瑞星卡卡安全论坛
小盆子 - 2007-10-15 10:52:00
聊QQ时不小心点击下载“我的照片……”后染上的病毒,瑞星查出来病毒名是:trojan.psw.win32.roconline.gb 可是清除病毒后还是会有新的病毒出来
嗯,开机后会出现 “explorer 程序执行了非法操作,即将关闭”
“我的电脑”只能用浏览的方式打开,还会死机
下载瑞星的QQ病毒专杀工具却查不出病毒
机器上装的瑞星也升级不了
请各位高手相助
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
小盆子 - 2007-10-15 10:54:00
[CODE]
2007-10-15,10:34:40
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 98 SE -
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<internat.exe><internat.exe> [Microsoft Corporation]
<SystemTray><SysTray.Exe> [Microsoft Corporation]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<RsCcenter><"C:\Program Files\Rising\Rav\CCenter.exe"> [Beijing Rising Technology Co., Ltd.]
<RavMond><"C:\Program Files\Rising\Rav\RavMond.exe"> [Beijing Rising Technology Co., Ltd.]
<RavMon><"C:\Program Files\Rising\Rav\RavMon.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwService><"C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE" -service> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><sidjazy.dll> []
==================================
启动文件夹
N/A
==================================
服务
N/A
==================================
驱动程序
N/A
==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL, Adobe Systems Incorporated>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\SYSTEM\XUNLEIBHO_V8.DLL, $>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL, Xi>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL, Yahoo! China>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL, yahoo! china>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YANGLING.DLL, yahoo! china>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[电雷超级下载]
{A6A84943-17AB-4363-A518-8D750FDF57C3} <"D:\软件\Dianlei\dianlei.exe", N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[百万图库]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/star, N/A>
[铃声图片下载]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.26-3.com/sms/index.htm, N/A>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACROIEFAVCLIENT.DLL, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL, yahoo! china>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\SYSTEM\MSDXM.OCX, Microsoft Corporation>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\DZH\INTERNET\FLASH.OCX, Macromedia, Inc.>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL, Yahoo! China>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRAM FILES\YAHOO!\ASSISTANT\YALIVE.DLL, yahoo! china>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[Google 搜索(&G)]
<res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html, N/A>
[翻译英文字词(&T)]
<res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html, N/A>
[缓存的网页快照]
<res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html, N/A>
[类似网页]
<res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html, N/A>
[反向链接]
<res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
<C:\PROGRAM FILES\TENCENT\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\PROGRAM FILES\TENCENT\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\PROGRAM FILES\TENCENT\QQ\SendMMS.htm, N/A>
[上传到QQ网络硬盘]
<C:\PROGRAM FILES\TENCENT\QQ\AddToNetDisk.htm, N/A>
[&使用电雷下载]
<D:\软件\Dianlei\geturl.htm, N/A>
[雅虎搜索]
<res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL/203, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YRSS.DLL/YRSSMENUEXT, N/A>
==================================
小盆子 - 2007-10-15 10:57:00
正在运行的进程
[PID: 4294962595][C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294958707][C:\WINDOWS\SYSTEM\RNANP.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSNP32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IENPSTUB.DLL] [Microsoft Corporation, 4.71.0831.1]
[C:\WINDOWS\SYSTEM\MSLOCUSR.DLL] [Microsoft Corporation, 4.72.3110.0]
[C:\WINDOWS\SYSTEM\MPREXE.EXE] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPRSERV.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSPWL32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294840423][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294843839][C:\PROGRAM FILES\RISING\RAV\USCRIPT.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\UROUTINE.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 60]
[C:\PROGRAM FILES\RISING\RAV\RSVM.DLL] [, 19, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\SCANPACK.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
[C:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL] [, 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\HOOKCONT.DLL] [Rising, 19, 0, 0, 0]
[C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\REGMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\RFWCTRL.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] [rising, 18, 0, 0, 1]
[C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294884651][C:\WINDOWS\SYSTEM\MSSHRUI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SVRAPI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MYDOCS.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\WINDOWS\SYSTEM\SHDOCVW.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RSXML.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] [rising, 18, 0, 0, 1]
小盆子 - 2007-10-15 10:58:00
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\SYSTEM\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294873639][C:\WINDOWS\SYSTEM\MSWSOSP.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\IPHLPAPI.DLL] [Microsoft Corporation, 5.00.1717.2]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IPCFGDLL.DLL] [Microsoft Corporation, 5.00.1717.2]
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\ICMP.DLL] [Microsoft Corporation, 5.00.1454.1]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RFWAPI.DLL] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 34]
[C:\WINDOWS\SYSTEM\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294869727][C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294749543][C:\WINDOWS\SYSTEM\RASAPI32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SVRAPI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSPWL32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\TAPI32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\NETAPI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SHFOLDER.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\RNR20.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RPCLTSCM.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\DIGEST.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\NTDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSNSSPC.DLL] [Microsoft Corporation, 6.00.7753]
[C:\WINDOWS\SYSTEM\MSAPSSPC.DLL] [Microsoft Corporation, 5.00.7729]
[C:\WINDOWS\SYSTEM\MSVCRT40.DLL] [Microsoft Corporation, 4.22.0000]
[C:\WINDOWS\SYSTEM\SECUR32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\RPCSS.EXE] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\MSVCRT20.DLL] [Microsoft Corporation, 2.11.000]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4294756491][C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RSXML.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\WINDOWS\SYSTEM\WINMM.DLL] [Microsoft Corporation, 4.03.1998]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\SYSTEM\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4293127003][C:\WINDOWS\SYSTEM\VBAJET32.DLL] [Microsoft Corporation, 6.1.8268]
小盆子 - 2007-10-15 10:59:00
[C:\WINDOWS\SYSTEM\ODBCCP32.DLL] [Microsoft Corporation, 3.510.3711.0]
[C:\WINDOWS\SYSTEM\ODBC32.DLL] [Microsoft Corporation, 3.510.3711.0]
[C:\WINDOWS\SYSTEM\ODBCINT.DLL] [Microsoft Corporation, 3.510.3711.0]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\COMDLG32.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] [rising, 18, 0, 0, 1]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4293121923][C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\INTERNAT.EXE] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4293014507][C:\WINDOWS\SYSTEM\USBUI.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WMI.DLL] [Microsoft Corporation, 5.00.1755.1]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SYSTRAY.EXE] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\BATMETER.DLL] [Microsoft Corporation, 5.00.0910.1900]
[C:\WINDOWS\SYSTEM\POWRPROF.DLL] [Microsoft Corporation, 5.00.0910.1900]
[C:\WINDOWS\SYSTEM\SETUPAPI.DLL] [Microsoft Corporation, 5.00.1671.1]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\CFGMGR32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\WINSPOOL.DRV] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\COMDLG32.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\WINDOWS\SYSTEM\LZ32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NTDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\WINMM.DLL] [Microsoft Corporation, 4.03.1998]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4293031843][C:\WINDOWS\SYSTEM\WMIEXE.EXE] [Microsoft Corporation, 5.00.1755.1]
[C:\WINDOWS\SYSTEM\WMICORE.DLL] [Microsoft Corporation, 5.00.1755.1]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4293010619][C:\WINDOWS\SYSTEM\MSI.DLL] [Microsoft Corporation, 2.0.2600.2]
[C:\WINDOWS\SYSTEM\IPHLPAPI.DLL] [Microsoft Corporation, 5.00.1717.2]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\IPCFGDLL.DLL] [Microsoft Corporation, 5.00.1717.2]
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\ICMP.DLL] [Microsoft Corporation, 5.00.1454.1]
[C:\WINDOWS\SYSTEM\WINMM.DLL] [Microsoft Corporation, 4.03.1998]
[C:\WINDOWS\SYSTEM\MLANG.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\SHDOCLC.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASBAR.DLL] [yahoo! china, 3, 3, 9, 1112]
[C:\WINDOWS\SYSTEM\NETAPI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\SETUPAPI.DLL] [Microsoft Corporation, 5.00.1671.1]
[C:\WINDOWS\SYSTEM\CFGMGR32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\WINSPOOL.DRV] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\LZ32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NTDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ES.DLL] [Microsoft Corporation, 1998.09.1003.0]
[C:\WINDOWS\SYSTEM\SENS.DLL] [Microsoft Corporation, 5.50.4807.2300]
[C:\WINDOWS\SYSTEM\ESTIER2.DLL] [Microsoft Corporation, 1998.09.1003.0]
[C:\WINDOWS\SYSTEM\ESSHARED.DLL] [Microsoft Corporation, 1998.09.1003.0]
小盆子 - 2007-10-15 10:59:00
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YPHTB.DLL] [Yahoo! China, 3, 0, 8, 1010]
[C:\WINDOWS\SYSTEM\URLMON.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\COMDLG32.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YDRAGSEARCH.DLL] [yahoo! china, 3, 0, 7, 1009]
[C:\PROGRAM FILES\YAHOO!\ASSISTANT\ASSIST\YASSIST.DLL] [Yahoo! China, 3, 1, 8, 1023]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL] [Xi, 1.60.11]
[C:\WINDOWS\SYSTEM\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\SYSTEM\MFC42LOC.DLL] [Microsoft Corporation, 4.21.7303]
[C:\WINDOWS\SYSTEM\XUNLEIBHO_V8.DLL] [$, 4, 5, 1, 33]
[C:\WINDOWS\SYSTEM\MSVCP60.DLL] [Microsoft Corporation, 6.00.8972.0]
[C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\ACROBAT\ACTIVEX\ACROIEHELPER.DLL] [Adobe Systems Incorporated, 6.0.0.2003051500]
[C:\WINDOWS\SYSTEM\SHFOLDER.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\BROWSELC.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RAVEXT.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\LINKINFO.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\WEBCHECK.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSSHRUI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MYDOCS.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\WINDOWS\SYSTEM\SHD401LC.DLL] [Microsoft Corporation, 5.50.4914.1400]
[C:\WINDOWS\SYSTEM\BROWSEUI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\SHDOC401.DLL] [Microsoft Corporation, 5.50.4914.1400]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\SHDOCVW.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\EXPLORER.EXE] [Microsoft Corporation, 4.72.3110.1]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
[PID: 4292991027][C:\WINDOWS\SYSTEM\WINTRUST.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\URLMON.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSAFD.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RNR20.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SENSAPI.DLL] [Microsoft Corporation, 5.50.4807.2300]
[C:\WINDOWS\SYSTEM\RASAPI32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SECUR32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SVRAPI.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSNET32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSPWL32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\TAPI32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\NETAPI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] [N/A, ]
[C:\WINDOWS\SYSTEM\MPR.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\WSOCK32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\MSWSOCK.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHFOLDER.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\INDICDLL.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1200]
[D:\WORKS\年报\07年中报\SRENG\SRENGPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\SYSTEM\WS2_32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\WS2HELP.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\WINMM.DLL] [Microsoft Corporation, 4.03.1998]
[C:\WINDOWS\SYSTEM\CRYPT32.DLL] [Microsoft Corporation, 5.131.1877.5]
[C:\WINDOWS\SYSTEM\RPCRT4.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\MSOSS.DLL] [Microsoft Corporation, 5.131.1877.3]
[C:\WINDOWS\SYSTEM\VERSION.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\OLEAUT32.DLL] [Microsoft Corporation, 2.40.4518]
[C:\WINDOWS\SYSTEM\OLEDLG.DLL] [Microsoft Corporation, 1.0]
[C:\WINDOWS\SYSTEM\MSVCRT20.DLL] [Microsoft Corporation, 2.11.000]
[C:\WINDOWS\SYSTEM\OLE32.DLL] [Microsoft Corporation, 4.71.2900]
[C:\WINDOWS\SYSTEM\WINSPOOL.DRV] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\COMDLG32.DLL] [Microsoft Corporation, 4.72.3510.2300]
[C:\WINDOWS\SYSTEM\SHELL32.DLL] [Microsoft Corporation, 4.72.3612.1700]
[C:\WINDOWS\SYSTEM\COMCTL32.DLL] [Microsoft Corporation, 5.81]
[C:\WINDOWS\SYSTEM\IMM32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106]
[C:\WINDOWS\SYSTEM\MSVCRT.DLL] [Microsoft Corporation, 6.00.8797.0]
[C:\WINDOWS\SYSTEM\USER32.DLL] [Microsoft Corporation, 4.10.2222]
[C:\WINDOWS\SYSTEM\GDI32.DLL] [Microsoft Corporation, 4.10.1998]
[C:\WINDOWS\SYSTEM\ADVAPI32.DLL] [Microsoft Corporation, 4.80.1675]
[C:\WINDOWS\SYSTEM\KERNEL32.DLL] [Microsoft Corporation, 4.10.2222]
==================================
小盆子 - 2007-10-15 11:00:00
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MS.w95.spi.osp
C:\WINDOWS\SYSTEM\mswsosp.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.tcp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.udp
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.raw
C:\WINDOWS\SYSTEM\msafd.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MS.w95.spi.rsvptcp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
MS.w95.spi.rsvpudp
C:\WINDOWS\SYSTEM\rsvpsp.dll(Microsoft Corporation, Microsoft Windows Rsvp 1.0 Service Provider)
==================================
Autorun.inf
[E:\]
[AutoRun]
open=AutoRun.exe
shellexecute=AutoRun.exe
shell\打开(&O)\command=AutoRun.exe
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
小盆子 - 2007-10-15 13:02:00
怎么没人回复啊
大家帮帮忙啊
日不懂啊 - 2007-10-15 13:31:00
日志不全,注册表,服务,驱动的信息没有
但能看到是中了木马群,比较麻烦
LZ把日志贴全
小盆子 - 2007-10-15 13:33:00
是全的呀...
小盆子 - 2007-10-15 13:38:00
扫描后保存的 SREngLOG.log 用写字板打开,然后全部复制出来的呀
日不懂啊 - 2007-10-15 13:52:00
服务
N/A
==================================
驱动程序
N/A
????
要不这样,你重新扫描日志,扫描的项目全选上,日志出来后,把后缀log改为TXT,上传文件上来看
小盆子 - 2007-10-15 13:57:00
日不懂啊 - 2007-10-15 13:59:00
这这这么牛B?
找到E盘下的这个文件AutoRun.exe压缩加密1234,发送到我的邮箱,地址见签名,谢谢
发给我以后,你先用这个弄弄看吧
下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar
小盆子 - 2007-10-15 14:00:00
刚刚又出来了一个新病毒
worm.win32.pabug.aq
日不懂啊 - 2007-10-15 14:01:00
我看到了,病毒一大堆的,先把样本发给我看看
然后用WINDOWS清理助手先弄下
小盆子 - 2007-10-15 14:08:00
非常感谢!!!
可是我在E盘怎么找不到 AutoRun.exe 这个文件呢??
日不懂啊 - 2007-10-15 14:09:00
显示隐藏文件会么?
估计是隐藏的,呵呵
日不懂啊 - 2007-10-15 14:11:00
如果显示不了隐藏文件的话,哼哼~~
把下列内容复制到新建的文档中,把后缀修改为.reg双击,就好了
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
小盆子 - 2007-10-15 14:14:00
是在 “文件夹选项”——“查看”里设置的吧?我选的是“显示所有文件”呀,不过在D盘找到两个
d:\接收\e\显卡\intel\i740\inter
d:\win98\viewor
日不懂啊 - 2007-10-15 14:18:00
是这样显示隐藏文件的
AUTORUN.EXE是在E盘的
小盆子 - 2007-10-15 14:20:00
那把这个文档放在哪里呢?随便都可以吗?
小盆子 - 2007-10-15 14:29:00
我把它放E盘了,双击后出现对话框
“确实要把e:\文档.reg 内的信息添加到注册表吗?”
点击 “是” 后出现:“不能引入 e:\文档.reg :指定的文件不是注册表脚本,只能引入注册表文件
还是找不到
日不懂啊 - 2007-10-15 14:34:00
小盆子 - 2007-10-15 14:37:00
把这个改成 .reg 的文件吗?
小盆子 - 2007-10-15 14:39:00
直接打开怎么会有乱码呀?
小盆子 - 2007-10-15 16:13:00
小盆子 - 2007-10-15 17:13:00
98的系统,用不了 arswp(Windows清理助手).......
xiaoshen1987 - 2007-10-15 18:14:00
可以进安全模式看下,使用瑞星的开机扫描
小盆子 - 2007-10-15 18:57:00
我运行sreng,点击 启动项目 注册表里边出现警告:
警告!注册表值 AppInit.DLLs 被修改为非正常值(默认值是空)。请检查你的系统中可能存在的计算机病毒
名字:AppInit.DLLs 数据:raqjbpi.dll
键路径:HKEY LOCAL MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
© 2000 - 2026 Rising Corp. Ltd.