[求助]我的电脑每个盘里都有"音乐.exe",这是甚麽病毒锕。 bbs.ikaka.com

御景雅 - 2008-5-28 19:35:00

我的电脑每个盘里都有"音乐.exe",这个文件。

怎麽删也删不掉,任务管理器也打不开了,。

而且杀毒软件也检测不出病毒来。

中毒的原因是被U盘感染了。U盘甚麽时候感染的自己也不知道。

症状如下。

1 每一个盘里都有“音乐.exe”,如果原来有名为“音乐”的文件夹变成了隐藏文件。

2 进程管理器被停用了。

3 控制面板里“显示所有文件”选项失效，隐藏文件无法显示。

4 首页被篡改为www.cnxhack.com，每次开机自动打开。同时IE最上面出现“西盟网络-中国最大网络安全门户”的宣传字样。=.=!!!

5 杀毒软件失效。

6 "音乐.exe"删了又出现,下面貌似还有个隐藏文件。

我的电脑暂时就出现这些症状。

网上相关帖子貌似很少,各大杀毒软件网站也没有专杀出现，以前的“落雪”病毒的症状很相似。好象是个新病毒。

貌似是一个很容易感染并很难清除的毒，建议大家最近小心。

PS,转,360百科的北纬的安全中心的帖子。

有修改了一些,因为我的电脑出现的情况没他的多。

只写出我自己电脑里出现的症状。

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

mopery - 2008-5-28 19:43:00

http://www.kztechs.com/sreng/sreng2.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

御景雅 - 2008-5-28 19:59:00

额。

直接复制到这里就可以了吧。

字节太多了。上传附件的恩。

附件: 新建文本文档.txt

御景雅 - 2008-5-28 20:08:00

现在又发生了个状况。

Internet选项也打不开了。

ToT。

mopery - 2008-5-28 20:22:00

用sreng
删除启动项目=>注册表
<RESSDT><C:\Documents and Settings\All Users\DRM\RESSDT.exe> [N/A]
<WindowsSystem><C:\Program Files\snss.exe /start> []

删除启动项目=>服务
[Remote Access Auto Connection Manager / RasAuto][Stopped/Auto Start]
<C:\WINDOWS\systom32\svchost.exe><N/A>
[Spcvl Srv / Spcvlsvs][Stopped/Auto Start]
<C:\WINDOWS\system32\Spcvls.exe><N/A>

删除启动项目=>服务=>驱动
[SpcvlsvsDrv / SpcvlsvsDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Spcvls.sys><N/A>

重启,删除文件
C:\Documents and Settings\All Users\DRM\
C:\Program Files\snss.exe
C:\WINDOWS\systom32\svchost.exe
C:\WINDOWS\system32\Spcvls.exe
C:\WINDOWS\system32\Spcvls.sys
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
D:\EXPLORER.EXE
E:\EXPLORER.EXE
F:\EXPLORER.EXE

用sreng
系统修复=>windows shell / ie =>全选=>修复

御景雅 - 2008-5-28 21:01:00

谢谢斑竹了锕。

但..前面的这些我都不晓德怎麽删。=.=!!

御景雅 - 2008-5-28 21:40:00

前面都删了。但后面那些隐藏文件都删不掉。

文件夹选项里的那个显示所有文件。还是用不了。

御景雅 - 2008-5-28 22:11:00

全部弄好了。谢谢斑竹了。

嘿嘿嘿。

柳橙沙冰 - 2008-6-2 18:12:00

请斑竹帮忙。。。
我的电脑也是每个盘符都有音乐.exe,已经按您说的扫描了

柳橙沙冰 - 2008-6-2 18:22:00

2008-06-02,17:58:45

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<eMuleAutoStart><C:\Program Files\eMule\eMule.exe -AutoStart> [(Verified)"Shanghai Source Networking Technology Co., Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera> [N/A]
<LHotkey><LHotkey.exe> [Chicony]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<IdnSvr><C:\Program Files\OCINS\idnsvr.exe> [N/A]
<stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [(Verified)Tencent Technology(Shenzhen) Company Limited]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
[mspaint]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\mspaint.lnk --> C:\WINDOWS\system\ccwlxpRes080226.exe [N/A]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\QQ2007\QQ.exe [TENCENT]><N>

==================================
服务
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
<C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[COM+ Service Process Manager / COMLoader32][Others/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\inf\camdrvs.inf><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows pypa RunThem / pypa][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\ktkv\uduf.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SolidPDFConverterReadSpool / ScReadSpool][Running/Auto Start]
<C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe><VoyagerSoft, LLC>

==================================
驱动程序
[123953 / 123953][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\123859.sys><Driver>
[15365 / 15365][Stopped/Manual Start]
<\SystemRoot\system32\drivers\15365.sys><N/A>
[16557 / 16557][Stopped/Manual Start]
<\SystemRoot\system32\drivers\16557.sys><N/A>
[26318 / 26318][Stopped/Manual Start]
<\SystemRoot\system32\drivers\26318.sys><N/A>
[59745 / 59745][Stopped/Manual Start]
<\SystemRoot\system32\drivers\59745.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CALLKEY_IO / CALLKEY_IO][Stopped/Manual Start]
<\??\G:\CALLKEY.sys><N/A>
[cnprov / cnprov][Stopped/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><N/A>
[dmlbmr1 / dmlbmr17][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dmlbmr17.sys><N/A>
[epdyrs6 / epdyrs68][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\epdyrs68.sys><N/A>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
<system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[jecqjo5 / jecqjo52][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\jecqjo52.sys><N/A>
[mzshkee / mzshkee][Running/Boot Start]
<\SystemRoot\system32\drivers\mzshkee.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\QQ2007\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTGDT / NTGDT][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\NTGDT.SYS><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
<system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
<\??\D:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[videX32 / videX32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[zrlnoh6 / zrlnoh69][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\zrlnoh69.sys><N/A>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\QQDownload\QQIEHelper02.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[IESuper]
{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, >
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[AliAntiFish Class]
{38938D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Alisoft\Toolbar\assist\yangling.dll, N/A>
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, N/A>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[]
{956D977E-3EE4-460F-8CD2-23CDEABBDC94} <C:\WINDOWS\system32\nlyypkqp.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[google Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10531} <C:\WINDOWS\ILOVEG~1\google.dll, N/A>
[WZCNBHO Class]
{D500885E-E400-41CA-804B-CD6373A7EEF2} <C:\Program Files\WZCN\cn_ie_wzcn.dll, N/A>
[WosouBHO Class]
{E601995E-E400-41CA-804B-CD6373A7EEF2} <C:\Program Files\Wosou\ie_wosou.dll, Wosou>
[WazapConfig Class]
{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} <C:\Program Files\Wosou\ie_wosou.dll, Wosou>
[PPLive]
{95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, N/A>
[中文上网]
{B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[淘宝工具条]
{78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} <C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll, N/A>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[ICBC Security Ctrl]
{5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\QQDownload\QQIEHelper02.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[Fade]
{16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[EWA Control]
{18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
[IESuperHelper]
{1A49F431-2A2E-41A5-9080-0F41D1A3AEC1} <C:\PROGRA~1\IESuper\iesuper.dll, >
[IESuper]
{1A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\PROGRA~1\PPStream\POWERL~1.OCX, PPStream Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Solid Converter PDF]
{259F616C-A300-44F5-B04A-ED001A26C85C} <C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll, VoyagerSoft, LLC>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[QQToolbar]
{29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[AliAntiFish Class]
{38938D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Alisoft\Toolbar\assist\yangling.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_007.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[WebProtect]
{53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[ICBC Security Ctrl]
{5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll,

柳橙沙冰 - 2008-6-2 18:26:00

阿里巴巴软件(上海)有限公司>
[List Control]
{70CACCCA-8B83-4BCB-B2D1-188E9A495527} <C:\PROGRA~1\PPLive\SYNACA~1.OCX, >
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[IEAux Class]
{7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, N/A>
[淘宝工具条]
{78B2F60E-AFA5-4D3D-A49E-2BFF013D9D23} <C:\PROGRA~1\Alisoft\Toolbar\Assist\yasbar.dll, N/A>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[]
{956D977E-3EE4-460F-8CD2-23CDEABBDC94} <C:\WINDOWS\system32\nlyypkqp.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[QQPlayerSvr Proxy Control]
{CD108273-D434-43E6-AA90-1469F97EB398} <C:\Program Files\QQ2007\QzoneMusic.dll, 腾讯科技>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[google Class]
{CE7C3CF0-4B15-11D1-ABED-709549C10531} <C:\WINDOWS\ILOVEG~1\google.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[WZCNBHO Class]
{D500885E-E400-41CA-804B-CD6373A7EEF2} <C:\Program Files\WZCN\cn_ie_wzcn.dll, N/A>
[AgControl Class]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll, Microsoft Corporation>
[WosouBHO Class]
{E601995E-E400-41CA-804B-CD6373A7EEF2} <C:\Program Files\Wosou\ie_wosou.dll, Wosou>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[InstallCheck Class]
{FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} <C:\Program Files\Alisoft\WangWang\Ali_Check.dll, >
[&使用超级旋风下载]
<C:\Program Files\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\QQDownload\getAllurl.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\QQ2007\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 928 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1056 / SYSTEM][D:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1076 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1152 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1272 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[PID: 1344 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76]
[D:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[D:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
[D:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
[D:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
[D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
[D:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[D:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[D:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[D:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[D:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[D:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 73]
[D:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[D:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[D:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[D:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[D:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
[D:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1360 / SYSTEM][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[d:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[d:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1464 / SYSTEM][d:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.33]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[D:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\program files\rising\rfw\urlrule.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1740 / SYSTEM][d:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1944 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll] [VoyagerSoft, LLC, 3.0.299.5]
[C:\WINDOWS\downlo~1\Uixc.dll] [Tencent, 5, 0, 6, 23]
[C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 120 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 212 / Administrator][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[D:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 244 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1148 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe] [China Merchants Bank, 1, 0, 0, 1]
[C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll] [China Merchants Bank, 1, 0, 0, 1]

柳橙沙冰 - 2008-6-2 18:27:00

[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[PID: 1212 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1380 / SYSTEM][C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe] [VoyagerSoft, LLC, 3.0.299.5]
[PID: 1268 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2192 / Administrator][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[PID: 2208 / Administrator][C:\WINDOWS\LHotkey.exe] [Chicony, 1. 0. 0. 1]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2264 / Administrator][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 2280 / Administrator][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
[D:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[D:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[D:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[D:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
[D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2308 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[PID: 2452 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2576 / Administrator][C:\Program Files\eMule\eMule.exe] [http://www.emule-project.net, 0.48.0.80313 Unicode]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\eMule\config\antiLeech.dll] [http://xtreme-mod.net, 31]
[C:\Program Files\eMule\lang\zh_CN.dll] [http://www.emule-project.net, 0.48.0.80313]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[PID: 2884 / Administrator][C:\Program Files\QQ2007\TXPlatform.exe] [Tencent, 1, 0, 170, 0]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3344 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[PID: 2256 / Administrator][C:\Program Files\PPLive\PPLive.exe] [N/A, ]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\PPLive\UI.DLL] [, 1, 9, 0, 1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\Program Files\PPLive\uilib.dll] [Synacast, 1, 0, 0, 1]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\PROGRA~1\PPLive\common.dll] [, 1, 0, 0, 1]
[C:\Program Files\PPLive\NetTools.dll] [, 1.0.0.2]
[C:\Program Files\PPLive\PPK.DLL] [N/A, ]
[C:\PROGRA~1\PPLive\SYNACA~1.OCX] [, 1, 9, 0, 1]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRA~1\PPLive\ETS.DLL] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\PROGRA~1\PPLive\SYNACA~2.OCX] [Synacast, 1, 9, 0, 2]
[C:\PROGRA~1\PPLive\AM.DLL] [, 2, 0, 0, 0]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\PROGRA~1\PPLive\OPlayer.ocx] [, 1, 0, 2, 1]
[C:\PROGRA~1\PPLive\FWUpnp.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\WMVDECOD.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[C:\WINDOWS\system32\wmpeffects.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 2508 / Administrator][C:\Program Files\PPLive\PPLive.exe] [N/A, ]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\PPLive\MngModule.dll] [, 1, 7, 0, 2]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[PID: 2812 / Administrator][C:\Program Files\PPLive\PPLive.exe] [N/A, ]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\PPLive\pp\ppf.dll] [, 1, 0, 0, 5]
[C:\Program Files\PPLive\pp\PCP.dll] [, 1, 0, 1, 1]
[C:\Program Files\PPLive\pp\EROC.DLL] [Synacast Corp., 1, 2, 0, 1]
[C:\Program Files\PPLive\pp\TEN.DLL] [Synacast, 1, 1, 1, 0]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\PPLive\NetTools.dll] [, 1.0.0.2]
[PID: 480 / Administrator][C:\Program Files\PPLive\PPLive.exe] [N/A, ]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\Program Files\PPLive\Live.dll] [Synacast, 1, 0, 0, 2]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\Program Files\PPLive\PP\kom.dll] [Synacast Corp., 1, 2, 0, 3]
[C:\Program Files\PPLive\PP\EROC.DLL] [Synacast Corp., 1, 2, 0, 1]
[C:\Program Files\PPLive\PP\TEN.DLL] [Synacast, 1, 1, 1, 0]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\PPLive\PP\mir.dll] [Synacast Corp., 1, 3, 4, 6]
[C:\Program Files\PPLive\PP\tpi.dll] [N/A, ]
[PID: 280 / Administrator][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.14: 2008040413]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.8]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.8]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.8]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eh040q75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eh040q75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.65]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.14: 2008040413]
[C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 7]
[C:\WINDOWS\HKNTDLL.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 2652 / Administrator][D:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 3, 17]
[D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 update.cpushpop.com
127.0.0.1 image.yahoo550.com
127.0.0.1 gs.chnsystem.com
127.0.0.1 msl.chnsystem.com
127.0.0.1 ssl.chnsystem.com
127.0.0.1 www.gagagaga.cn
127.0.0.1 down.1024tb.com
127.0.0.1 xconf.coopen.cn
127.0.0.1 log.xplayer.coopen.cn
127.0.0.1 xfile.coopen.cn
127.0.0.1 loader.smartpv.cn
127.0.0.1 alerts.xiaoi.com
127.0.0.1 sports.yahoo550.com
127.0.0.1 update.cnnic.cn
127.0.0.1 jump.cnnic.cn
127.0.0.1 login.zuoyoukongjian.com
127.0.0.1 adfirefox.cn
127.0.0.1 3.wornm.cn
127.0.0.1 5.haokandi.cn
127.0.0.1 b.downadown.cn
127.0.0.1 update.iesuper.com
127.0.0.1 888.843call.cn
127.0.0.1 122.770304123.cn
127.0.0.1 110.770304123.cn
127.0.0.1 343.boolans.com
127.0.0.1 update.smartpv.cn
127.0.0.1 update146.smartpv.cn
127.0.0.1 js4.all4ad.net
127.0.0.1 click2.ad4all.net
127.0.0.1 www.papaop.com
127.0.0.1 realname.webbrowser.smartpv.cn
127.0.0.1 login.webbrowser.smartpv.cn
127.0.0.1 www.cnphp5.com
127.0.0.1 www.133c.cn
127.0.0.1 zhoupk256.3322.org
127.0.0.1 udp.hjob123.com
127.0.0.1 d4.kkads.cn
127.0.0.1 www.zhaoyou8.com
127.0.0.1 www.kkads.cn
127.0.0.1 travel.yahoo550.com
127.0.0.1 soft.16990.com
127.0.0.1 livenews.265.com
127.0.0.1 bak.hjob123.com
127.0.0.1 www.jesuser.cn
127.0.0.1 class.caiyi8.com
127.0.0.1 ownload.baofeng.com
127.0.0.1 www.177i.com
127.0.0.1 www.81891111.com
127.0.0.1 33.xingaide8.cn
127.0.0.1 444.916kk.com
127.0.0.1 www.916kk.com
127.0.0.1 soft2.86sifu.com
127.0.0.1 google.netcdn.com
127.0.0.1 lm.9cdn.com
127.0.0.1 www.z88.com.cn
127.0.0.1 adswin.unet.hk
127.0.0.1 www.borlander.com.cn
127.0.0.1 cab.borlander.com.cn
127.0.0.1 www.333292.com
127.0.0.1 net.jnnic.com
127.0.0.1 www.plunix.org
127.0.0.1 ip.9cdn.com
127.0.0.1 test8.b190.west263.cn
127.0.0.1 yz.jz173.com
127.0.0.1 www.yy17173.cn
127.0.0.1 www.daydayshop.cn
127.0.0.1 www.yahoo550.com
127.0.0.1 wifayy.51vip.biz
127.0.0.1 sss.969222.com
127.0.0.1 stats.ucantv.com
127.0.0.1 node1.ucantv.com
127.0.0.1 x5.ioeruwu.com
127.0.0.1 p.jfglass.net
127.0.0.1 x4.ioeruwu.com
127.0.0.1 www.tyw10.cn
127.0.0.1 push.cpushpop.com
127.0.0.1 axcx.3322.org
127.0.0.1 www.our9988.cn
127.0.0.1 update.borlander.cn
127.0.0.1 www.666888ip.cn
127.0.0.1 pr.749571.com

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2192, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2192, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2208, C:\WINDOWS\LHOTKEY.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x010A1FFD)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x010A20E5)

==================================
隐藏进程
N/A

==================================

[/CODE]

UFO不幸外人 - 2008-6-2 18:28:00

楼上的请重新发帖

柳橙沙冰 - 2008-6-2 18:28:00

急盼您的回音~~~~

柳橙沙冰 - 2008-6-2 18:31:00

为什么啊

柳橙沙冰 - 2008-6-2 19:18:00

急啊

rocket166 - 2008-6-3 1:49:00

我也中了这个病毒啊，我快疯了，能帮帮忙吗？都想死了，图都做不了了，:default11:

cengzuor - 2008-6-4 0:47:00

斑竹还在吗？
我的电脑也中了这种病毒但是无法用任务管理器也无法显示隐藏文件夹

瑞星卡卡安全论坛