S.DLL] [Hewlett-Packard , 1.0.0.2] [PID: 596 / SYSTEM][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 612 / SYSTEM][C:\WINNT\system32\hidserv.exe] [Microsoft Corporation, 5.00.2195.6655] [PID: 652 / SYSTEM][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.7021] [PID: 680 / SYSTEM][C:\WINNT\system32\mnmsrvc.exe] [Microsoft Corporation, 4.4.3385] [PID: 716 / SYSTEM][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0766.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0534.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\xpstar.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0382.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\xpstar.RLL] [Microsoft Corporation, 2000.080.0760.00] [PID: 836 / SYSTEM][C:\Program Files\VPN RAS Server\NGDLANSERVER.exe] [, 2, 1, 0, 0] [C:\Program Files\VPN RAS Server\LogC.dll] [, 1, 0, 0, 1] [C:\Program Files\VPN RAS Server\Packet.dll] [SINFOR, 3, 0, 0, 0] [C:\Program Files\VPN RAS Server\filedll.dll] [, 1, 0, 0, 1] [C:\Program Files\VPN RAS Server\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\VPN RAS Server\com\PlugMgr.dll] [N/A, ] [C:\Program Files\VPN RAS Server\com\SecuritySuite.dll] [深圳市深信服电子科技有限公司, 1, 1, 0, 1] [PID: 912 / SYSTEM][c:\Oracle\Ora81\BIN\TNSLSNR.exe] [N/A, ] [c:\Oracle\Ora81\BIN\oransgr8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oran8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranl8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranldap8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannzsbb8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oracore8.dll] [Oracle Corporation, 8.1.3.0.0] [c:\Oracle\Ora81\BIN\oranls8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orageneric8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oracommon8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oraclient8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oravsn8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orawtc8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranro8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orapls8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\BIN\oraslax8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\BIN\orasql8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oraldapclnt8.dll] [Oracle Corporation, 8.1.5.0.0] [c:\Oracle\Ora81\BIN\ORATRACE8.dll] [N/A, ] [c:\Oracle\Ora81\BIN\orancrypt8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranhost8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranoname8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orancds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orantns8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannms8.dll] [N/A, ] [c:\Oracle\Ora81\bin\oranipc8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orantcp8.dll] [Oracle Corporation, 8.1.6.0.0] [PID: 1000 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:28 \| 只看楼主短消息资料字号：小中大 4楼 [PID: 1072 / SYSTEM][c:\oracle\ora81\bin\ORACLE.EXE] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oraclient8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oracore8.dll] [Oracle Corporation, 8.1.3.0.0] [c:\oracle\ora81\bin\oranls8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oravsn8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oracommon8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orageneric8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orawtc8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oranl8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oran8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orancrypt8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oranro8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orannzsbb8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oranldap8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oraldapclnt8.dll] [Oracle Corporation, 8.1.5.0.0] [c:\oracle\ora81\bin\oranhost8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oranoname8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orancds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orantns8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orannds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\orannms8.dll] [N/A, ] [c:\oracle\ora81\bin\ORATRACE8.dll] [N/A, ] [c:\oracle\ora81\bin\orapls8.dll] [Oracle Corporation, 8] [c:\oracle\ora81\bin\oraslax8.dll] [Oracle Corporation, 8] [c:\oracle\ora81\bin\orasql8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\oracle\ora81\bin\oraplp8.dll] [Oracle Corporation, 8] [c:\oracle\ora81\bin\oradbicx8.dll] [Oracle Corporation, 8] [c:\oracle\ora81\bin\orajox8.dll] [N/A, ] [c:\oracle\ora81\bin\oransgr8.dll] [Oracle Corporation, 8.1.6.0.0] [PID: 1140 / SYSTEM][c:\Oracle\Ora81\BIN\OWASTSVR.EXE] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oraclient8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oracore8.dll] [Oracle Corporation, 8.1.3.0.0] [c:\Oracle\Ora81\BIN\oranls8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oravsn8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oracommon8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orageneric8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orawtc8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranl8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oran8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orancrypt8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranro8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannzsbb8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranldap8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oraldapclnt8.dll] [Oracle Corporation, 8.1.5.0.0] [c:\Oracle\Ora81\BIN\oranhost8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\oranoname8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orancds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orantns8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\orannms8.dll] [N/A, ] [c:\Oracle\Ora81\BIN\ORATRACE8.dll] [N/A, ] [c:\Oracle\Ora81\BIN\orapls8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\BIN\oraslax8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\BIN\orasql8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\BIN\OWASMUS.DLL] [N/A, ] [PID: 1160 / SYSTEM][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701] [PID: 1188 / SYSTEM][c:\Oracle\Ora81\bin\oradim.exe] [N/A, ] [c:\Oracle\Ora81\bin\oracore8.dll] [Oracle Corporation, 8.1.3.0.0] [c:\Oracle\Ora81\bin\oranls8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oraclient8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oravsn8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oracommon8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orageneric8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orawtc8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oranl8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oran8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orancrypt8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oranro8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orannzsbb8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oranldap8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oraldapclnt8.dll] [Oracle Corporation, 8.1.5.0.0] [c:\Oracle\Ora81\bin\oranhost8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\oranoname8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orancds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orantns8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orannds8.dll] [Oracle Corporation, 8.1.6.0.0] [c:\Oracle\Ora81\bin\orannms8.dll] [N/A, ] [c:\Oracle\Ora81\bin\ORATRACE8.dll] [N/A, ] [c:\Oracle\Ora81\bin\orapls8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\bin\oraslax8.dll] [Oracle Corporation, 8] [c:\Oracle\Ora81\bin\orasql8.dll] [Oracle Corporation, 8.1.6.0.0] [PID: 1196 / SYSTEM][C:\WINNT\System32\SCardSvr.exe] [Microsoft Corporation, 5.00.2195.6609] [PID: 1220 / SYSTEM][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:29 \| 只看楼主短消息资料字号：小中大 5楼 [PID: 1260 / SYSTEM][C:\Program Files\Common Files\sinfor\logs\logs.exe] [深圳市深信服电子科技有限公司, 1, 0, 0, 0] [C:\Program Files\Common Files\sinfor\logs\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 1304 / SYSTEM][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0382.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.0760.00] [C:\PROGRA~1\MI6841~1\MSSQL\binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINNT\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00] [PID: 1328 / SYSTEM][C:\WINNT\system32\lserver.exe] [Microsoft Corporation, 5.00.2195.6701] [PID: 1348 / SYSTEM][C:\WINNT\system32\UNHSRVNT.EXE] [Rainbow China, 2, 0, 10, 0] [PID: 1368 / SYSTEM][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [PID: 1392 / SYSTEM][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 1412 / SYSTEM][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.6664] [PID: 1456 / SYSTEM][C:\WINNT\system32\msdtc.exe] [Microsoft Corporation, 1999.9.3421.3] [c:\Oracle\Ora81\bin\ociw32.dll] [Oracle Corporation, 8.0.5.0.0] [PID: 1500 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.0] [C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.0] [C:\PROGRA~1\COMMON~1\MICROS~1\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.8320.0] [C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.8320.0] [C:\PROGRA~1\COMMON~1\MICROS~1\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.8320.0] [C:\PROGRA~1\COMMON~1\MICROS~1\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.8320.0] [PID: 1904 / SYSTEM][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 1872 / Administrator][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 2048 / Administrator][C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201 Skype Phone.exe] [BUFFALO INC., 3.3.0.2] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2060 / Administrator][C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201SkypePhoneVolCtrl.exe] [BUFFALO INC., 3.3.0.2] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2068 / Administrator][C:\WINPENJR\Win32\pphidpad.exe] [N/A, ] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2084 / Administrator][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2112 / Administrator][C:\Program Files\cn99qdns\Cn99qdns.exe] [, 2, 0, 0, 1] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2136 / Administrator][C:\Program Files\Common Files\ACD Systems\ACDSeeMC.EXE] [ACD Systems Ltd., 1,0,44,16] [C:\Program Files\Common Files\ACD Systems\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\ACD Systems\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\Program Files\Common Files\ACD Systems\2052\ACDSeeMC.EXE.dll] [ACD Systems Ltd., 1,0,40,1] [PID: 2144 / Administrator][C:\Program Files\Skype\Phone\Skype.exe] [, ] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 1860 / Administrator][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe] [Adobe Systems Incorporated, 7.0.0.0] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2240 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0760.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0382.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [PID: 2264 / Administrator][C:\Program Files\Palm\HOTSYNC.EXE] [Palm, Inc., 4.0.4] [C:\Program Files\Palm\CMDS21.dll] [Palm, Inc., 4.0.1] [C:\Program Files\Palm\HSLOG20.dll] [Palm, Inc., 4.0] [C:\Program Files\Palm\PalmCmn.dll] [Palm, Inc., 4.0] [C:\Program Files\Palm\CONDMGR.dll] [Palm, Inc., 4.0.1.0] [C:\Program Files\Palm\SYNC20.dll] [Palm, Inc., 4.0] [C:\Program Files\Palm\INSTAIDE.dll] [Palm, Inc., 4.0.1] [C:\Program Files\Palm\Subs30.dll] [Palm, Inc., 4.0.0] [C:\Program Files\Palm\UserData.dll] [Palm, Inc., 4.0] [C:\Program Files\Palm\VFSAPI.dll] [Palm, Inc., 4.0] [C:\Program Files\Palm\HSLGLANG.DLL] [Palm, Inc., 4.0] [C:\Program Files\Palm\CMDSLANG.DLL] [Palm, Inc., 4.0] [C:\Program Files\Palm\INSDLANG.DLL] [Palm, Inc., 4.0.1] [C:\Program Files\Palm\SUBSLANG.DLL] [Palm, Inc., 4.0.0] [C:\Program Files\Palm\USDTLANG.DLL] [Palm, Inc., 4.0] [C:\Program Files\Palm\HSLANG.DLL] [Palm, Inc., 4.0.1] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\Program Files\Palm\SHW32.DLL] [MicroQuill Software Publishing, Inc., 6.02.29] [C:\Program Files\Palm\USBTransport.dll] [Palm, Inc., 4.0.1] [C:\Program Files\Palm\USBPort.dll] [Palm, Inc., 4, 4, 0, 0] [C:\Program Files\Palm\USBTLang.DLL] [Palm, Inc., 4, 0, 0, 0] [PID: 1832 / Administrator][E:\软件\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N] [E:\软件\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:29 \| 只看楼主短消息资料字号：小中大 6楼 ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 716, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLSERVR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 836, C:\PROGRAM FILES\VPN RAS SERVER\NGDLANSERVER.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 912, C:\ORACLE\ORA81\BIN\TNSLSNR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1072, C:\ORACLE\ORA81\BIN\ORACLE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1140, C:\ORACLE\ORA81\BIN\OWASTSVR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1188, C:\ORACLE\ORA81\BIN\ORADIM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1260, C:\PROGRAM FILES\COMMON FILES\SINFOR\LOGS\LOGS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1304, C:\PROGRA~1\MI6841~1\MSSQL\BINN\SQLAGENT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1348, C:\WINNT\SYSTEM32\UNHSRVNT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1500, C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSSEARCH\BIN\MSSEARCH.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2048, C:\PROGRAM FILES\BUFFALO USB PHONE\BSKP-U201\BSKP-U201 SKYPE PHONE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2060, C:\PROGRAM FILES\BUFFALO USB PHONE\BSKP-U201\BSKP-U201SKYPEPHONEVOLCTRL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2068, C:\WINPENJR\WIN32\PPHIDPAD.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2084, C:\WINNT\SYSTEM32\CTFMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2112, C:\PROGRAM FILES\CN99QDNS\CN99QDNS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1860, C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2240, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2264, C:\PROGRAM FILES\PALM\HOTSYNC.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

剑指西门初生襁褓狮帖子:4 注册: 2007-09-25 来自:	发表于： 2007-09-25 15:40 \| 短消息资料字号：小中大 7楼请先下载病毒听诊器到电脑上,然后用病毒听诊器对电脑进行扫描,再把扫描结果发布上来,谢谢!
剑指西门初生襁褓狮帖子:4 注册: 2007-09-25 来自:

初生襁褓狮

帖子:56
注册: 2006-07-31
来自:

发表于： 2007-09-25 16:02 | 只看楼主 短消息资料

字号：小中大 8楼

引用:

【剑指西门的贴子】请先下载病毒听诊器到电脑上,然后用病毒听诊器对电脑进行扫描,再把扫描结果发布上来,谢谢!
………………

哪里有这个下啊，能告诉下吗？一定要这个病毒听诊器吗？

初生襁褓狮

帖子:56
注册: 2006-07-31
来自:

发表于： 2007-09-25 16:04 | 只看楼主 短消息资料

字号：小中大 9楼

引用:

【剑指西门的贴子】请先下载病毒听诊器到电脑上,然后用病毒听诊器对电脑进行扫描,再把扫描结果发布上来,谢谢!
………………

哪里有这个下啊，能告诉下吗？一定要这个病毒听诊器吗？

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 21:17 \| 只看楼主短消息资料字号：小中大 10楼没人帮我看下啊版主呢????
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	发表于： 2007-09-25 15:25 \| 只看楼主短消息资料字号：小中大 1楼中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待） [CODE] 2007-09-25,15:00:18 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><ctfmon.exe> [Microsoft Corporation] <Cn99QDNS><C:\Program Files\cn99qdns\Cn99qdns.exe> [] <acdseemc.exe><C:\Program Files\Common Files\ACD Systems\ACDSeeMC.EXE> [(Verified)ACD Systems Ltd] <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NGCtrlRun><; C:\Program Files\VPN RAS Server\NGCtrl.exe> [] <VoipSkype><"C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201 Skype Phone.exe"> [BUFFALO INC.] <VoipSkypeVolCtrl><"C:\Program Files\BUFFALO USB Phone\BSKP-U201\BSKP-U201SkypePhoneVolCtrl.exe"> [BUFFALO INC.] <PPHIDPAD><C:\WINPENJR\Win32\pphidpad.exe> [] <jtsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jtso.exe> [N/A] <wgsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wgso.exe> [N/A] <qjsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjso.exe> [N/A] <wdsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wdso.exe> [N/A] <dasa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\daso.exe> [N/A] <zxsa><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxso.exe> [N/A] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] <WinSysM><C:\WINNT\IGM.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher] <Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [N/A] ================================== 启动文件夹 [Adobe Reader Speed Launch] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> [Microsoft Office] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N> [服务管理器] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N> [HotSync Manager] <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\HotSync Manager.lnk --> C:\PROGRA~1\Palm\HOTSYNC.EXE [Palm, Inc.]><N> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.> [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe"><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Running/Auto Start] <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [NG Dlanserver / NG Dlanserver][Running/Auto Start] <"C:\Program Files\VPN RAS Server\NGDLANSERVER.exe" ><> [OracleOraHome81Agent / OracleOraHome81Agent][Stopped/Manual Start] <c:\Oracle\Ora81\bin\dbsnmp.exe><oracle> [OracleOraHome81ClientCache / OracleOraHome81ClientCache][Stopped/Manual Start] <c:\Oracle\Ora81\BIN\ONRSD.EXE><N/A> [OracleOraHome81DataGatherer / OracleOraHome81DataGatherer][Stopped/Manual Start] <c:\Oracle\Ora81\bin\vppdc.exe><N/A> [OracleOraHome81ManagementServer / OracleOraHome81ManagementServer][Stopped/Manual Start] <c:\Oracle\Ora81\bin\OMSNTsrv.exe><N/A> [OracleOraHome81TNSListener / OracleOraHome81TNSListener][Running/Auto Start] <c:\Oracle\Ora81\BIN\TNSLSNR ><N/A> [OracleServiceSP / OracleServiceSP][Others/Auto Start] <c:\oracle\ora81\bin\ORACLE.EXE SP><Oracle Corporation> [OracleWebAssistant0 / OracleWebAssistant0][Running/Auto Start] <c:\Oracle\Ora81\BIN\OWASTSVR.EXE><Oracle Corporation> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [NG LogServer / Sinfor LogServer][Running/Auto Start] <"C:\Program Files\Common Files\sinfor\logs\logs.exe" ><深圳市深信服电子科技有限公司> [SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start] <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation> [UNHDogService / UNHDogService][Running/Auto Start] <C:\WINNT\system32\UNHSRVNT.EXE><Rainbow China> [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation> ================================== 驱动程序 [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] <system32\DRIVERS\b57w2k.sys><Broadcom Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [dmboot / dmboot][Stopped/Disabled] <System32\drivers\dmboot.sys><VERITAS Software Corp.> [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [Ft SmartCard Readers Service / fteps1k][Running/Manual Start] <system32\DRIVERS\usbic1k.sys><OEM> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [HOSTNT / HOSTNT][Running/Auto Start] <\??\C:\WINNT\system32\drivers\hostnt.sys><N/A> [IP Filter Miniport / IPFilter][Running/Manual Start] <system32\DRIVERS\ipfilter.sys><Sinfor Technologies Co., Ltd.> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.> [MHDRV / MHDRV][Running/Auto Start] <\??\C:\WINNT\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.> [mraid2k / mraid2k][Running/Boot Start] <\SystemRoot\system32\drivers\mraid2k.sys><LSI Logic Corporation> [Netgroup Packet Filter / NPF][Stopped/Manual Start] <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt][Running/Auto Start] <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [ppmoucls / ppmoucls][Running/System Start] <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider> [PenPower Touchpad / pptchpad][Running/System Start] <System32\DRIVERS\pptchpd5.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RCMHDOG / RCMHDOG][Running/System Start] <\??\C:\WINNT\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising> [svgam / svgam][Running/Manual Start] <system32\DRIVERS\svgam.sys><Intel (R) Corporation> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 2007-09-26 11:14:37
002002 初生襁褓狮帖子:56 注册: 2006-07-31 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待）

中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待）

中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待）

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛中毒了，扫了个日志上来，请大家帮下忙看下，谢谢（在线等待）