瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 求助 又中伪装Sun Java2恶意插件 附日志

1   1  /  1  页   跳转

求助 又中伪装Sun Java2恶意插件 附日志

收藏
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:30 | 只看楼主 短消息 资料
字号: 1楼

求助 又中伪装Sun Java2恶意插件 附日志

[CODE]

2007-07-12,18:15:54

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <runeip><"d:\Rising\KakaToolBar\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><D:\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><d:\Rising\KakaToolBar\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
最后编辑2007-07-12 18:24:05
分享到:
gototop
 
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:30 | 只看楼主 短消息 资料
字号: 2楼

==================================
启动文件夹
N/A

==================================
服务
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[AEC6210 / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6210.sys><ACARD Technology Corp.>
[AEC6260 / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\asc.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[buslogic / buslogic][Stopped/Boot Start]
  <\SystemRoot\System32\bird\buslogic.sys><Microsoft Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[DMX3191 / DMX3191][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\DMX3191.sys><Microsoft Corporation>
[DMX3194 / DMX3194][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dmx3194.sys><Microsoft Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dptscsi.sys><Distributed Processing Technology Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\RISING\RAV\ExpScan.sys><>
[FASTSX / FASTSX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[fd16_700 / fd16_700][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fd16_700.sys><Microsoft Corporation>
[fireport / fireport][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fireport.sys><Microsoft Corporation>
[flashpnt / flashpnt][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\flashpnt.sys><Mylex,Corp.>
[FT8300 / FT8300][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><N/A>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
gototop
 
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:31 | 只看楼主 短消息 资料
字号: 3楼

[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>
[IASTOR / IASTOR][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iaStor.sys><Intel Corporation>
[IFT2000 / IFT2000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ift2000.sys><Infortrend Technology, Inc.>
[ini910u / ini910u][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\JRAID.SYS><JMicron Technology Corp.>
[kckipfp / kckipfp][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kckipfp.sys><N/A>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5228.sys><ALi Corporation.>
[M5281 / M5281][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\mraid35x.sys><LSI Logic Corporation>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVRAID / NVRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVRAID.SYS><NVIDIA Corporation>
[perc2 / perc2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\perc2.sys><Adaptec, Inc.>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp649r.sys><CMD Technology, Inc.>
[PNP680 / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680.sys><Silicon Image, Inc.>
[PNP680R / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680r.sys><Silicon Image, Inc>
[PortTalk / PortTalk][Stopped/Manual Start]
  <System32\Drivers\PortTalk.sys><Beyond Logic http://www.beyondlogic.org>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\raidsrc.sys><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\rr232x.sys><HighPoint Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SIS AGP Bus Filter / sisagp][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
gototop
 
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:31 | 只看楼主 短消息 资料
字号: 4楼

[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[SPTRAK / SPTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\trm3x5.sys><Tekram Technology Co., Ltd.>
[ULSATA / ULSATA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[W2KADV / W2KADV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\wd7296a.sys><Western Digital Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\变速精灵\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[新泰超级摄像头 / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_Now.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\Downloaded Program Files\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_Now.dll, N/A>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <d:\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
gototop
 
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:33 | 只看楼主 短消息 资料
字号: 5楼

[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\Downloaded Program Files\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[&V使用Vagaa哇嘎下载]
  <E:\Vagaa\Data\vg.htm, N/A>
[&使用超级旋风下载]
  <d:\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <d:\Tencent\QQDownload\getAllurl.htm, N/A>
[使用Web迅雷下载]
  <d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\WebThunder\GetAllUrl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072 / SYSTEM][d:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1276 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1428 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, ]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8265]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8265]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
[PID: 1460 / SYSTEM][D:\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
gototop
 
心情乱乱
头像
初生襁褓狮
  • 帖子:33
  • 注册: 2007-07-02
  • 来自:
发表于: 2007-07-12 18:34 | 只看楼主 短消息 资料
字号: 6楼

[D:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [d:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [d:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [d:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [D:\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\RISING\RAV\psapi.dll]  [Microsoft Corporation, 4.00]
    [D:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [D:\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [d:\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [d:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [d:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [d:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [d:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [d:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
    [d:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [d:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [d:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [d:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [d:\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1604 / SYSTEM][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [d:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [d:\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1732 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1956 / Administrator][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 160 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8265]
[PID: 192 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 292 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1376 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1340 / Administrator][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2052 / Administrator][D:\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [D:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2084 / Administrator][D:\360safe\safemon\360Tray.exe]  [奇虎网, 3, 5, 2, 1001]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2168 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 212 / Administrator][d:\Rising\KakaToolBar\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.15]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [d:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1320 / Administrator][d:\Rising\KakaToolBar\Ras.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.51]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [d:\Rising\KakaToolBar\RasGui.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 11]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2888 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [d:\Tencent\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [d:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
[PID: 2536 / Administrator][F:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [F:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
59.54.54.169 www.178rxjh.com
59.54.54.169 178rxjh.com
59.54.54.169 www.molisf.com
59.54.54.169 molisf.com
59.54.54.169 www.1717rxjh.cn
59.54.54.169 1717rxjh.cn
59.54.54.169 www.73473.com
59.54.54.169 73473.com
59.54.54.169 www.7rxjh.com
59.54.54.169 7rxjh.com
59.54.54.169 www.9i45.com
59.54.54.169 9i45.com
59.54.54.169 ww.rxjh4f.com.cn
59.54.54.169 rxjh4f.com.cn
59.54.54.169 www.uc177.com
59.54.54.169 uc177.com
59.54.54.169 www.496529.cn
59.54.54.169 496529.cn
59.54.54.169 www.999rxjh.com
59.54.54.169 999rxjh.com
59.54.54.169 www.52rxsf.com
59.54.54.169 52rxsf.com
59.54.54.169 www.jhsss.com
59.54.54.169 jhsss.com
59.54.54.169 www.wanrxjh.com
59.54.54.169 wanrxjh.com
59.54.54.169 www.920rxjh.com
59.54.54.169 920rxjh.com
59.54.54.169 www.sf377.com
59.54.54.169 sf377.com
59.54.54.169 www.xksf888.com
59.54.54.169 xksf888.com
59.54.54.169 www.14455.com
59.54.54.169 www.97wow.com
59.54.54.169 97wow.com
59.54.54.169 www.173woool.com.cn
59.54.54.169 73woool.com.cn
59.54.54.169 73woool.com.cn
59.54.54.169 ww.sfmir2.com
59.54.54.169 sfmir2.com
59.54.54.169 www.rx592.com
59.54.54.169 rx592.com
59.54.54.169 www.yxdao.net
59.54.54.169 yxdao.net
59.54.54.169 www.molisf.com
59.54.54.169 molisf.com
59.54.54.169 www.molisf.com
59.54.54.169 molisf.com
59.54.54.169 变态热血江湖
59.54.54.169 热血江湖
59.54.54.169 热血江湖私服
59.54.54.169 热血江湖SF
59.54.54.169 热血江湖发布
59.54.54.169 送元宝热血江湖

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2084, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 212, D:\RISING\KAKATOOLBAR\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 212, D:\RISING\KAKATOOLBAR\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1320, D:\RISING\KAKATOOLBAR\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1320, D:\RISING\KAKATOOLBAR\RAS.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT