经过指点,删除了些东西.但还会弹出Trojan.DL.Agent.chm...有日志) bbs.ikaka.com

雨和眼泪 - 2007-2-7 15:12:00

启动会弹出DLL文件加载出错...

然后无论打开什么.包括文本文档都会弹出Trojan.DL.Agent.chm(瑞星的监控)病毒...

无奈...

再求各位大虾们帮下忙...

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"F:\瑞星压缩备份版本\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<QuickTime Task><"F:\QuickTime\qttask.exe" -atboottime> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]

==================================
启动文件夹
[星空极速]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><H>
[Utility Tray]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Utility Tray.lnk --> C:\WINDOWS\system32\sistray.exe [Silicon Integrated Systems Corporation]><N>
[腾讯QQ]
<C:\Documents and Settings\jay\「开始」菜单\程序\启动\腾讯QQ.lnk --> F:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Rising Proxy Service / RfwProxySrv]
<f:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<f:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"F:\瑞星压缩备份版本\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"F:\瑞星压缩备份版本\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\F:\瑞星压缩备份版本\Rising\Rav\ExpScan.sys><>
[ffpbek / ffpbek]
<\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[HookCont / HookCont]
<\??\F:\瑞星压缩备份版本\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
<\??\F:\瑞星压缩备份版本\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\F:\瑞星压缩备份版本\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\F:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
<\??\F:\瑞星压缩备份版本\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\f:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[msusbbux / msusbbux]
<\??\C:\WINDOWS\system32\drivers\msusbbux.sys><Microsoft Corporation>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt]
<\??\F:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ptjpltp / ptjpltp]
<\SystemRoot\system32\drivers\ptjpltp.sys><N/A>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
<\??\F:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\F:\瑞星压缩备份版本\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp]
<\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>

==================================
浏览器加载项
[Thunder Browser Helper]
{4E83D566-4697-4F7B-B1F0-A513B01DB89A} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[]
{9db71888-2a70-48f1-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\48f1cfsb.dll, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
{4E83D566-4697-4F7B-B1F0-A513B01DB89A} <F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]

雨和眼泪 - 2007-2-7 15:14:00

{9DB71888-2A70-48F1-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\48f1cfsb.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<F:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 576][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 588][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 736][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 816][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 920][F:\瑞星压缩备份版本\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 936][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 996][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1080][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1112][F:\瑞星压缩备份版本\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[F:\瑞星压缩备份版本\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[F:\瑞星压缩备份版本\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[F:\瑞星压缩备份版本\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\瑞星压缩备份版本\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[F:\瑞星压缩备份版本\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[F:\瑞星压缩备份版本\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[F:\瑞星压缩备份版本\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[F:\瑞星压缩备份版本\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[F:\瑞星压缩备份版本\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[F:\瑞星压缩备份版本\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[F:\瑞星压缩备份版本\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[F:\瑞星压缩备份版本\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[F:\瑞星压缩备份版本\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[F:\瑞星压缩备份版本\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[F:\瑞星压缩备份版本\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[F:\瑞星压缩备份版本\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[F:\瑞星压缩备份版本\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[F:\瑞星压缩备份版本\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[F:\瑞星压缩备份版本\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[F:\瑞星压缩备份版本\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[F:\瑞星压缩备份版本\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[F:\瑞星压缩备份版本\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[F:\瑞星压缩备份版本\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[F:\瑞星压缩备份版本\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[F:\瑞星压缩备份版本\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]

雨和眼泪 - 2007-2-7 15:14:00

[F:\瑞星压缩备份版本\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[F:\瑞星压缩备份版本\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1256][f:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[f:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[f:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[f:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[f:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[f:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[f:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1332][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\mctet.dll] [, 5, 3, 1, 120]
[C:\WINDOWS\system32\ptjpltp.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1480][F:\瑞星压缩备份版本\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1676][f:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[f:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[f:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[f:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[f:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[f:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1692][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] [C-Dilla Ltd, 3.24.010]
[PID: 1760][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1792][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 404][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1188][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1688][F:\瑞星压缩备份版本\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\瑞星压缩备份版本\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1864][F:\瑞星压缩备份版本\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[F:\瑞星压缩备份版本\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[F:\瑞星压缩备份版本\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[F:\瑞星压缩备份版本\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1720][C:\WINDOWS\system32\sistray.exe] [Silicon Integrated Systems Corporation, 0.0.0.3730]
[C:\WINDOWS\system32\SiSApCom.dll] [Silicon Integrated Systems Corporation, 0.0.0.3730]
[C:\WINDOWS\system32\SiSBase.dll] [Silicon Integrated Systems Corporation, 6.14.10.3730]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2384][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 18, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2005, 9, 1, 1]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\SETUPP~1.DLL] [, 1, 0, 0, 1]
[C:\Program Files\ChinaNet\SysPlug\8432d5a0-a09d-41bc-87c1-b312d97192f5\VnetOnlineBusinessAutoLogin.dll] [, 2006, 11, 19, 21]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[C:\Program Files\ChinaNet\SysPlug\93d07ada-d3ac-485a-85eb-12ca3cee8375\Vnetsafe114.DLL] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 8, 11, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 8, 16, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2005, 12, 22, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 1, 9, 10]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, N/A]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 4, 19, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 12, 20, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[F:\瑞星压缩备份版本\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 3072][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2005, 3, 3, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\WINDOWS\system32\48f1cfsb.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[F:\瑞星压缩备份版本\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 3472][F:\瑞星压缩备份版本\Rising\Rav\CopyRun\RavCopy.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[F:\瑞星压缩备份版本\RISING\RAV\COPYRUN\Update.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 3532][F:\日志\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]

==================================

雨和眼泪 - 2007-2-7 15:14:00

[F:\瑞星压缩备份版本\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[F:\瑞星压缩备份版本\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1256][f:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[f:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[f:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[f:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[f:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[f:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[f:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1332][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\mctet.dll] [, 5, 3, 1, 120]
[C:\WINDOWS\system32\ptjpltp.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1480][F:\瑞星压缩备份版本\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1676][f:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[f:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[f:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[f:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[f:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[f:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1692][C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE] [C-Dilla Ltd, 3.24.010]
[PID: 1760][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1792][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 404][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 1188][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1688][F:\瑞星压缩备份版本\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\瑞星压缩备份版本\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1864][F:\瑞星压缩备份版本\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[F:\瑞星压缩备份版本\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[F:\瑞星压缩备份版本\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[F:\瑞星压缩备份版本\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[F:\瑞星压缩备份版本\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\瑞星压缩备份版本\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[F:\瑞星压缩备份版本\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[F:\瑞星压缩备份版本\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1720][C:\WINDOWS\system32\sistray.exe] [Silicon Integrated Systems Corporation, 0.0.0.3730]
[C:\WINDOWS\system32\SiSApCom.dll] [Silicon Integrated Systems Corporation, 0.0.0.3730]
[C:\WINDOWS\system32\SiSBase.dll] [Silicon Integrated Systems Corporation, 6.14.10.3730]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2384][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 18, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2005, 9, 1, 1]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\SETUPP~1.DLL] [, 1, 0, 0, 1]
[C:\Program Files\ChinaNet\SysPlug\8432d5a0-a09d-41bc-87c1-b312d97192f5\VnetOnlineBusinessAutoLogin.dll] [, 2006, 11, 19, 21]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[C:\Program Files\ChinaNet\SysPlug\93d07ada-d3ac-485a-85eb-12ca3cee8375\Vnetsafe114.DLL] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 8, 11, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 8, 16, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2005, 12, 22, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 1, 9, 10]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, N/A]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 4, 19, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 12, 20, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[F:\瑞星压缩备份版本\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 3072][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[F:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2005, 3, 3, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\WINDOWS\system32\48f1cfsb.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[F:\瑞星压缩备份版本\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 3472][F:\瑞星压缩备份版本\Rising\Rav\CopyRun\RavCopy.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[F:\瑞星压缩备份版本\RISING\RAV\COPYRUN\Update.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[PID: 3532][F:\日志\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]

==================================

雨和眼泪 - 2007-2-7 15:15:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 www.997j.com
127.0.0.1 www.xnidc.cn
127.0.0.1 xnidc.cn
127.0.0.1 www.2858168.com
127.0.0.1 www.idcmu.com
127.0.0.1 idcmu.com
127.0.0.1 2858168.com
127.0.0.1 www.beibeisf.com
127.0.0.1 www.123pkmu.com
127.0.0.1 www.57zt.com
127.0.0.1 www.zh-mu.com
127.0.0.1 www.1988mu.com
127.0.0.1 www.see4f.net
127.0.0.1 www.1aa
127.0.0.1 xz.1aa
127.0.0.1 www.lay0.com
127.0.0.1 www.aaa
127.0.0.1 www.idcke.com
127.0.0.1 idcke.com
127.0.0.1 bbs.17ez.com
127.0.0.1 www.521ee.com
127.0.0.1 server.17ez.com
127.0.0.1 bbs.vzkj.com
127.0.0.1 vzkj.com
127.0.0.1 www.vzkj.com
127.0.0.1 ww218.com
127.0.0.1 idc.ww218.com
127.0.0.1 www.ww218.com
127.0.0.1 bbs.ww218.com
127.0.0.1 www.1717mu.com.cn
127.0.0.1 bbs.dandanweb.com
127.0.0.1 mu.dandanweb.com
127.0.0.1 www.dandanweb.com
127.0.0.1 see.tgmu.com
127.0.0.1 mu.7jtop.com
127.0.0.1 www.2345w.com
127.0.0.1 www.musfw.com
127.0.0.1 www.11vip.com
127.0.0.1 www.350w.com
127.0.0.1 www.1943mu.com
127.0.0.1 www.zh91.com
127.0.0.1 www.1999mu.com
127.0.0.1 www.vzidc.com
127.0.0.1 vzidc.com
127.0.0.1 www.xnidc.cn
127.0.0.1 xnidc.cn
127.0.0.1 www.khwl.cn
127.0.0.1 khwl.cn

==================================

雨和眼泪 - 2007-2-7 15:49:00

各位大虾们没发现吗???

晕呼哦...难道又要格掉???

大饼脸阿花 - 2007-2-7 16:23:00

刚才没删干净么?怎么又都出来了

重启,进安全模式,拔掉网线

运行sreng2启动项目，注册表删除
<{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptimg.dll> [Microsoft Corporation]

启动项目,服务,驱动程序,"隐藏已认证的微软项目"勾上,删除

[ffpbek / ffpbek]
<\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[msusbbux / msusbbux]
<\??\C:\WINDOWS\system32\drivers\msusbbux.sys><Microsoft Corporation>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt]
<\??\F:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[ptjpltp / ptjpltp]
<\SystemRoot\system32\drivers\ptjpltp.sys><N/A>

系统修复，浏览器加载项，删除
[]
{9db71888-2a70-48f1-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\48f1cfsb.dll, N/A>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
{9DB71888-2A70-48F1-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\48f1cfsb.dll, N/A>
系统修复,HOSTS文件
把127.0.0.1 localhost以外所有项删除

系统修复，文件关联，修复

重启后打开我的电脑，工具，文件夹选项，查看，显示所有文件和文件夹，把“隐藏受保护的系统文件”的勾去掉（如果看不到，用WinRar进入该路径）删除
C:\WINDOWS\system32\ptjpltp.dll
C:\WINDOWS\system32\drivers\ffpbek.sys
C:\WINDOWS\system32\drivers\msusbbux.sys
C:\WINDOWS\system32\drivers\npf.sys
F:\Program Files\Tencent\QQ\npkcrypt.sys
C:\WINDOWS\system32\48f1cfsb.dll
C:\WINDOWS\system32\cryptimg.dll
C:\WINDOWS\system32\mctet.dll
如果上述文件清除不掉,http://202.38.64.10/~jfpan/download/IceSword120_cn.zip下载冰刃,运行冰刃,文件,选中后点强制删除

完成后用你的瑞星查一遍毒(瑞星应更新至最新病毒库)
还有,建议你彻底卸载QQ,重新安装一次

雨和眼泪 - 2007-2-7 16:27:00

病毒的文件是C:\WINDOWS\system32\umtcap.dll>>UPX

可我怕删除了那东西会有什么问题...

之前有几个病毒的.有几个我手动删除掉了

可就是这个不敢删...不知道那系统文件是不是有问题...

大饼脸阿花 - 2007-2-7 16:27:00

如果还是不行,开新帖请高手帮忙吧o(>_<)o

大饼脸阿花 - 2007-2-7 16:29:00

这个肯定不是系统文件,放心删

westbeck - 2007-2-7 16:30:00

瑞星报的路径?

瑞星卡卡安全论坛