碧海蓝天日照8 - 2006-8-20 13:30:00
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 13:19:16, 日期 2006-8-20
操作系统: Windows XP (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP1 (6.00.2600.0000)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\conime.exe
d:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\QQ\TenyQQ0.92\TenyQQ.EXE
F:\杀木马工具\HijackThis1[1].99.1\HijackThis1991zww.exe
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - d:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - d:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - d:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - d:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - RsAutorunsDisabled - (no file)
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42B08430-7945-4A5B-AA26-717C72D3A7D2}: NameServer = 202.102.134.68,202.102.128.68
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
谢谢 !~
tanghui1234 - 2006-8-20 13:34:00
没有
碧海蓝天日照8 - 2006-8-20 13:49:00
用 木马分析专家 查 的 有 啊
碧海蓝天日照8 - 2006-8-20 13:58:00
我 用 SysInfoCollect 收集的我的电脑的信息
System Information Collect Tool - Designed By Smallfrogs
20060820-13:45
Windows XP
Internet Explorer: 6.0.2800.1106
*****************************************************************
Runing Processes information
*****************************************************************
=====================================================
PROCESS NAME: System
-----------------------------------------------------
Process ID = 0x00000004
Thread count= 48
Parent process ID = 0
Priority Class = 32
Modules:
------------------------------------
=====================================================
PROCESS NAME: SMSS.EXE
-----------------------------------------------------
Process ID = 0x00000198
Thread count= 3
Parent process ID = 4
Priority Class = 32
Modules:
------------------------------------
\SystemRoot\System32\smss.exe (0x48580000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
=====================================================
PROCESS NAME: CSRSS.EXE
-----------------------------------------------------
WARNING: OpenProcess failed with error 5 ()
Process ID = 0x000001d0
Thread count= 11
Parent process ID = 408
Modules:
---------------------------------
=====================================================
PROCESS NAME: WINLOGON.EXE
-----------------------------------------------------
Process ID = 0x000001e8
Thread count= 19
Parent process ID = 408
Priority Class = 128
Modules:
------------------------------------
\??\C:\WINDOWS\system32\winlogon.exe (0x01000000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\system32\AUTHZ.dll (0x76C90000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
C:\WINDOWS\system32\CRYPT32.dll (0x76230000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\MSASN1.dll (0x76210000)
C:\WINDOWS\system32\NDdeApi.dll (0x758A0000)
C:\WINDOWS\system32\PROFMAP.dll (0x75890000)
C:\WINDOWS\system32\NETAPI32.dll (0x71BA0000)
C:\WINDOWS\system32\USERENV.dll (0x759D0000)
C:\WINDOWS\system32\PSAPI.DLL (0x76BC0000)
C:\WINDOWS\system32\REGAPI.dll (0x76B90000)
C:\WINDOWS\system32\Secur32.dll (0x76F60000)
C:\WINDOWS\system32\SETUPAPI.dll (0x765E0000)
C:\WINDOWS\system32\sfc_os.dll (0x76C30000)
C:\WINDOWS\system32\WINTRUST.dll (0x76C00000)
C:\WINDOWS\system32\ole32.dll (0x77180000)
C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)
C:\WINDOWS\system32\VERSION.dll (0x77BD0000)
C:\WINDOWS\system32\WINSTA.dll (0x762D0000)
C:\WINDOWS\system32\WS2_32.dll (0x71A20000)
C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\system32\MSGINA.dll (0x758D0000)
C:\WINDOWS\system32\SHELL32.dll (0x773A0000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\system32\COMCTL32.dll (0x77310000)
C:\WINDOWS\system32\ODBC32.dll (0x1F7B0000)
C:\WINDOWS\system32\comdlg32.dll (0x76320000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x00A50000)
C:\WINDOWS\system32\odbcint.dll (0x1F850000)
C:\WINDOWS\system32\SHSVCS.dll (0x76BA0000)
C:\WINDOWS\system32\sfc.dll (0x76B80000)
C:\WINDOWS\system32\WINSCARD.DLL (0x72360000)
C:\WINDOWS\system32\WTSAPI32.dll (0x76F20000)
C:\WINDOWS\system32\uxtheme.dll (0x5ADC0000)
C:\WINDOWS\system32\WINMM.dll (0x76B10000)
C:\WINDOWS\system32\cscdll.dll (0x76570000)
C:\WINDOWS\system32\WlNotify.dll (0x758B0000)
C:\WINDOWS\system32\WINSPOOL.DRV (0x72F70000)
C:\WINDOWS\system32\MPR.dll (0x71A90000)
C:\WINDOWS\System32\rsaenh.dll (0x0FFD0000)
C:\WINDOWS\system32\msv1_0.dll (0x76CE0000)
C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)
C:\WINDOWS\system32\cscui.dll (0x76590000)
C:\WINDOWS\system32\NTMARTA.DLL (0x76CB0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)
C:\WINDOWS\system32\sxs.dll (0x75E00000)
C:\WINDOWS\system32\wdmaud.drv (0x72C90000)
C:\WINDOWS\system32\msacm32.drv (0x72C80000)
C:\WINDOWS\system32\MSACM32.dll (0x77BB0000)
C:\WINDOWS\system32\midimap.dll (0x77BA0000)
C:\WINDOWS\system32\COMRes.dll (0x77020000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
C:\WINDOWS\system32\CLBCATQ.DLL (0x76FA0000)
C:\WINDOWS\System32\wbem\wbemprox.dll (0x74E50000)
C:\WINDOWS\System32\wbem\wbemcomn.dll (0x751F0000)
C:\WINDOWS\System32\wbem\wbemsvc.dll (0x74E30000)
C:\WINDOWS\System32\wbem\fastprox.dll (0x755F0000)
=====================================================
PROCESS NAME: SERVICES.EXE
-----------------------------------------------------
Process ID = 0x00000214
Thread count= 19
Parent process ID = 488
Priority Class = 32
碧海蓝天日照8 - 2006-8-20 13:59:00
Modules:
------------------------------------
C:\WINDOWS\system32\services.exe (0x01000000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\USERENV.dll (0x759D0000)
C:\WINDOWS\system32\SCESRV.dll (0x75840000)
C:\WINDOWS\system32\AUTHZ.dll (0x76C90000)
C:\WINDOWS\system32\umpnpmgr.dll (0x75820000)
C:\WINDOWS\system32\WINSTA.dll (0x762D0000)
C:\WINDOWS\system32\NCObjAPI.DLL (0x5F9A0000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\system32\secur32.dll (0x76F60000)
C:\WINDOWS\system32\eventlog.dll (0x75800000)
C:\WINDOWS\system32\WS2_32.dll (0x71A20000)
C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)
C:\WINDOWS\system32\PSAPI.DLL (0x76BC0000)
C:\WINDOWS\system32\wtsapi32.dll (0x76F20000)
C:\WINDOWS\system32\netapi32.dll (0x71BA0000)
=====================================================
PROCESS NAME: LSASS.EXE
-----------------------------------------------------
Process ID = 0x00000220
Thread count= 20
Parent process ID = 488
Priority Class = 32
Modules:
------------------------------------
C:\WINDOWS\system32\lsass.exe (0x01000000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\system32\LSASRV.dll (0x74480000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
C:\WINDOWS\system32\Secur32.dll (0x76F60000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\SAMSRV.dll (0x743A0000)
C:\WINDOWS\system32\cryptdll.dll (0x76760000)
C:\WINDOWS\system32\DNSAPI.dll (0x76EF0000)
C:\WINDOWS\system32\WS2_32.dll (0x71A20000)
C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)
C:\WINDOWS\system32\MSASN1.dll (0x76210000)
C:\WINDOWS\system32\NETAPI32.dll (0x71BA0000)
C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)
C:\WINDOWS\system32\MPR.dll (0x71A90000)
C:\WINDOWS\system32\NTDSAPI.dll (0x76770000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\system32\msprivs.dll (0x74310000)
C:\WINDOWS\system32\kerberos.dll (0x71C70000)
C:\WINDOWS\system32\msv1_0.dll (0x76CE0000)
C:\WINDOWS\system32\netlogon.dll (0x74410000)
C:\WINDOWS\system32\w32time.dll (0x76790000)
C:\WINDOWS\system32\MSVCP60.dll (0x75FF0000)
C:\WINDOWS\system32\iphlpapi.dll (0x76D30000)
C:\WINDOWS\system32\netman.dll (0x76DB0000)
C:\WINDOWS\system32\MPRAPI.dll (0x76D10000)
C:\WINDOWS\system32\ACTIVEDS.dll (0x76E10000)
C:\WINDOWS\system32\adsldpc.dll (0x76DE0000)
C:\WINDOWS\system32\ATL.DLL (0x76AF0000)
C:\WINDOWS\system32\ole32.dll (0x77180000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
C:\WINDOWS\system32\rtutils.dll (0x76E50000)
C:\WINDOWS\system32\SETUPAPI.dll (0x765E0000)
C:\WINDOWS\system32\RASAPI32.dll (0x76EB0000)
C:\WINDOWS\system32\rasman.dll (0x76E60000)
C:\WINDOWS\system32\TAPI32.dll (0x76E80000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\system32\WINMM.dll (0x76B10000)
C:\WINDOWS\system32\SHELL32.dll (0x773A0000)
C:\WINDOWS\system32\WZCSvc.DLL (0x76D70000)
C:\WINDOWS\system32\WMI.dll (0x76D00000)
C:\WINDOWS\system32\DHCPCSVC.DLL (0x76D50000)
C:\WINDOWS\system32\CRYPT32.dll (0x76230000)
C:\WINDOWS\system32\WTSAPI32.dll (0x76F20000)
C:\WINDOWS\system32\WINSTA.dll (0x762D0000)
C:\WINDOWS\system32\USERENV.dll (0x759D0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x00940000)
C:\WINDOWS\system32\comctl32.dll (0x77310000)
C:\WINDOWS\system32\schannel.dll (0x767C0000)
C:\WINDOWS\system32\wdigest.dll (0x742E0000)
C:\WINDOWS\System32\rsaenh.dll (0x0FFD0000)
C:\WINDOWS\system32\scecli.dll (0x74370000)
C:\WINDOWS\system32\ipsecsvc.dll (0x74340000)
C:\WINDOWS\system32\oakley.DLL (0x74530000)
C:\WINDOWS\system32\WINIPSEC.DLL (0x742D0000)
C:\WINDOWS\system32\pstorsvc.dll (0x74300000)
C:\WINDOWS\system32\mswsock.dll (0x719C0000)
C:\WINDOWS\System32\wshtcpip.dll (0x71A00000)
C:\WINDOWS\system32\psbase.dll (0x74320000)
C:\WINDOWS\System32\dssenh.dll (0x0FFA0000)
=====================================================
PROCESS NAME: SVCHOST.EXE
-----------------------------------------------------
Process ID = 0x000002c4
Thread count= 9
Parent process ID = 532
Priority Class = 32
碧海蓝天日照8 - 2006-8-20 13:59:00
Modules:
------------------------------------
C:\WINDOWS\system32\svchost.exe (0x01000000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
c:\windows\system32\rpcss.dll (0x757B0000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
c:\windows\system32\WS2_32.dll (0x71A20000)
c:\windows\system32\WS2HELP.dll (0x71A10000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
c:\windows\system32\Secur32.dll (0x76F60000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\system32\userenv.dll (0x759D0000)
C:\WINDOWS\system32\mswsock.dll (0x719C0000)
C:\WINDOWS\System32\wshtcpip.dll (0x71A00000)
C:\WINDOWS\system32\DNSAPI.dll (0x76EF0000)
C:\WINDOWS\system32\iphlpapi.dll (0x76D30000)
C:\WINDOWS\system32\netman.dll (0x76DB0000)
C:\WINDOWS\system32\MPRAPI.dll (0x76D10000)
C:\WINDOWS\system32\ACTIVEDS.dll (0x76E10000)
C:\WINDOWS\system32\adsldpc.dll (0x76DE0000)
C:\WINDOWS\system32\NETAPI32.dll (0x71BA0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)
C:\WINDOWS\system32\ATL.DLL (0x76AF0000)
C:\WINDOWS\system32\ole32.dll (0x77180000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
C:\WINDOWS\system32\rtutils.dll (0x76E50000)
C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)
C:\WINDOWS\system32\SETUPAPI.dll (0x765E0000)
C:\WINDOWS\system32\RASAPI32.dll (0x76EB0000)
C:\WINDOWS\system32\rasman.dll (0x76E60000)
C:\WINDOWS\system32\TAPI32.dll (0x76E80000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\system32\WINMM.dll (0x76B10000)
C:\WINDOWS\system32\SHELL32.dll (0x773A0000)
C:\WINDOWS\system32\WZCSvc.DLL (0x76D70000)
C:\WINDOWS\system32\WMI.dll (0x76D00000)
C:\WINDOWS\system32\DHCPCSVC.DLL (0x76D50000)
C:\WINDOWS\system32\CRYPT32.dll (0x76230000)
C:\WINDOWS\system32\MSASN1.dll (0x76210000)
C:\WINDOWS\system32\WTSAPI32.dll (0x76F20000)
C:\WINDOWS\system32\WINSTA.dll (0x762D0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x00760000)
C:\WINDOWS\system32\comctl32.dll (0x77310000)
C:\WINDOWS\System32\winrnr.dll (0x76F80000)
C:\WINDOWS\system32\rasadhlp.dll (0x76F90000)
C:\WINDOWS\system32\CLBCATQ.DLL (0x76FA0000)
C:\WINDOWS\system32\COMRes.dll (0x77020000)
C:\WINDOWS\system32\VERSION.dll (0x77BD0000)
=====================================================
PROCESS NAME: CCenter.exe
-----------------------------------------------------
Process ID = 0x000002f8
Thread count= 5
Parent process ID = 532
Priority Class = 32
Modules:
------------------------------------
C:\Program Files\Rising\Rav\CCenter.exe (0x00400000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\system32\uxtheme.dll (0x5ADC0000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
=====================================================
PROCESS NAME: SVCHOST.EXE
-----------------------------------------------------
Process ID = 0x00000308
Thread count= 70
Parent process ID = 532
Priority Class = 32
碧海蓝天日照8 - 2006-8-20 13:59:00
C:\WINDOWS\System32\LPK.DLL (0x62C20000)
C:\WINDOWS\System32\USP10.dll (0x72F10000)
c:\windows\system32\shsvcs.dll (0x76BA0000)
C:\WINDOWS\system32\msvcrt.dll (0x77BE0000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\system32\shell32.dll (0x773A0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x71950000)
C:\WINDOWS\system32\comctl32.dll (0x77310000)
C:\WINDOWS\System32\WINSTA.dll (0x762D0000)
c:\windows\system32\dhcpcsvc.dll (0x76D50000)
c:\windows\system32\DNSAPI.dll (0x76EF0000)
c:\windows\system32\WS2_32.dll (0x006C0000)
c:\windows\system32\WS2HELP.dll (0x005A0000)
c:\windows\system32\iphlpapi.dll (0x76D30000)
c:\windows\system32\netman.dll (0x76DB0000)
c:\windows\system32\MPRAPI.dll (0x76D10000)
c:\windows\system32\ACTIVEDS.dll (0x76E10000)
c:\windows\system32\adsldpc.dll (0x76DE0000)
c:\windows\system32\NETAPI32.dll (0x71BA0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)
c:\windows\system32\ATL.DLL (0x76AF0000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
c:\windows\system32\rtutils.dll (0x76E50000)
c:\windows\system32\SAMLIB.dll (0x71B70000)
c:\windows\system32\SETUPAPI.dll (0x765E0000)
c:\windows\system32\RASAPI32.dll (0x76EB0000)
c:\windows\system32\rasman.dll (0x76E60000)
c:\windows\system32\TAPI32.dll (0x76E80000)
c:\windows\system32\WINMM.dll (0x76B10000)
c:\windows\system32\Secur32.dll (0x76F60000)
c:\windows\system32\WZCSvc.DLL (0x76D70000)
c:\windows\system32\WMI.dll (0x76D00000)
C:\WINDOWS\system32\CRYPT32.dll (0x76230000)
C:\WINDOWS\system32\MSASN1.dll (0x76210000)
c:\windows\system32\WTSAPI32.dll (0x76F20000)
C:\WINDOWS\System32\UxTheme.dll (0x5ADC0000)
C:\WINDOWS\System32\rsaenh.dll (0x0FFD0000)
C:\WINDOWS\System32\rastls.dll (0x74E70000)
C:\WINDOWS\System32\SCHANNEL.dll (0x767C0000)
C:\WINDOWS\system32\USERENV.dll (0x759D0000)
C:\WINDOWS\System32\WinSCard.dll (0x72360000)
C:\WINDOWS\System32\raschap.dll (0x74E90000)
C:\WINDOWS\system32\mswsock.dll (0x008E0000)
C:\WINDOWS\system32\msv1_0.dll (0x76CE0000)
C:\WINDOWS\System32\wshtcpip.dll (0x00A20000)
C:\WINDOWS\System32\NTMARTA.DLL (0x76CB0000)
C:\WINDOWS\System32\CLBCATQ.DLL (0x76FA0000)
C:\WINDOWS\System32\COMRes.dll (0x77020000)
C:\WINDOWS\system32\VERSION.dll (0x77BD0000)
c:\windows\system32\schedsvc.dll (0x75130000)
c:\windows\system32\NTDSAPI.dll (0x76770000)
C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)
C:\WINDOWS\System32\MSIDLE.DLL (0x74EB0000)
c:\windows\system32\audiosrv.dll (0x70DE0000)
c:\windows\system32\wkssvc.dll (0x750D0000)
c:\windows\system32\cryptsvc.dll (0x74F00000)
c:\windows\system32\WINTRUST.dll (0x76C00000)
c:\windows\system32\certcli.dll (0x752B0000)
c:\windows\system32\CRYPTUI.dll (0x75430000)
C:\WINDOWS\system32\WININET.dll (0x70200000)
c:\windows\system32\ESENT.dll (0x69A20000)
c:\windows\system32\wuauserv.dll (0x74E20000)
c:\windows\system32\mspmspsv.dll (0x72430000)
C:\WINDOWS\System32\wuaueng.dll (0x74F60000)
C:\WINDOWS\System32\ADVPACK.dll (0x715F0000)
C:\WINDOWS\System32\sfc.dll (0x76B80000)
C:\WINDOWS\System32\sfc_os.dll (0x76C30000)
c:\windows\system32\wbem\wmisvc.dll (0x59470000)
c:\windows\system32\wbem\wbemcomn.dll (0x751F0000)
C:\WINDOWS\system32\VSSAPI.DLL (0x75340000)
c:\windows\system32\w32time.dll (0x76790000)
c:\windows\system32\MSVCP60.dll (0x75FF0000)
c:\windows\pchealth\helpctr\binaries\pchsvc.dll (0x74EA0000)
C:\WINDOWS\System32\es.dll (0x76B40000)
c:\windows\system32\trkwks.dll (0x74FD0000)
c:\windows\system32\srsvc.dll (0x75100000)
c:\windows\system32\seclogon.dll (0x73C90000)
c:\windows\system32\msgsvc.dll (0x74EC0000)
c:\windows\system32\srvsvc.dll (0x74FF0000)
c:\windows\system32\ersvc.dll (0x74EE0000)
c:\windows\system32\dmserver.dll (0x74EF0000)
c:\windows\system32\sens.dll (0x72260000)
c:\windows\system32\browser.dll (0x74F40000)
C:\WINDOWS\System32\SXS.DLL (0x75E00000)
c:\windows\system32\termsrv.dll (0x75230000)
c:\windows\system32\ICAAPI.dll (0x74ED0000)
c:\windows\system32\AUTHZ.dll (0x76C90000)
c:\windows\system32\mstlsapi.dll (0x75070000)
C:\WINDOWS\System32\REGAPI.dll (0x76B90000)
C:\WINDOWS\system32\NETSHELL.dll (0x75C60000)
C:\WINDOWS\system32\credui.dll (0x76BD0000)
C:\WINDOWS\System32\upnp.dll (0x74FA0000)
C:\WINDOWS\System32\SSDPAPI.dll (0x74E60000)
C:\WINDOWS\System32\hnetcfg.dll (0x68B70000)
C:\WINDOWS\System32\netcfgx.dll (0x75550000)
C:\WINDOWS\System32\CLUSAPI.dll (0x74F20000)
C:\WINDOWS\system32\comsvcs.dll (0x75690000)
C:\WINDOWS\system32\MTXCLU.DLL (0x75050000)
C:\WINDOWS\system32\WSOCK32.dll (0x71A40000)
C:\WINDOWS\system32\colbact.DLL (0x75090000)
C:\WINDOWS\System32\RESUTILS.DLL (0x75010000)
C:\WINDOWS\System32\Wbem\wbemcore.dll (0x753B0000)
C:\WINDOWS\System32\Wbem\esscli.dll (0x75270000)
C:\WINDOWS\System32\Wbem\FastProx.dll (0x755F0000)
C:\WINDOWS\System32\rasadhlp.dll (0x76F90000)
C:\WINDOWS\System32\mtxoci.dll (0x75030000)
C:\WINDOWS\System32\rasmans.dll (0x723F0000)
C:\WINDOWS\System32\WINIPSEC.DLL (0x742D0000)
c:\windows\system32\tapisrv.dll (0x73350000)
c:\windows\system32\PSAPI.DLL (0x76BC0000)
C:\WINDOWS\System32\sensapi.dll (0x72240000)
C:\WINDOWS\System32\wbem\wmiutils.dll (0x74F80000)
C:\WINDOWS\System32\wbem\repdrvfs.dll (0x75160000)
C:\WINDOWS\System32\rastapi.dll (0x71FF0000)
C:\WINDOWS\system32\urlmon.dll (0x702B0000)
C:\WINDOWS\System32\unimdm.tsp (0x57980000)
C:\WINDOWS\System32\uniplat.dll (0x71F90000)
C:\WINDOWS\System32\wbem\wmiprvsd.dll (0x594C0000)
C:\WINDOWS\system32\NCObjAPI.DLL (0x5F9A0000)
C:\WINDOWS\System32\kmddsp.tsp (0x57A00000)
C:\WINDOWS\System32\ndptsp.tsp (0x579E0000)
C:\WINDOWS\System32\ipconf.tsp (0x57A10000)
C:\WINDOWS\System32\wbem\wbemess.dll (0x752F0000)
C:\WINDOWS\System32\h323.tsp (0x57A30000)
C:\WINDOWS\System32\hidphone.tsp (0x57A20000)
C:\WINDOWS\System32\HID.DLL (0x68BE0000)
C:\WINDOWS\System32\rasppp.dll (0x721D0000)
C:\WINDOWS\System32\ntlsapi.dll (0x72420000)
c:\windows\system32\rasauto.dll (0x72030000)
C:\WINDOWS\System32\icmp.dll (0x741F0000)
C:\WINDOWS\System32\RASDLG.dll (0x754B0000)
C:\WINDOWS\System32\wbem\ncprov.dll (0x5F970000)
C:\WINDOWS\System32\wbem\wbemsvc.dll (0x74E30000)
=====================================================
PROCESS NAME: SVCHOST.EXE
-----------------------------------------------------
WARNING: OpenProcess failed with error 5 ()
Process ID = 0x00000354
Thread count= 6
Parent process ID = 532
Modules:
------------------------------------
=====================================================
PROCESS NAME: SVCHOST.EXE
-----------------------------------------------------
WARNING: OpenProcess failed with error 5 ()
Process ID = 0x0000036c
Thread count= 14
Parent process ID = 532
Modules:
------------------------------------
=====================================================
PROCESS NAME: RavMonD.exe
-----------------------------------------------------
Process ID = 0x000003a8
Thread count= 24
Parent process ID = 532
Priority Class = 32
碧海蓝天日照8 - 2006-8-20 14:00:00
Modules:
------------------------------------
C:\Program Files\Rising\Rav\Ravmond.exe (0x00400000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\Program Files\Rising\Rav\BWList.dll (0x10000000)
C:\WINDOWS\system32\MFC42.DLL (0x73D30000)
C:\WINDOWS\system32\MSVCRT.dll (0x77BE0000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\system32\SHELL32.dll (0x773A0000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\system32\MSVCP60.dll (0x75FF0000)
C:\WINDOWS\system32\WSOCK32.dll (0x71A40000)
C:\WINDOWS\system32\WS2_32.dll (0x71A20000)
C:\WINDOWS\system32\WS2HELP.dll (0x71A10000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
C:\WINDOWS\system32\OLE32.DLL (0x77180000)
C:\WINDOWS\system32\VERSION.dll (0x77BD0000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\System32\MFC42LOC.DLL (0x61BE0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x00730000)
C:\WINDOWS\system32\comctl32.dll (0x77310000)
C:\Program Files\Rising\Rav\RsCommX.dll (0x00820000)
C:\Program Files\Rising\Rav\RSAPPMGR.DLL (0x00C40000)
C:\Program Files\Rising\Rav\CfgDll.dll (0x08C60000)
C:\Program Files\Rising\Rav\RSCOMMON.DLL (0x23700000)
C:\Program Files\Rising\Rav\RsLog.dll (0x08FF0000)
C:\Program Files\Rising\Rav\HOOKSYS.dll (0x09000000)
C:\Program Files\Rising\Rav\Scanner.dll (0x09130000)
C:\Program Files\Rising\Rav\libload.dll (0x13100000)
C:\Program Files\Rising\Rav\VirusLib.dll (0x09290000)
C:\Program Files\Rising\Rav\regmon.dll (0x093D0000)
C:\Program Files\Rising\Rav\psapi.dll (0x731B0000)
C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)
C:\Program Files\Rising\Rav\HookWeb.dll (0x09660000)
C:\Program Files\Rising\Rav\MemMon.dll (0x09780000)
C:\Program Files\Rising\Rav\expscan.dll (0x097B0000)
C:\Program Files\Rising\Rav\mPorts.dll (0x097D0000)
C:\WINDOWS\system32\iphlpapi.dll (0x76D30000)
C:\WINDOWS\system32\netman.dll (0x76DB0000)
C:\WINDOWS\system32\MPRAPI.dll (0x76D10000)
C:\WINDOWS\system32\ACTIVEDS.dll (0x76E10000)
C:\WINDOWS\system32\adsldpc.dll (0x76DE0000)
C:\WINDOWS\system32\NETAPI32.dll (0x71BA0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F30000)
C:\WINDOWS\system32\ATL.DLL (0x76AF0000)
C:\WINDOWS\system32\rtutils.dll (0x76E50000)
C:\WINDOWS\system32\SAMLIB.dll (0x71B70000)
C:\WINDOWS\system32\SETUPAPI.dll (0x765E0000)
C:\WINDOWS\system32\RASAPI32.dll (0x76EB0000)
C:\WINDOWS\system32\rasman.dll (0x76E60000)
C:\WINDOWS\system32\TAPI32.dll (0x76E80000)
C:\WINDOWS\system32\WINMM.dll (0x76B10000)
C:\WINDOWS\system32\Secur32.dll (0x76F60000)
C:\WINDOWS\system32\WZCSvc.DLL (0x76D70000)
C:\WINDOWS\system32\WMI.dll (0x76D00000)
C:\WINDOWS\system32\DHCPCSVC.DLL (0x76D50000)
C:\WINDOWS\system32\DNSAPI.dll (0x76EF0000)
C:\WINDOWS\system32\CRYPT32.dll (0x76230000)
C:\WINDOWS\system32\MSASN1.dll (0x76210000)
C:\WINDOWS\system32\WTSAPI32.dll (0x76F20000)
C:\WINDOWS\system32\WINSTA.dll (0x762D0000)
C:\Program Files\Rising\Rav\MailMon.dll (0x09920000)
C:\Program Files\Rising\Rav\SpamEng.dll (0x09A60000)
C:\Program Files\Rising\Rav\engine.dll (0x13A80000)
C:\WINDOWS\system32\mswsock.dll (0x719C0000)
C:\WINDOWS\System32\wshtcpip.dll (0x71A00000)
C:\Program Files\Rising\Rav\PostTrt.dll (0x0A340000)
C:\Program Files\Rising\Rav\UnExe.dll (0x0A380000)
C:\Program Files\Rising\Rav\ScanExec.dll (0x13AB0000)
C:\Program Files\Rising\Rav\ScanEx.dll (0x0ADF0000)
C:\Program Files\Rising\Rav\NvFile.dll (0x0AB80000)
C:\Program Files\Rising\Rav\ScanMac.dll (0x13AF0000)
C:\Program Files\Rising\Rav\ScanSct.dll (0x0AD90000)
C:\WINDOWS\system32\uxtheme.dll (0x5ADC0000)
C:\WINDOWS\system32\perfproc.dll (0x5E8E0000)
C:\Program Files\Rising\Rav\Unpacker.dll (0x0B390000)
C:\Program Files\Rising\Rav\ExtOLE.dll (0x0A770000)
C:\Program Files\Rising\Rav\ScanNet.dll (0x0A7C0000)
=====================================================
PROCESS NAME: RFWSRV.EXE
-----------------------------------------------------
Process ID = 0x000003d8
Thread count= 16
Parent process ID = 532
Priority Class = 32
Modules:
------------------------------------
c:\program files\rising\rfw\rfwsrv.exe (0x00400000)
C:\WINDOWS\System32\ntdll.dll (0x77F50000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C90000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\MFC42.DLL (0x73D30000)
C:\WINDOWS\system32\MSVCRT.dll (0x77BE0000)
C:\WINDOWS\system32\GDI32.dll (0x77C40000)
C:\WINDOWS\system32\USER32.dll (0x77D10000)
C:\WINDOWS\system32\COMCTL32.dll (0x77310000)
C:\WINDOWS\system32\ole32.dll (0x77180000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770F0000)
C:\WINDOWS\System32\IMM32.DLL (0x76300000)
C:\WINDOWS\system32\LPK.DLL (0x62C20000)
C:\WINDOWS\system32\USP10.dll (0x72F10000)
C:\WINDOWS\System32\MFC42LOC.DLL (0x61BE0000)
C:\WINDOWS\system32\SHLWAPI.dll (0x70BD0000)
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll (0x71950000)
C:\WINDOWS\system32\USERENV.dll (0x759D0000)
c:\program files\rising\rfw\RfwRule.dll (0x10000000)
c:\program files\rising\rfw\rfwlog.dll (0x003D0000)
c:\program files\rising\rfw\Rfwdrv.dll (0x00800000)
c:\program files\rising\rfw\psapi.dll (0x731B0000)
C:\WINDOWS\system32\IMAGEHLP.dll (0x76C60000)
c:\program files\rising\rfw\MonDrv.dll (0x00960000)
c:\program files\rising\rfw\ProcLib.dll (0x00B80000)
C:\WINDOWS\system32\uxtheme.dll (0x5ADC0000)
C:\WINDOWS\system32\perfproc.dll (0x5E8E0000)
C:\WINDOWS\system32\secur32.dll (0x76F60000)
C:\WINDOWS\system32\netapi32.dll (0x71BA0000)
=====================================================
PROCESS NAME: EXPLORER.EXE
-----------------------------------------------------
Process ID = 0x000004ac
Thread count= 18
Parent process ID = 1176
Priority Class = 32
碧海蓝天日照8 - 2006-8-20 14:11:00
太多 不上传了
© 2000 - 2026 Rising Corp. Ltd.