瑞星卡卡安全论坛
飞鸟の爱 - 2008-3-5 5:44:00
刚才在搜搜上下歌的时候中毒了 机器卡住完全不动 我是双系统的 另外一个系统装的喀吧司机 没办法启动另外一个系统杀毒 杀出好多病毒 结果杀完毒以后换回装有瑞星的系统以后系统正常了 但360安全卫士瑞星防火墙和杀毒软件全没有启动 修复也不起作用 无奈重新下载安装的 现在都正常了
这是喀吧杀出的病毒
已隔离:病毒 Heur.Trojan.Generic (修改) 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\6P2R4H67\17[1].exe//PE_Patch//UPack//data0000.bin//UPack
已隔离:病毒 Heur.Trojan.Generic (修改) 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\KX6FCHMF\14[1].exe//UPack
已隔离:病毒 Heur.Invader (修改) 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\O2F6PJVP\12[1].exe//PE_Patch//UPack
已删除:木马程序 Trojan-PSW.Win32.OnLineGames.ssr 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\SHUJ8LMZ\13[1].exe//PE_Patch//UPack
已删除:木马程序 Trojan-Downloader.JS.Multi.f 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\W945UPWF\cuteqq[1].htm
已删除:木马程序 Trojan-PSW.Win32.OnLineGames.sqz 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\WHQZKLU7\16[1].exe//PE_Patch//UPack
已隔离:病毒 Heur.Trojan.Generic (修改) 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\WHQZKLU7\18[1].exe//PE_Patch//UPack//data0000.bin//UPack
已删除:木马程序 Trojan-Downloader.Win32.Agent.jpa 文件: E:\Documents and Settings\马龙\Local Settings\Temporary Internet Files\Content.IE5\WTIJGTYV\xy[1].exe//FSG
已删除:木马程序 Trojan-PSW.Win32.OnLineGames.ssr 文件: E:\WINDOWS\system32\ffEZZEZZ1033.exe//PE_Patch//UPack
已删除:木马程序 Trojan-PSW.Win32.OnLineGames.ssi 文件: E:\WINDOWS\system32\ffEZZEZZ1033.dll//UPack
已删除:病毒 Heur.Trojan.Generic (修改) 文件: E:\WINDOWS\system32\ffIGBWD1045.dll//UPack
已删除:病毒 Heur.Trojan.Generic (修改) 文件: E:\WINDOWS\system32\ffIGBWD1045.exe//PE_Patch//UPack//data0000.bin//UPack
已删除:病毒 Heur.Trojan.Generic (修改) 文件: E:\WINDOWS\system32\ffKADKAD1041.dll//UPack
已删除:病毒 Heur.Trojan.Generic (修改) 文件: E:\WINDOWS\system32\ffKADKAD1041.exe//PE_Patch//UPack//data0000.bin//UPack
已删除:病毒 Heur.Invader (修改) 文件: E:\WINDOWS\system32\sysave.exe
已删除:木马程序 Trojan-PSW.Win32.OnLineGames.sqz 文件: E:\WINDOWS\system32\drivers\msosfpids32.sys
希望瑞星不要再被这些病毒干掉了 好麻烦...
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)附件:
84546820083553246.gif
sako - 2008-3-5 5:55:00
可以扫个日志看看有没有残留
下载 System Repair Engineer,
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把报告保存后以附件的形式发上来,注意把报告文件的扩展名改成“.txt”
sako - 2008-3-5 5:55:00
顺道
下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar
清理临时文件夹:
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
飞鸟の爱 - 2008-3-5 16:05:00
用瑞星又杀出2个脚本文件 360查马又差出2个文件 看来以后不能去搜搜下歌了``2楼说的可以用360清理
飞鸟の爱 - 2008-3-5 16:21:00
[CODE]
2008-03-05,15:58:25
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><E:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATICCC><"E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
<360Safetray><E:\Program Files\360safe\safemon\360tray.exe /start> [奇虎网]
<TkBellExe><"E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<RfwMain><"E:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><E:\WINDOWS\system32\userinit.exe,> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosdohs00.dll,msosmhfp00.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{70c330f3-fb9e-44fc-8f4b-14ab783005e5}><ffEZZEZZ1033.dll> [N/A]
<{80a86c8a-946a-4293-b6c7-0ec135773e8b}><ffIGBWD1045.dll> [N/A]
<{d72e909c-9586-4870-b634-6dfd3b855738}><ffKADKAD1041.dll> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><E:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><E:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe]
<IFEO[ccEvtMgr.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetApp.exe]
<IFEO[ccSetApp.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe]
<IFEO[ccSetMgr.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DefWatch.exe]
<IFEO[DefWatch.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FWMon.exe]
<IFEO[FWMon.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
<IFEO[KVMonXP.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McAgent.exe]
飞鸟の爱 - 2008-3-5 16:23:00
<IFEO[McAgent.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
<IFEO[mctskshd.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe]
<IFEO[mcupdmgr.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLveUpdate.exe]
<IFEO[PFWLveUpdate.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe]
<IFEO[QQSC.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAqent.exe]
<IFEO[RsAqent.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe]
<IFEO[rtvscan.exe]><svchost.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
<IFEO[UpLive.EXE.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><svchost.exe> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<E:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<E:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<E:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Auto Start]
<E:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<E:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dohs / dohs][Stopped/Auto Start]
<\??\E:\DOCUME~1\马龙\LOCALS~1\Temp\tmp27.tmp><N/A>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\E:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[oreans32 / oreans32][Running/System Start]
<\??\E:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\E:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\E:\WINDOWS\system32\TesSafe.sys><TENCENT>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
飞鸟の爱 - 2008-3-5 16:24:00
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <E:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <E:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <E:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[GerneralPeerID Class]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <D:\Thunder\Components\InMedia\peerid.dll, >
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <E:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, TENCENT>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <E:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <E:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <E:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <E:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <E:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <E:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Thunder\Components\InMedia\MediaAddin15.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{80BF4636-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\Program Files\360safe\live.dll, 360safe.com>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <E:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <E:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <E:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <D:\Thunder\Components\DownAndPlay\DapCtrl1.4.19.22.891.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <E:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <E:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <E:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Timwp.dll, TENCENT>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Thunder\Components\DownAndPlay\DapPlayer3.0.44.68.890.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <E:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <E:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[使用迅雷下载]
<D:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Thunder\Program\getallurl.htm, N/A>
[賈痰祺?苟潼]
<, N/A>
[賈痰祺?苟潼????]
<, N/A>
飞鸟の爱 - 2008-3-5 16:25:00
正在运行的进程
[PID: 448 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512 / SYSTEM][\??\E:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 540 / SYSTEM][\??\E:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4131]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 584 / SYSTEM][E:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 596 / SYSTEM][E:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 748 / SYSTEM][E:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4131]
[E:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 760 / SYSTEM][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 848 / NETWORK SERVICE][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 928 / SYSTEM][E:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 944 / SYSTEM][E:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 988 / NETWORK SERVICE][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1084 / LOCAL SERVICE][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1160 / SYSTEM][E:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68]
[E:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[E:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[E:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[E:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0]
[E:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1368 / SYSTEM][E:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1468 / SYSTEM][E:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
飞鸟の爱 - 2008-3-5 16:26:00
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1640 / 马龙][E:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4131]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 1728 / 马龙][E:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[E:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[D:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1]
[E:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
[D:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[D:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
[PID: 192 / 马龙][E:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.60]
[E:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[E:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[E:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[E:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 224 / SYSTEM][E:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 268 / LOCAL SERVICE][E:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 916 / 马龙][E:\Program Files\Rising\Rav\RAVTASK.EXE] [Beijing Rising Technology Co., Ltd., 20.0.0.22]
[E:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1876 / SYSTEM][E:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.74]
[E:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[E:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[E:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[E:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 8]
[E:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
飞鸟の爱 - 2008-3-5 16:27:00
[E:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[E:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[E:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 30]
[E:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[E:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
[E:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[E:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[E:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[E:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[E:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[E:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[E:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[E:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 44]
[E:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[E:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[E:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[E:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 4]
[E:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[E:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
[E:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
[E:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[E:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 2056 / LOCAL SERVICE][E:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 2184 / 马龙][E:\Program Files\Rising\Rav\RAVMON.EXE] [Beijing Rising Technology Co., Ltd., 20.0.01.13]
[E:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 30]
[E:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[E:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[E:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[E:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[E:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[E:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 2476 / SYSTEM][E:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[E:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 3276 / 马龙][E:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.30]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 3284 / 马龙][E:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
飞鸟の爱 - 2008-3-5 16:28:00
[E:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8ab0e213\mscorlib.dll] [N/A, ]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_41148c31\system.windows.forms.dll] [N/A, ]
[e:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2271.38977]
[e:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2208.29985]
[e:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2208.29986]
[e:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2208.29991]
[e:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c34d680c\system.dll] [N/A, ]
[e:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e83e6e4d\system.xml.dll] [N/A, ]
[e:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\program files\ati technologies\ati.ace\cli.component.wizard.dll] [ATI Technologies Inc., 1.2.2271.39004]
[e:\program files\ati technologies\ati.ace\cli.foundation.clients.dll] [ATI Technologies Inc., 1.2.2208.29986]
[e:\program files\ati technologies\ati.ace\cli.component.wizard.shared.dll] [ATI Technologies Inc., 1.2.2208.29987]
[e:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\program files\ati technologies\ati.ace\aticccom.dll] [ATI Technologies Inc., 1.0.0.0]
[e:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29987]
[e:\program files\ati technologies\ati.ace\aem.foundation.dll] [ATI Technologies Inc., 1.2.2208.29985]
[e:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.11.0.0]
[e:\program files\ati technologies\ati.ace\cli.caste.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.39006]
[e:\program files\ati technologies\ati.ace\cli.caste.graphics.wizard.shared.dll] [ATI Technologies Inc., 1.2.2208.29990]
[e:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ead46cf8\system.drawing.dll] [N/A, ]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38995]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38998]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38989]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38992]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38985]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38987]
[e:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.39001]
[e:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.wizard.dll] [ , 1.2.2271.38978]
[e:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38980]
[e:\program files\ati technologies\ati.ace\cli.aspect.transcode.local.wizard.dll] [ATI Technologies Inc., 1.2.2271.39012]
[e:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.wizard.dll] [ATI Technologies Inc., 1.2.2271.38982]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2236.29179]
[e:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29987]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2236.29197]
[e:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29986]
飞鸟の爱 - 2008-3-5 16:29:00
[e:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll] [ATI Technologies Inc., 1.2.2236.29132]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29994]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29993]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29993]
[e:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.30001]
[e:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll] [ATI Technologies Inc., 1.2.2232.28756]
[e:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.30001]
[e:\program files\ati technologies\ati.ace\cli.aspect.transcode.local.shared.dll] [ATI Technologies Inc., 1.2.0.0]
[e:\program files\ati technologies\ati.ace\atixclib.dll] [ , 1.0.0.0]
[e:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29990]
[e:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.2032]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.2407]
[PID: 4024 / 马龙][E:\Program Files\ATI Technologies\ATI.ACE\cli.exe] [ATI Technologies Inc., 1.11.0.0]
[E:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8ab0e213\mscorlib.dll] [N/A, ]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_41148c31\system.windows.forms.dll] [N/A, ]
[e:\program files\ati technologies\ati.ace\cli.implementation.dll] [ATI Technologies Inc., 1.2.2271.38977]
[e:\program files\ati technologies\ati.ace\log.foundation.dll] [ATI Technologies Inc., 1.2.2208.29985]
[e:\program files\ati technologies\ati.ace\cli.foundation.dll] [ATI Technologies Inc., 1.2.2208.29986]
[e:\program files\ati technologies\ati.ace\log.foundation.service.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\program files\ati technologies\ati.ace\log.foundation.shared.dll] [ATI Technologies Inc., 1.2.2208.29991]
[e:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407]
[e:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c34d680c\system.dll] [N/A, ]
[e:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e83e6e4d\system.xml.dll] [N/A, ]
[e:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\program files\ati technologies\ati.ace\cli.component.systemtray.dll] [ATI Technologies Inc., 1.2.2271.39105]
[e:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll] [ATI Technologies Inc., 1.2.2208.29987]
[e:\program files\ati technologies\ati.ace\cli.component.runtime.dll] [ATI Technologies Inc., 1.2.2271.39124]
[e:\program files\ati technologies\ati.ace\aticccom.dll] [ATI Technologies Inc., 1.0.0.0]
[e:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll] [ATI Technologies Inc., 1.11.0.0]
[e:\program files\ati technologies\ati.ace\aem.foundation.dll] [ATI Technologies Inc., 1.2.2208.29985]
[e:\program files\ati technologies\ati.ace\apm.foundation.dll] [ATI Technologies Inc., 1.2.2208.30002]
[e:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[e:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ead46cf8\system.drawing.dll] [N/A, ]
[e:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll] [Microsoft Corporation, 1.1.4322.2407]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll] [Microsoft Corporation, 1.1.4322.2032]
[E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll] [Microsoft Corporation, 1.1.4322.2407]
[PID: 3844 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.exe] [天骥, 1.185.0.0]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 3220 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat] [N/A, ]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
飞鸟の爱 - 2008-3-5 16:32:00
[PID: 3220 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat] [N/A, ]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 1064 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat] [N/A, ]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 1348 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat] [N/A, ]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[PID: 1204 / 马龙][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,431,1723]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3444 / 马龙][E:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[D:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[D:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
[D:\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17]
[D:\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[E:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[E:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[D:\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[E:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 1712 / 马龙][E:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 65]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[E:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[E:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[E:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[E:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[E:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[E:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 94]
[E:\Program Files\Rising\Rav\htmllib.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.15]
[E:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[E:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 86]
[E:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[E:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[E:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[E:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[E:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[E:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 2872 / 马龙][E:\Documents and Settings\马龙\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[E:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[E:\Program Files\360safe\safemon\safemon.dll] [奇虎网, 4, 0, 3, 1003]
[E:\Documents and Settings\马龙\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [E:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [E:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
飞鸟の爱 - 2008-3-5 16:33:00
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 3284, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3284, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3292, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3292, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 4016, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4016, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 4024, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4024, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3844, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3844, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3220, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3220, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许: SeDebugPrivilege [PID = 1064, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1064, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许: SeDebugPrivilege [PID = 1348, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1348, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
飞鸟の爱 - 2008-3-5 16:33:00
日志扫完了 发上来了 好长 全是...
baohe - 2008-3-5 16:39:00
【回复“飞鸟の爱”的帖子】
手工杀毒操作流程见附件
附件:
155847200835162757.txt
飞鸟の爱 - 2008-3-5 17:20:00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosdohs00.dll,msosmhfp00.dll>有两个 不让删除 修改也不行 怎么办呢? 还有就是开启SREngPS以后提示入口点错误:CreateProcessA 入口点错误:CreateProcessW 直接修复说修复成功 但再启动还出 别的都删除了
飞鸟の爱 - 2008-3-5 17:29:00
我在注册表编辑器中找到这3个的位置了 不知道默认值是什么 怎么改?
baohe - 2008-3-5 17:32:00
| 引用: |
【飞鸟の爱的贴子】[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosdohs00.dll,msosmhfp00.dll>有两个 不让删除 修改也不行 怎么办呢? 还有就是开启SREngPS以后提示入口点错误:CreateProcessA 入口点错误:CreateProcessW 直接修复说修复成功 但再启动还出 别的都删除了
……………… |
AppInit_DLLs——————此项键值正常是空的
编辑一下
飞鸟の爱 - 2008-3-5 17:34:00
我改成空的不让 说写入键值出错 另外两个让我删除了.
飞鸟の爱 - 2008-3-5 17:38:00
重命名后可以改成空的了 但不让改回原来的名.
飞鸟の爱 - 2008-3-5 17:47:00
就这么地吧 麻烦你了 有问题我再来问
侠者秋水 - 2008-3-5 18:07:00
猫叔,XDELBOX好像不支持系统盘不是C盘
天月来了 - 2008-3-5 18:13:00
有时候就会忘记的
我都忘记过两次了。
侠者秋水 - 2008-3-5 18:22:00
我怕楼主照做 机器出了啥毛病 猫叔的一世英明就毁了
baohe - 2008-3-5 19:47:00
| 引用: |
【侠者秋水的贴子】猫叔,XDELBOX好像不支持系统盘不是C盘
……………… |
汗!
忘记这码子事了。
天月来了 - 2008-3-5 21:00:00
呵呵!!!
这XDELBOX连猫都忘记注意的事项。
够折腾人的。
立秋凉了 - 2008-3-6 0:04:00
卡巴没有查杀干净!楼主清空临时文件夹后有瑞星的全盘查杀一下!
1
© 2000 - 2026 Rising Corp. Ltd.