<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Running/Boot Start]
<\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISRAID / SISRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[SPTRAK / SPTRAK][Running/Boot Start]
<\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Running/Boot Start]
<\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\trm3x5.sys><Tekram Technology Co., Ltd.>
[ULSATA / ULSATA][Running/Boot Start]
<\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
<\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[W2KADV / W2KADV][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
<\SystemRoot\System32\BIRD\wd7296a.sys><Western Digital Corporation>
==================================
浏览器加载项
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安全软件\360safe\safemon\safemon.dll, >
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\安全软件\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安全软件\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[使用迅雷下载]
<F1910-F110-11D2-BB9E-00C04F795683}, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 632][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1964][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\Shadow\pDeskTop.dll] [N/A, ]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[E:\安全软件\AVG\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[E:\安全软件\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll] [N/A, ]
[C:\Program Files\Media Player Classic\Codecs\mkunicode.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[E:\安全软件\Kaspersky Internet Security 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1784][E:\安全软件\风云防火墙\FengYun\FYFireWall.exe] [www.218.cc, 1.2.0.191]
[E:\安全软件\风云防火墙\FengYun\arpinfo.dll] [N/A, ]
[E:\安全软件\风云防火墙\FengYun\portinfo.dll] [www.218.cc, 1.2.0.5]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[PID: 1816][C:\windows\system32\Shadow\ShadowTip.exe] [PowerShadow, 1, 0, 0, 1]
[C:\windows\system32\Shadow\pDeskTop.dll] [N/A, ]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[E:\安全软件\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[PID: 508][C:\windows\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[PID: 3268][E:\安全软件\360safe\safemon\360Tray.exe] [奇虎网, 3, 2, 0, 1001]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[E:\安全软件\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[E:\安全软件\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 2, 0, 1001]
[E:\安全软件\360safe\AntiAdwa.dll] [360Safe.com, 3, 2, 0, 1001]
[PID: 1740][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\安全软件\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[E:\安全软件\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[E:\安全软件\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[E:\安全软件\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[E:\安全软件\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[E:\安全软件\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.304]
[e:\安全软件\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\安全软件\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\安全软件\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\windows\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\windows\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[e:\安全软件\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\安全软件\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 2104][C:\Documents and Settings\Administrator\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[E:\安全软件\风云防火墙\FengYun\fymon.dll] [www.218.cc, 1.2.3.1]
[E:\安全软件\360safe\safemon\safemon.dll] [, 3, 2, 0, 1001]
[E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF3F02B25)
RVA 错误: LoadLibraryExA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF3F02D67)
RVA 错误: LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF3F02F0B)
RVA 错误: LoadLibraryW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0xF3F02C49)
入口点错误:CreateProcessA (危险等级: 一般, 被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
入口点错误:CreateProcessW (危险等级: 一般, 被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0xF3F02E8F)
==================================
隐藏进程
N/A
==================================
[/CODE] |