电脑中了前所未有的超级病毒35661.exe bbs.ikaka.com

asay - 2008-4-3 17:12:00

[CODE]

2008-04-03,16:41:08

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<QQDownload><; "d:\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<RavTask><"D:\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
<Thunder><; "E:\thunder\ThunderShell.exe" /s> []
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Adobe Reader Speed Launcher><; "D:\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<ApacheTomcatMonitor><; "d:\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6> [Apache Software Foundation]
<PCSuiteTrayApplication><; D:\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<SMSTray><; d:\Samsung\Samsung Media Studio 5\SMSTray.exe> [(Verified)SAMSUNG ELECTRONICS.Co.LTD]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SunJavaUpdateSched><; "D:\Java\jre1.6.0_05\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================

asay - 2008-4-3 17:12:00

启动文件夹
N/A

==================================
服务
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Stopped/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<d:\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[DCOM Service Process Manager / DCOMManager16][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\inf\pcidev32.inf><Microsoft Corporation>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\35661.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Apache Tomcat / Tomcat6][Running/Auto Start]
<"d:\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6><Apache Software Foundation>
[Windows Network Media Service / UiPlayer][Running/Auto Start]
<C:\Program Files\UitvDll\msrv.exe><>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bootdrv / bootdrv][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[Digi PortServer Driver / DIGIRPS][Stopped/Manual Start]
<system32\DRIVERS\digirlpt.sys><Digi International, Inc.>
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
<System32\Drivers\FTCkillfile.sys><N/A>
[FTCProtect / FTCProtect][Stopped/Manual Start]
<System32\Drivers\FTCProtect.sys><N/A>
[FTCProTime / FTCProTime][Stopped/Manual Start]
<System32\Drivers\FTCProTime.sys><N/A>
[VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver / GETNDIS][Running/Manual Start]
<system32\DRIVERS\getnd5b.sys><VIA Networking Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ntsim.sys><VIA Networking Technologies, Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nVidia WDM Video Capture (universal) / nvcap][Running/Auto Start]
<system32\DRIVERS\nvcap.sys><N/A>
[nVidia WDM A/V Crossbar / NVXBAR][Running/Auto Start]
<system32\DRIVERS\NVxbar.sys><NVIDIA Corporation>
[ProGCD / ProGCD][Running/Auto Start]
<\SystemRoot\System32\DRIVERS\ProGsys.sys><HangZhou Metadata Co.,LTD>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================

asay - 2008-4-3 17:13:00

浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <d:\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[]
{00723EB0-3450-4D7B-8356-E3FD0E48E020} <C:\WINDOWS\system32\jzxtytdyyv.dll, N/A>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Thunder5下载]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\ThunderBHONew.dll, Thunder Networking Technologies,LTD>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Thunder5下载辅助]
{EA2FCCA9-F44F-43DD-9724-9339950D103C} <C:\WINDOWS\ThunderHelper.dll, Thunder Networking Technologies,LTD>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[Invoke Class]
{FFB3D068-F8DA-4370-A71E-83B1C959CDD6} <C:\WINDOWS\system32\0351.dll, >
[Java Plug-in 1.6.0_05]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动WEB迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Java Plug-in 1.6.0_05]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[RavOnline Class]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Technology Co., Ltd.>
[Java Plug-in 1.6.0_05]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <D:\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Java\jre1.6.0_05\bin\npjpi160_05.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <d:\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v8.dll, >
[]
{00723EB0-3450-4D7B-8356-E3FD0E48E020} <C:\WINDOWS\system32\jzxtytdyyv.dll, N/A>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Thunder5下载]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\ThunderBHONew.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Thunder5下载辅助]
{EA2FCCA9-F44F-43DD-9724-9339950D103C} <C:\WINDOWS\ThunderHelper.dll, Thunder Networking Technologies,LTD>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
{F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Invoke Class]
{FFB3D068-F8DA-4370-A71E-83B1C959CDD6} <C:\WINDOWS\system32\0351.dll, >
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用超级旋风下载]
<d:\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<d:\Tencent\QQDownload\getAllurl.htm, N/A>
[&使用迅雷下载]
<E:\thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<E:\thunder\getallurl.htm, N/A>
[使用WEB迅雷下载]
<d:\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
<d:\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\qq\QQ\AddEmotion.htm, N/A>
[用比特精灵下载(&B)]
<F:\BitSpirit\bsurl.htm, N/A>

==================================

asay - 2008-4-3 17:14:00

正在运行的进程
[PID: 700 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 804 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1084 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1184 / SYSTEM][D:\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1200 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1372 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1512 / SYSTEM][D:\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.75]
[D:\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[D:\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[D:\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[D:\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
[D:\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[D:\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
[D:\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[D:\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
[D:\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[D:\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[D:\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[D:\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 25]
[D:\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[D:\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[D:\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[D:\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 56]
[D:\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[D:\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[D:\RISING\RAV\urutils.dll] [, 20, 0, 0, 4]
[D:\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[D:\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]

asay - 2008-4-3 17:15:00

[PID: 1576 / SYSTEM][d:\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[d:\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[d:\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[d:\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[d:\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[d:\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1696 / SYSTEM][d:\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.29]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[d:\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1960 / SYSTEM][d:\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 416 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 580 / SYSTEM][D:\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[D:\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1272 / SYSTEM][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.030]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1396 / SYSTEM][d:\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 1, 13]
[d:\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1492 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\inf\pcidev32.inf] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\windows\inf\pciloader16.exe] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1760 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7643]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1048 / SYSTEM][d:\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe] [Apache Software Foundation, 2.0.3.0]
[D:\Java\jre1.6.0_03\bin\client\jvm.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Java\jre1.6.0_03\bin\hpi.dll] [Sun Microsystems, Inc., 6.0.30.5]
[D:\Java\jre1.6.0_03\bin\verify.dll] [Sun Microsystems, Inc., 6.0.30.5]
[D:\Java\jre1.6.0_03\bin\java.dll] [Sun Microsystems, Inc., 6.0.30.5]
[D:\Java\jre1.6.0_03\bin\zip.dll] [Sun Microsystems, Inc., 6.0.30.5]
[D:\java\jre1.6.0_03\bin\net.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1260 / SYSTEM][C:\Program Files\UitvDll\msrv.exe] [, 1, 0, 1, 2]
[C:\Program Files\UitvDll\UiPlay.dll] [, 3.0.4.1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2732 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3664 / askhar1][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[c:\windows\inf\pcidev32.inf] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\jzxtytdyyv.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[G:\N72\WinAVI\WinAVI\SimpleExt.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03]
[C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03]
[C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[d:\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 62]
[C:\WINDOWS\system32\xunleibho_v8.dll] [, 4, 5, 1, 33]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\system32\0351.dll] [, 1, 0, 0, 2]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[d:\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,0,201,0]

asay - 2008-4-3 17:15:00

[PID: 3752 / askhar1][d:\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[d:\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[d:\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[d:\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 3812 / askhar1][D:\RISING\RAV\RavMon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.14]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
[D:\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[D:\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 25]
[D:\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
[D:\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[D:\RISING\RAV\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\RISING\RAV\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[D:\RISING\RAV\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3844 / askhar1][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2340 / askhar1][D:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.22]
[D:\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 2820 / askhar1][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3200 / askhar1][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1856 / SYSTEM][C:\WINDOWS\system32\35661.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3860 / askhar1][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[d:\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 62]
[C:\WINDOWS\system32\xunleibho_v8.dll] [, 4, 5, 1, 33]
[C:\WINDOWS\system32\jzxtytdyyv.dll] [N/A, ]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[C:\WINDOWS\ThunderBHONew.dll] [Thunder Networking Technologies,LTD, 1.1.5.0]
[D:\Java\jre1.6.0_05\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.50.13]
[D:\Java\jre1.6.0_05\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\ThunderHelper.dll] [Thunder Networking Technologies,LTD, 1.1.5.0]
[C:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[C:\WINDOWS\system32\0351.dll] [, 1, 0, 0, 2]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[D:\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3080 / askhar1][D:\qq\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2080 / askhar1][C:\WINDOWS\system32\restore\rstrui.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[D:\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 4048 / askhar1][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\d01.dll] [ , 1, 0, 0, 3]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 3336 / askhar1][d:\rising\rfw\RfwCfg.exe] [Beijing Rising Technology Co., Ltd., 7.0.2.53]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[d:\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[d:\rising\rfw\ProxyCtr.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.1]
[d:\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[d:\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[d:\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 2500 / askhar1][C:\DOCUME~1\askhar1\LOCALS~1\Temp\Rar$EX00.547\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\DOCUME~1\askhar1\LOCALS~1\Temp\Rar$EX00.547\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]

==================================

asay - 2008-4-3 17:16:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [UltraEdit.ini]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS Error. [%WINDIR%\System32\CScript.exe //nologo "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2644, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2644, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

黑马骑士 - 2008-4-3 17:16:00

好像没什么问题啊？你关闭这个进程，有什么异常吗？

asay - 2008-4-3 17:20:00

没有异常　但是删除后又出现

asay - 2008-4-3 17:24:00

IE显示上头显示这个：＂系统检测到您感染了恶意软件，这会导致您上网时网页不能正常显示，上网速度变慢... 按此下载系统优化专家修复您的系统＂，莫名弹出一些网页

天月来了 - 2008-4-3 17:35:00

日志里看到它的启动项了

直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。
一定以附件形式发这论坛来。
点击我这贴右下角的“引用”然后就应该知道怎么发了。

你可以打开日志后，在左上角的“编辑”里选择“全选”再选择“复制”
就可以彻底复制日志内容到另一个空记事本保存了

asay - 2008-4-3 17:38:00

引用:

【asay的贴子】IE显示上头显示这个：＂系统检测到您感染了恶意软件，这会导致您上网时网页不能正常显示，上网速度变慢... 按此下载系统优化专家修复您的系统＂，莫名弹出一些网页
………………

附件: 1035264200843172609.rar

天月来了 - 2008-4-3 18:03:00

这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。
http://dl.filseclab.com/down/powerrmv.zip

删除：
c:\windows\inf\pciloader16.exe
C:\WINDOWS\system32\jzxtytdyyv.dll
C:\WINDOWS\system32\0351.dll
c:\windows\inf\pcidev32.inf
C:\WINDOWS\system32\35661.exe
C:\WINDOWS\System32\Drivers\bootdrv.sys
——————————————————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》Win32服务应用程序》里面找下面项删除，或将启动类型改为“Disabled”
==================================
服务
[DCOM Service Process Manager / DCOMManager16][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\inf\pcidev32.inf><Microsoft Corporation>

[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\35661.exe><Microsoft Corporation>
————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除，或将启动类型改为“Disabled”
==================================
驱动程序
[bootdrv / bootdrv][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
==================================
浏览器加载项
[]
{00723EB0-3450-4D7B-8356-E3FD0E48E020} <C:\WINDOWS\system32\jzxtytdyyv.dll, N/A>
[Invoke Class]
{FFB3D068-F8DA-4370-A71E-83B1C959CDD6} <C:\WINDOWS\system32\0351.dll, >
[]
{00723EB0-3450-4D7B-8356-E3FD0E48E020} <C:\WINDOWS\system32\jzxtytdyyv.dll, N/A>
[Invoke Class]
{FFB3D068-F8DA-4370-A71E-83B1C959CDD6} <C:\WINDOWS\system32\0351.dll, >
————————————————————————————————————
再重启电脑，升级杀毒软件至最新版本全盘杀毒。

下载卡卡助手，清理你那系统。

记得打打系统漏洞补丁

清空IE缓存，清空临时文件夹。

这里下载 W i n d o w s 清理助手，清理你那系统。
http://www.arswp.com/

asay - 2008-4-3 18:04:00

版主在吗？我把报告文件上传过去了，又有一些新的状况出现了web讯雷自动关闭报告错又自动重启又报告错误具体内容如下：---------------------Exception---------------------------------
程序启动时间: 2008-04-03 17:34:15
发生异常时间: 2008-04-03 17:34:45
崩溃线程ID: 2816

Microsoft Windows XP Service Pack 2 [Build 5.1.2600]

WebThunder 1.12.2.210
-----------------------------------
Type: EXCEPTION_UNCATCH_THROW
Address: 0x7C812A5B
Error: [2816][asyn_io_manager] (_is_idle) not true, file: E:\cvs_root\download_lib2_1211_hyf\download_lib2\p2s_download\backend_agent\statistic_report_handler.cpp line: 271

Call stack:
0x7C800000[12A5B] kernel32.dll: RaiseException[+52](-536838143,1,1,19529624)
0x10000000[2E137E] download_interface.dll: (19529344,0,0,13991072)
0x7C800000[B683] kernel32.dll: GetModuleFileNameA[+1B4](0,0,0,0)

Modules:
-----------------------------------
[ 0x00400000 ] d:\Thunder Network\WebThunder\WebThunder.exe [1.12.2.210,2008-01-19 16:24:58]
[ 0x00D10000 ] d:\Thunder Network\WebThunder\asyn_dns.dll [2.21.2.204,2007-12-14 14:53:22]
[ 0x00F40000 ] d:\Thunder Network\WebThunder\streammedialib.dll [1.3.2.107,2007-12-17 10:39:23]
[ 0x012A0000 ] d:\Thunder Network\WebThunder\al.dll [1.0.1.3,2008-01-02 14:36:46]
[ 0x01320000 ] d:\Thunder Network\WebThunder\xldc.dll [1.0.2.14,2008-01-07 16:06:38]
[ 0x01370000 ] d:\Thunder Network\WebThunder\bd.dll [1.0.2.6,2008-01-07 14:58:08]
[ 0x02200000 ] d:\Thunder Network\WebThunder\RegisterDll.dll [2.16.5.63,2007-11-21 10:24:22]
[ 0x02240000 ] C:\WINDOWS\system32\MSVCIRT.dll [7.0.2600.2180,2004-08-04 13:58:28]
[ 0x02460000 ] d:\Thunder Network\WebThunder\CacheServer.dll [1.0.0.1,2007-06-23 16:42:36]
[ 0x02FE0000 ] C:\WINDOWS\system32\shdoclc.dll [6.0.2900.2180,2004-08-04 15:51:50]
[ 0x036B0000 ] d:\Thunder Network\WebThunder\XLSafe\SafeInfo.dll [1.0.1.2,2007-12-25 10:42:13]
[ 0x03890000 ] d:\Thunder Network\WebThunder\XLSafe\RMFScan.dll [,2007-12-11 14:51:41]
[ 0x03CB0000 ] D:\Rising\Rav\RavScrCh.dll [20.0.0.3,2007-07-12 12:22:05]
[ 0x03F20000 ] d:\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll [1.0.3.21,2007-11-13 15:41:13]
[ 0x04060000 ] d:\Thunder Network\WebThunder\XLStatistic\XLStatisticAddin.dll [1.4.1.5,2008-01-08 18:16:53]
[ 0x10000000 ] d:\Thunder Network\WebThunder\download_interface.dll [2.21.2.204,2007-12-14 14:53:45]
[ 0x16080000 ] C:\Program Files\Bonjour\mdnsNSP.dll [1.0.3.1,2006-03-01 04:42:29]
[ 0x20000000 ] C:\WINDOWS\system32\xpsp2res.dll [5.1.2600.2180,2004-08-04 15:54:11]
[ 0x21F00000 ] d:\Thunder Network\WebThunder\XLNet.Dll [1.2.1.9,2007-06-25 12:40:54]
[ 0x221D0000 ] d:\Thunder Network\WebThunder\stlport_vc646.dll [4.6.2003.1031,2007-11-23 20:28:43]
[ 0x33000000 ] d:\Thunder Network\WebThunder\TaskManager.dll [1.3.0.52,2007-12-24 19:52:51]
[ 0x4BFE0000 ] C:\WINDOWS\system32\winzm.ime [5.1.2600.2180,2004-08-04 15:52:05]
[ 0x5ADC0000 ] C:\WINDOWS\system32\uxtheme.dll [6.0.2900.2180,2004-08-04 15:52:01]
[ 0x5D170000 ] C:\WINDOWS\system32\COMCTL32.dll [5.82.2900.2982,2006-08-25 23:49:43]
[ 0x5FDD0000 ] C:\WINDOWS\system32\NETAPI32.dll [5.1.2600.2976,2006-08-17 20:29:48]
[ 0x60000000 ] d:\rising\rfw\olemon.dll [7.0.0.6,2008-03-19 19:34:30]
[ 0x60FD0000 ] C:\WINDOWS\system32\hnetcfg.dll [5.1.2600.2180,2004-08-04 15:51:15]
[ 0x61BE0000 ] C:\WINDOWS\system32\MFC42LOC.DLL [6.0.8665.0,2001-09-01 07:01:06]
[ 0x62C20000 ] C:\WINDOWS\system32\LPK.DLL [5.1.2600.2180,2004-08-04 15:51:31]
[ 0x68D60000 ] C:\WINDOWS\system32\DBGHELP.dll [5.1.2600.2180,2004-08-04 15:51:09]
[ 0x70000000 ] d:\rising\rfw\ijt_base.dll [7.0.0.15,2008-02-26 09:33:46]
[ 0x719C0000 ] C:\WINDOWS\system32\MSWSOCK.dll [5.1.2600.2180,2004-08-04 15:54:25]
[ 0x71A00000 ] C:\WINDOWS\System32\wshtcpip.dll [5.1.2600.2180,2004-08-04 15:53:13]
[ 0x71A10000 ] C:\WINDOWS\system32\WS2HELP.dll [5.1.2600.2180,2004-08-04 15:53:03]
[ 0x71A20000 ] C:\WINDOWS\system32\WS2_32.dll [5.1.2600.2180,2004-08-04 15:53:02]
[ 0x71A40000 ] C:\WINDOWS\system32\WSOCK32.dll [5.1.2600.2180,2004-08-04 15:53:15]
[ 0x72240000 ] C:\WINDOWS\system32\sensapi.dll [5.1.2600.2180,2004-08-04 15:51:41]
[ 0x72F70000 ] C:\WINDOWS\system32\WINSPOOL.DRV [5.1.2600.2180,2004-08-04 15:52:01]
[ 0x73000000 ] C:\WINDOWS\system32\USP10.dll [1.471.4030.0,2003-06-27 18:24:14]
[ 0x73270000 ] C:\WINDOWS\system32\vbscript.dll [5.6.0.8820,2004-08-04 15:51:55]
[ 0x73640000 ] C:\WINDOWS\system32\msctfime.ime [5.1.2600.2180,2004-08-04 15:52:36]
[ 0x73D30000 ] C:\WINDOWS\system32\MFC42.DLL [6.2.4131.0,2004-08-04 15:51:26]
[ 0x74620000 ] C:\WINDOWS\system32\msls31.dll [3.10.349.0,2001-09-01 06:58:54]
[ 0x74650000 ] C:\WINDOWS\system32\msimtf.dll [5.1.2600.2180,2004-08-04 15:53:38]
[ 0x74680000 ] C:\WINDOWS\system32\MSCTF.dll [5.1.2600.2180,2004-08-04 15:52:35]
[ 0x74CF0000 ] C:\WINDOWS\system32\mlang.dll [6.0.2900.2530,2004-10-16 04:54:41]
[ 0x75430000 ] C:\WINDOWS\system32\CRYPTUI.dll [5.131.2600.2180,2004-08-04 15:51:05]
[ 0x759D0000 ] C:\WINDOWS\system32\USERENV.dll [5.1.2600.2180,2004-08-04 15:51:59]
[ 0x75BC0000 ] C:\WINDOWS\system32\jscript.dll [5.6.0.8834,2007-11-14 15:27:09]
[ 0x75C60000 ] C:\WINDOWS\system32\urlmon.dll [6.0.2900.3268,2007-12-07 09:06:00]
[ 0x75E00000 ] C:\WINDOWS\system32\SXS.DLL [5.1.2600.3019,2006-10-20 09:37:48]
[ 0x75FF0000 ] C:\WINDOWS\system32\MSVCP60.dll [6.2.3104.0,2004-08-04 15:54:18]
[ 0x762F0000 ] C:\WINDOWS\system32\MSIMG32.dll [5.1.2600.2180,2004-08-04 15:53:36]
[ 0x76300000 ] C:\WINDOWS\system32\IMM32.DLL [5.1.2600.2180,2004-08-04 15:51:41]
[ 0x76320000 ] C:\WINDOWS\system32\comdlg32.dll [6.0.2900.2180,2004-08-04 15:51:36]
[ 0x765E0000 ] C:\WINDOWS\system32\CRYPT32.dll [5.131.2600.2180,2004-08-04 15:51:00]
[ 0x76680000 ] C:\WINDOWS\system32\WININET.dll [6.0.2900.3268,2007-12-07 09:06:00]
[ 0x76990000 ] C:\WINDOWS\system32\ole32.dll [5.1.2600.2726,2005-07-26 12:39:49]
[ 0x76B10000 ] C:\WINDOWS\system32\WINMM.dll [5.1.2600.2180,2004-08-04 15:52:33]
[ 0x76BC0000 ] C:\WINDOWS\system32\PSAPI.DLL [5.1.2600.2180,2004-08-04 15:52:17]
[ 0x76C00000 ] C:\WINDOWS\system32\WINTRUST.dll [5.131.2600.2180,2004-08-04 15:52:04]
[ 0x76C60000 ] C:\WINDOWS\system32\imagehlp.dll [5.1.2600.2180,2004-08-04 15:51:26]
[ 0x76D30000 ] C:\WINDOWS\system32\iphlpapi.dll [5.1.2600.2912,2006-05-19 21:14:08]
[ 0x76D70000 ] C:\WINDOWS\system32\appHelp.dll [5.1.2600.2180,2004-08-04 15:51:35]
[ 0x76DB0000 ] C:\WINDOWS\system32\MSASN1.dll [5.1.2600.2180,2004-08-04 15:52:28]
[ 0x76E50000 ] C:\WINDOWS\system32\rtutils.dll [5.1.2600.2180,2004-08-04 15:51:50]
[ 0x76E60000 ] C:\WINDOWS\system32\rasman.dll [5.1.2600.2180,2004-08-04 15:51:42]
[ 0x76E80000 ] C:\WINDOWS\system32\TAPI32.dll [5.1.2600.2180,2004-08-04 15:51:53]
[ 0x76EB0000 ] C:\WINDOWS\system32\RASAPI32.DLL [5.1.2600.2180,2004-08-04 15:51:38]
[ 0x76EF0000 ] C:\WINDOWS\system32\DNSAPI.dll [5.1.2600.2938,2006-06-27 01:41:39]
[ 0x76F30000 ] C:\WINDOWS\system32\WLDAP32.dll [5.1.2600.2180,2004-08-04 15:52:07]
[ 0x76F80000 ] C:\WINDOWS\System32\winrnr.dll [5.1.2600.2180,2004-08-04 15:51:57]
[ 0x76F90000 ] C:\WINDOWS\system32\rasadhlp.dll [5.1.2600.2938,2006-06-27 01:41:39]
[ 0x76FA0000 ] C:\WINDOWS\system32\CLBCATQ.DLL [2001.12.4414.308,2005-07-26 12:39:45]
[ 0x77020000 ] C:\WINDOWS\system32\COMRes.dll [2001.12.4414.258,2004-08-04 15:51:40]
[ 0x770F0000 ] C:\WINDOWS\system32\OLEAUT32.dll [5.1.2600.3266,2007-12-05 02:40:02]
[ 0x77180000 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [6.0.2900.2982,2006-08-25 23:49:41]
[ 0x77BD0000 ] C:\WINDOWS\system32\VERSION.dll [5.1.2600.2180,2004-08-04 15:51:59]
[ 0x77BE0000 ] C:\WINDOWS\system32\msvcrt.dll [7.0.2600.2180,2004-08-04 15:54:19]
[ 0x77C40000 ] C:\WINDOWS\system32\msv1_0.dll [5.1.2600.2180,2004-08-04 15:54:16]
[ 0x77D10000 ] C:\WINDOWS\system32\USER32.dll [5.1.2600.3099,2007-03-08 23:37:22]
[ 0x77DA0000 ] C:\WINDOWS\system32\ADVAPI32.dll [5.1.2600.2180,2004-08-04 15:51:22]
[ 0x77E50000 ] C:\WINDOWS\system32\RPCRT4.dll [5.1.2600.3173,2007-07-09 21:09:42]
[ 0x77EF0000 ] C:\WINDOWS\system32\GDI32.dll [5.1.2600.3159,2007-06-19 21:32:09]
[ 0x77F40000 ] C:\WINDOWS\system32\SHLWAPI.dll [6.0.2900.3268,2007-12-07 09:05:59]
[ 0x77FC0000 ] C:\WINDOWS\system32\Secur32.dll [5.1.2600.2180,2004-08-04 15:52:01]
[ 0x7C340000 ] d:\Thunder Network\WebThunder\MSVCR71.dll [7.10.3052.4,2003-02-21 20:42:20]
[ 0x7C800000 ] C:\WINDOWS\system32\kernel32.dll [5.1.2600.3119,2007-04-16 23:54:26]
[ 0x7C920000 ] C:\WINDOWS\system32\ntdll.dll [5.1.2600.2180,2004-08-04 15:52:00]
[ 0x7C9C0000 ] C:\WINDOWS\system32\msi.dll [3.1.4000.4039,2007-04-19 00:12:13]
[ 0x7D590000 ] C:\WINDOWS\system32\SHELL32.dll [6.0.2900.3241,2007-10-26 00:54:47]
[ 0x7E210000 ] C:\WINDOWS\system32\mshtml.dll [6.0.2900.3268,2007-12-07 09:05:56]
[ 0x7E550000 ] C:\WINDOWS\system32\shdocvw.dll [6.0.2900.3268,2007-12-07 09:05:59]
___________________________________

瑞星卡卡安全论坛