瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » adware.win32/rugo怎么杀?急!!!
笑看山河 - 2009-7-28 10:33:00
电脑有时总弹出Adware:Win32/Rugo还删不掉,用瑞星杀过病毒,也没用,想问问有懂这方面的人帮帮我!!
就VISTA自带的 WINDOWS DEFENDER能查到
开机显示Adware:Win32/Rugo 危害计算机什么的

类别:
广告软件

描述:
这个程序具有可能不需要的行为。

建议:
立即删除这个软件。

执行删除后重起还有:kaka10:
安装卡卡上网安全助手然后扫描流行木马和流氓软件,根本查不出来!:kaka2:

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) AutoPager/0.5.2.2 (http://www.teesoft.info/)
帅哥阿福 - 2009-7-28 10:35:00
对于病毒来说,最标准的做法为:先升级瑞星到最新版本,而后断网杀毒。
如果第一次查杀发现有病毒,则需要重启动计算机,再杀第二遍。
如果第二遍查杀没有病毒了,则说明原病毒是外界传播进来的,需要对系统修补漏洞,加装防火墙,做好防护。
如果第二遍查杀还是有病毒,则说明该病毒是瑞星当前版本无法清除的,需要扫SRENG日志发这论坛来
下载SRENG2.6版工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
笑看山河 - 2009-7-28 10:52:00
瑞星遍查杀没有病毒.SRENG2.6版工具查启动项有四项不正常.分别是:
AppInit_DLLs
WebCheck
WinlogonNotify:igfxcui
(8c7461EF-2B13-11d2-BE35-3078302c2030)
daemonz - 2009-7-28 11:27:00
把日志发上来看
笑看山河 - 2009-7-28 12:11:00
:kaka2:

附件: IMG_1896.JPG
笑看山河 - 2009-7-28 12:12:00
帅哥阿福 - 2009-7-28 12:34:00
楼主你笑死我了!

SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
sinoer - 2009-7-28 12:35:00
lz的相机不错,这微距比较有水准了
学飞的龙 - 2009-7-28 12:41:00
嗯,拍得不错!呵呵,能找到怎么发吗
解压缩运行SREngDgr.EXE
选择主界面左边的:智能扫描->扫描->保存报告 把报告保存后,将日志文件以【附件形式】发这论坛来
笑看山河 - 2009-7-28 13:00:00
2009-07-28,12:51:11

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Basic Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
    <QkOnBtn><C:\PROGRA~1\QBU\QkOnBtn.EXE>  [Dritek System Inc.]
    <EnergyUtility><C:\Program Files\Lenovo\EnergyCut\utilty.exe>  [TODO: <Company name>]
    <EnergyCut><C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe>  [联想(北京)有限公司]
    <RFWTray><"d:\Program Files\Rising\RFW\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <runeip><"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTray><"d:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <IgfxTray><C:\Windows\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\Windows\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Persistence><C:\Windows\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <885b><rundll32 "C:\Windows\Downlo~1\885b.dll",Run>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\Userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\System32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\Windows\system32\logon.scr>  [(Verified)Microsoft Windows]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Adobe Reader Synchronizer]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk --> C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []><N>
[Adobe Reader Speed Launch]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Adobe Reader Synchronizer]
  <C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk --> C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <d:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[cefmor / cefmor][Running/Auto Start]
  <C:\Windows\system32\ctc6.exe><Microsoft Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <d:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
  <d:\Program Files\Rising\RFW\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\Program Files\Rising\RFW\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
  <"d:\Program Files\Rising\RFW\RavTask.exe" RfwTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <d:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <d:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[XAudioService / XAudioService][Running/Auto Start]
  <C:\Windows\system32\DRIVERS\xaudio.exe><Conexant Systems, Inc.>
==================================
驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Conexant UAA Function Driver for High Definition Audio Service / CnxtHdAudService][Running/Manual Start]
  <system32\drivers\CHDRT32.sys><Conexant Systems Inc.>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\CHDART.sys><Conexant Systems Inc.>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[HSFHWAZL / HSFHWAZL][Stopped/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[igfx / igfx][Running/Manual Start]
  <system32\DRIVERS\igdkmd32.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit / NETw3v32][Stopped/Manual Start]
  <system32\DRIVERS\NETw3v32.sys><Intel? Corporation>
[Intel(R) Wireless WiFi Link 适配器驱动程序(适用于 Windows Vista 32 位) / NETw4v32][Running/Manual Start]
  <system32\DRIVERS\NETw4v32.sys><Intel Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
  <system32\drivers\NPF.sys><CACE Technologies>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[R300 / R300][Stopped/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[Rising RfwBase Driver / RfwBase9][Running/System Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\d:\Program Files\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\d:\Program Files\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[XAudio / XAudio][Running/Auto Start]
  <system32\DRIVERS\xaudio.sys><Conexant Systems, Inc.>
==================================
浏览器加载项
[Invoke Class]
  {0120341D-F60C-478f-BB75-49DBB496FDB0} <C:\Windows\system32\1cgc.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[FlashGetBHO]
  {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[WanWanCom Class]
  {E7C5259E-52D0-459B-AA9D-41AD25E79AFD} <H:\131玩玩\wwcom.dll, N/A>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[Invoke Class]
  {0120341D-F60C-478F-BB75-49DBB496FDB0} <C:\Windows\system32\1cgc.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[IFlashGetNetscapeEx Class]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[VistaWUWebControl Class]
  {12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, (Signed) N/A>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[JetCarNetscape Class]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[]
  {55302805-482E-470E-8A57-6795A1487F90} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[FlashGetBHO]
  {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll, (Signed) FlashGet>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[WanWanCom Class]
  {E7C5259E-52D0-459B-AA9D-41AD25E79AFD} <H:\131玩玩\wwcom.dll, N/A>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[&Windows Live Search]
  <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[使用快车3下载]
  <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\GetUrl.htm, N/A>
[使用快车3下载全部链接]
  <C:\Users\许 坚\AppData\Roaming\FlashGetBHO\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\Bin\AddEmotion.htm, N/A>
[用比特精灵下载(&B)]
  <D:\Program Files\BitSpirit\bsurl.htm, N/A>
笑看山河 - 2009-7-28 13:02:00
==================================
正在运行的进程
[PID: 384 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 520 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 560 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 572 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 604 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 616 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 624 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 708 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 820 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 880 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 996 / SYSTEM][d:\Program Files\Rising\Rav\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [d:\Program Files\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 1040 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1056 / SYSTEM][d:\Program Files\Rising\RFW\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\RFW\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[PID: 1100 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1132 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1144 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1260 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1280 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1372 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1512 / SYSTEM][d:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [d:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [d:\Program Files\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [d:\Program Files\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 1528 / SYSTEM][d:\Program Files\Rising\RFW\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [d:\Program Files\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [d:\Program Files\Rising\RFW\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [d:\Program Files\Rising\RFW\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 1584 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1664 / SYSTEM][d:\Program Files\Rising\RFW\rfwsrv.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\RFW\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\RFW\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [d:\Program Files\Rising\RFW\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.89]
    [d:\Program Files\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\RFW\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [d:\Program Files\Rising\RFW\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [d:\Program Files\Rising\RFW\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [d:\Program Files\Rising\RFW\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [d:\Program Files\Rising\RFW\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\RFW\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\RFW\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [d:\Program Files\Rising\RFW\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\RFW\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [d:\Program Files\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [d:\Program Files\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [d:\Program Files\Rising\RFW\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1708 / SYSTEM][d:\Program Files\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [d:\Program Files\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [d:\Program Files\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [d:\Program Files\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [d:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [d:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [d:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [d:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [d:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [d:\Program Files\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [d:\Program Files\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [d:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [d:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
    [d:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [d:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [d:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 54]
    [d:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [d:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [d:\Program Files\Rising\Rav\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [d:\Program Files\Rising\Rav\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\Rav\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [d:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [d:\Program Files\Rising\Rav\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [d:\Program Files\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [d:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[PID: 1784 / SYSTEM][d:\Program Files\Rising\Rav\RsStub.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1912 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1936 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1992 / SYSTEM][d:\Program Files\Rising\RFW\RsStub.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [d:\Program Files\Rising\RFW\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 408 / SYSTEM][d:\Program Files\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [d:\Program Files\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [d:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1748 / SYSTEM][d:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 9, 5, 15]
    [d:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [d:\Program Files\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [d:\Program Files\StormII\box\BoxLog.dll]  [北京暴风网际科技有限公司, 3, 9, 6, 27]
[PID: 1988 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1648 / SYSTEM][C:\Windows\system32\ctc6.exe]  [Microsoft Corporation, 5, 1, 2600, 1]
[PID: 1492 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2180 / SYSTEM][d:\Program Files\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [d:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [d:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [d:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [d:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [d:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 2192 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2272 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2372 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 2404 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.00]
[PID: 2656 / SYSTEM][C:\Windows\system32\rundll32.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\b5a3.dll]  [Microsoft Corporation, 6, 0, 8169, 0]
[PID: 3640 / 许 坚][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\igfxTMM.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxdev.dll]  [Intel Corporation, 7.14.10.1437]
[PID: 3848 / 许 坚][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\igdumd32.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\1cgc.dll]  [Microsoft Corporation, 5, 0, 0, 0]
[PID: 2916 / 许 坚][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\Downlo~1\885b.dll]  [Microsoft Corporation, 6, 0, 2900, 3000]
    [C:\Windows\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\PROGRA~1\Wopti\WOPTIE~1.DLL]  [共软网络, 1.0.8.103]
    [C:\Windows\system32\1cgc.dll]  [Microsoft Corporation, 5, 0, 0, 0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 3864 / 许 坚][C:\Program Files\Windows Defender\MSASCui.exe]  [Microsoft Corporation, 1.1.1600.0]
[PID: 2164 / 许 坚][C:\Program Files\QBU\QkOnBtn.EXE]  [Dritek System Inc., 1, 0, 0, 421]
    [C:\Program Files\QBU\ComFnUtl.dll]  [Dritek System Inc., 1, 0, 0, 711]
    [C:\Program Files\QBU\Wnd2File.dll]  [Dritek System Inc., 3.00]
    [C:\Program Files\QBU\SzUPFUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\QBU\OSDUtl.dll]  [Dritek System Inc., 1, 0, 3, 309]
    [C:\Program Files\QBU\RgnMaker.dll]  [Dritek System Inc., 12.07.1999 ( VC60 )]
    [C:\Program Files\QBU\CDRomUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\QBU\MixerUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\QBU\LgKCUtl.dll]  [Dritek System Inc., 2, 0, 2, 1007]
    [C:\Program Files\QBU\MMDUtl.DLL]  [Dritek System Inc., 1, 2, 8, 608]
    [C:\Windows\system32\igfxexps.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Program Files\QBU\VistaVol.DLL]  [Dritek System Inc., 1, 0, 0, 306]
[PID: 4048 / 许 坚][C:\Program Files\Lenovo\EnergyCut\utilty.exe]  [TODO: <Company name>, 1, 1, 1, 2]
    [C:\Program Files\Lenovo\EnergyCut\kbdhook.dll]  [N/A, ]
[PID: 2772 / 许 坚][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]  [联想(北京)有限公司, 1, 1, 0, 8]
学飞的龙 - 2009-7-28 13:04:00
上面那个不完整啊
请楼主把txt文档  借助【附件】发上来  点击右下角的大图标  +回复  进去就知道怎么发附件了
笑看山河 - 2009-7-28 13:06:00
ib.dll]  [N/A, ]
[PID: 1004 / 许 坚][D:\Program Files\Rising\Rfw\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [D:\Program Files\Rising\Rfw\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\Rfw\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\Program Files\Rising\Rfw\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rfw\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\Rfw\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\Program Files\Rising\Rfw\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\Program Files\Rising\Rfw\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\Program Files\Rising\Rfw\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [D:\Program Files\Rising\Rfw\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\Program Files\Rising\Rfw\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [D:\Program Files\Rising\Rfw\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\Windows\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\Rfw\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\Program Files\Rising\Rfw\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\Program Files\Rising\Rfw\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\Program Files\Rising\Rfw\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 12]
    [D:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[PID: 2392 / 许 坚][D:\Program Files\Rising\AntiSpyware\RSTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [D:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [D:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [D:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [D:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.43]
    [D:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [d:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 1392 / 许 坚][D:\Program Files\Rising\Rav\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [D:\Program Files\Rising\Rav\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\Program Files\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\Program Files\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [D:\Program Files\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\Windows\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [D:\Program Files\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [D:\Program Files\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\Program Files\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [D:\Program Files\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.4]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [D:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [D:\Program Files\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 3972 / 许 坚][C:\Windows\System32\hkcmd.exe]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\System32\hccutils.DLL]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxrCHS.lrc]  [Intel Corporation, 7.14.10.1437]
[PID: 2768 / 许 坚][C:\Windows\System32\igfxpers.exe]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1437]
[PID: 3952 / 许 坚][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.76]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\icm32.dll]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\1cgc.dll]  [Microsoft Corporation, 5, 0, 0, 0]
[PID: 3844 / 许 坚][C:\Windows\system32\igfxsrvc.exe]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxdev.dll]  [Intel Corporation, 7.14.10.1437]
[PID: 3328 / 许 坚][C:\Program Files\Windows Sidebar\sidebar.exe]  [Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.76]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\1cgc.dll]  [Microsoft Corporation, 5, 0, 0, 0]
[PID: 2900 / 许 坚][D:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.12]
    [D:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.12]
    [D:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.6.10]
    [D:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [D:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [D:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.5]
    [D:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.5]
    [D:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.5]
    [D:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.12]
    [D:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.12]
    [D:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.12]
    [D:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [D:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.75]
    [C:\Users\许 坚\AppData\Roaming\Mozilla\Firefox\Profiles\zxr4gcwm.default\extensions\fontsetter@mozillaonline.com\components\ClearTypeTuner.dll]  [N/A, ]
    [C:\Windows\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\PROGRA~1\Wopti\WOPTIE~1.DLL]  [共软网络, 1.0.8.103]
    [C:\Users\许 坚\AppData\Roaming\Mozilla\Firefox\Profiles\zxr4gcwm.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll]  [flashget, 1, 0, 0, 1000]
    [C:\Users\许 坚\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll]  [FlashGet, 2, 5, 0, 1038]
    [C:\Windows\system32\1cgc.dll]  [Microsoft Corporation, 5, 0, 0, 0]
[PID: 852 / 许 坚][C:\Windows\system32\igfxext.exe]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxsrvc.dll]  [Intel Corporation, 7.14.10.1437]
    [C:\Windows\system32\igfxexps.dll]  [Intel Corporation, 7.14.10.1437]
[PID: 2364 / 许 坚][D:\Program Files\Rising\AntiSpyware\knownsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.14]
    [D:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [D:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3216 / 许 坚][C:\Users\许坚~1\AppData\Local\Temp\Rar$EX07.490\sr-engldr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 1944 / 许 坚][C:\Users\许坚~1\AppData\Local\Temp\Rar$EX07.490\SREf72aee15.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\Users\许坚~1\AppData\Local\Temp\Rar$EX07.490\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
笑看山河 - 2009-7-28 13:08:00
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
::1            localhost

==================================
进程特权扫描
N/A

==================================
计划任务
[已启用] \\885b
        rundll32 C:\Windows\Downlo~1\885b.dll,Run
[已启用] \\RunAsStdUser Task23055
        D:\Program Files\Rising\Rav\rstray.exe C:\Windows\Downlo~1\885b.dll,Run
[已启用] \\{69DD6C3D-10EF-48A2-81A4-320E1CD93BE7}
        C:\Windows\system32\pcalua.exe -a "D:\Program Files\p2pover\p2pover.exe" -d "D:\Program Files\p2pover"
[已启用] \\查看 Windows Live Toolbar 更新
        C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE -a "D:\Program Files\p2pover\p2pover.exe" -d "D:\Program Files\p2pover"
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
        N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
        N/A
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
        BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
        N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
        %SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
        %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
        %windir%\system32\defrag.exe -c -i
[已启用] \Microsoft\Windows\MobilePC\HotStart
        N/A
[已启用] \Microsoft\Windows\MobilePC\TMM
        N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
        %windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
        N/A
[已启用] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
        N/A
[已启用] \Microsoft\Windows\Shell\CrawlStartPages
        N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
        %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
        sc.exe config upnphost start= auto
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
        %windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Wired\GatherWiredInfo
        %windir%\system32\gatherWiredInfo.vbs
[已启用] \Microsoft\Windows\Wireless\GatherWirelessInfo
        %windir%\system32\gatherWirelessInfo.vbs

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
笑看山河 - 2009-7-28 13:24:00
日志

附件: SREngLOG1.log
帅哥阿福 - 2009-7-28 13:44:00
下载文件批量提取工具提取下面文件
http://bbs.ikaka.com/attachment.aspx?attachmentid=486266
C:\Windows\Downlo~1\885b.dll
H:\131玩玩\wwcom.dll

上传病毒样本到可疑文件交流区,地址为:http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为:http://mailcenter.rising.com.cn/uploadnew.aspx
笑看山河 - 2009-7-28 13:51:00
adware.win32/rugo怎么杀?急!!!                                                                                                                                        电脑有时总弹出Adware:Win32/Rugo还删不掉,用瑞星杀过病毒,也没用,想问问有懂这方面的人帮帮我!!
就VISTA自带的 WINDOWS DEFENDER能查到
开机显示Adware:Win32/Rugo 危害计算机什么的

类别:
广告软件

描述:
这个程序具有可能不需要的行为。

建议:
立即删除这个软件。

执行删除后重起还有,
安装卡卡上网安全助手然后扫描流行木马和流氓软件,根本查不出来!:kaka10:
感觉瑞星好无用!!!

期待高手!!!
后附日志。

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 6.0; zh-CN; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 (.NET CLR 3.5.30729) AutoPager/0.5.2.2 (http://www.teesoft.info/)

附件: SREngLOG1.log
浪漫纸箱 - 2009-7-28 13:53:00
楼主WINDOWS DEFENDER报的路径是?
笑看山河 - 2009-7-28 14:17:00
问题还是没有解决!!:kaka4:
笑看山河 - 2009-7-28 14:32:00
路径是C:\Windows\system32\b5a3.dll
daemonz - 2009-7-28 15:30:00
呃,没用过vista
试试把这两个文件删除(做好备份):
c:\windows\system32\b5a3.dll
c:\windows\downlo~1\885b.dll
浪漫纸箱 - 2009-7-28 15:58:00
三个文件比较可疑:
C:\Windows\system32\ctc6.exe
c:\windows\system32\b5a3.dll
c:\windows\downlo~1\885b.dll
楼主将文件放到我签名处的第一个网站上看看。报回有几款软件报毒。
笑看山河 - 2009-7-29 13:21:00
C:\Windows\system32\ctc6.exe分析结果:
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.242009.07.28Trojan.Win32.Jhee!IK
AhnLab-V35.0.0.22009.07.28-
AntiVir7.9.0.2282009.07.28-
Antiy-AVL2.0.3.72009.07.28-
Authentium5.1.2.42009.07.27-
Avast4.8.1335.02009.07.27Win32:BHO-WD
AVG8.5.0.3872009.07.27-
BitDefender7.22009.07.28Trojan.Crypt.HY
CAT-QuickHeal10.002009.07.28-
ClamAV0.94.12009.07.28-
Comodo17912009.07.28-
DrWeb5.0.0.121822009.07.28Trojan.DownLoader.origin
eSafe7.0.17.02009.07.27-
eTrust-Vet31.6.66422009.07.27Win32/Gnuro!generic
F-Prot4.4.4.562009.07.27-
F-Secure8.0.14470.02009.07.28-
Fortinet3.120.0.02009.07.28-
GData192009.07.28Trojan.Crypt.HY
IkarusT3.1.1.64.02009.07.28Trojan.Win32.Jhee
Jiangmin11.0.8002009.07.28Adware/MsLock.jy
K7AntiVirus7.10.8032009.07.27-
Kaspersky7.0.0.1252009.07.28Trojan.Win32.BHO.xsg
McAfee56902009.07.27-
McAfee+Artemis56902009.07.27Artemis!F39923544744
McAfee-GW-Edition6.8.52009.07.28Heuristic.BehavesLike.Win32.Downloader.H
Microsoft1.49032009.07.28Trojan:Win32/Jhee.V
NOD3242832009.07.28a variant of Win32/Adware.BHO.GBP
Norman6.01.092009.07.27-
nProtect2009.1.8.02009.07.27-
Panda10.0.0.142009.07.27Generic Trojan
PCTools4.4.2.02009.07.27-
Prevx3.02009.07.28-
Rising21.40.11.002009.07.28-
Sophos4.44.02009.07.28-
Sunbelt3.2.1858.22009.07.28-
Symantec1.4.4.122009.07.28-
TheHacker6.3.4.3.3752009.07.28-
TrendMicro8.950.0.10942009.07.28-
VBA323.12.10.92009.07.28-
ViRobot2009.7.28.18562009.07.28-
VirusBuster4.6.5.02009.07.27-
附加信息
File size: 122880 bytes
MD5  : f399235447443b579ee8dd9494168430
SHA1  : 737c6456a7ba7518930521af5cce8ffb85e7a2ce
SHA256: 97ec680a159f7a8e9a66ec0fd2ddabd04ee89c38b4cd8e603647bd495d2d0124
PEInfo: PE Structure information
       
        ( base data )
        entrypointaddress.: 0xE1AE
        timedatestamp.....: 0x4A6D0545 (Mon Jul 27 03:39:17 2009)
        machinetype.......: 0x14C (Intel I386)
       
        ( 4 sections )
        name viradd virsiz rawdsiz ntrpy md5
        .text 0x1000 0x160A5 0x17000 6.50 6c80037a7c7ec52a6e5a0b93cbbbbf23
.rdata 0x18000 0x2BC2 0x3000 4.46 059c42e52e893d7896c5a1ed60c29287
.data 0x1B000 0x41E8 0x2000 3.60 d590fa267fa92ed6d06644667261a67c
.rsrc 0x20000 0x3F8 0x1000 1.09 8d24a71953224e1fc7ff56f3f47629b0
       
        ( 6 imports )
       
>advapi32.dll: RegisterServiceCtrlHandlerA, RegQueryValueExA,SetServiceStatus, StartServiceCtrlDispatcherA, ControlService,DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA,ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, OpenSCManagerA,OpenServiceA, CloseServiceHandle, DeregisterEventSource, RegSetValueA,GetUserNameA, CreateProcessAsUserA, OpenProcessToken,RegNotifyChangeKeyValue, RegOpenKeyA, RegEnumValueA, RegOpenKeyExA,RegCloseKey, RegQueryInfoKeyA
> kernel32.dll: GetTempFileNameA,GetTempPathA, ReadFile, CreateFileA, DeviceIoControl, GetModuleHandleA,Sleep, GetLocalTime, lstrlenA, MultiByteToWideChar,WideCharToMultiByte, LocalFree, SetEndOfFile, SetStdHandle,IsBadCodePtr, GetLastError, GetModuleFileNameA, GetProcessHeap,CreateDirectoryA, GetSystemDirectoryA, GetShortPathNameA,GetLogicalDrives, GetVolumeInformationA, OpenMutexA,CreateToolhelp32Snapshot, Process32First, Process32Next, OpenProcess,GetFileAttributesA, DeleteFileA, CreateProcessA, WaitForSingleObject,CloseHandle, SetFileAttributesA, CopyFileA, SetPriorityClass,LoadLibraryA, GetProcAddress, GetVersionExA, FreeLibrary,GetWindowsDirectoryA, IsBadReadPtr, GetStringTypeW, GetStringTypeA,FlushFileBuffers, SetFilePointer, IsBadWritePtr, VirtualAlloc,WriteFile, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA,GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW,GetEnvironmentStrings, FreeEnvironmentStringsW,FreeEnvironmentStringsA, UnhandledExceptionFilter, RtlUnwind,GetTimeZoneInformation, GetSystemTime, RaiseException, GetCommandLineA,GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc,TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW,GetCPInfo, CompareStringA, CompareStringW, HeapSize, GetACP, GetOEMCP,SetUnhandledExceptionFilter, SetEnvironmentVariableA
> ole32.dll: CoUninitialize, CoGetClassObject, CoInitialize, StringFromCLSID
> oleaut32.dll: -
> urlmon.dll: URLDownloadToFileA
>wininet.dll: InternetOpenA, InternetCrackUrlA,InternetGetConnectedState, DeleteUrlCacheEntry, InternetConnectA,HttpSendRequestA, HttpOpenRequestA, InternetReadFile,InternetCloseHandle
       
        ( 0 exports )
       
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 3072:FjSC44f3QE3zf3c8VF8oF3X12+OnIyYzAFWoWI:Fj3gYsGV2+OnasFo
PEiD  : Armadillo v1.71
RDS  : NSRL Reference Data Set
-
笑看山河 - 2009-7-29 13:25:00
c:\windows\system32\b5a3.dll分析结果:
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.242009.07.28AdWare.Bdsearch!IK
AhnLab-V35.0.0.22009.07.28-
AntiVir7.9.0.2282009.07.28TR/Agent.49152
Antiy-AVL2.0.3.72009.07.28-
Authentium5.1.2.42009.07.28W32/AdAgent.I.gen!Eldorado
Avast4.8.1335.02009.07.27Win32:Agent-GRW
AVG8.5.0.3872009.07.28-
BitDefender7.22009.07.28Gen:Adware.Heur.Hu8@GmhJoiob
CAT-QuickHeal10.002009.07.28-
ClamAV0.94.12009.07.28-
Comodo17902009.07.28-
DrWeb5.0.0.121822009.07.28Trojan.DownLoader.origin
eSafe7.0.17.02009.07.27-
eTrust-Vet31.6.66432009.07.28-
F-Prot4.4.4.562009.07.28W32/AdAgent.I.gen!Eldorado
F-Secure8.0.14470.02009.07.28-
Fortinet3.120.0.02009.07.28-
GData192009.07.28Gen:Adware.Heur.Hu8@GmhJoiob
IkarusT3.1.1.64.02009.07.28AdWare.Bdsearch
Jiangmin11.0.8002009.07.28Heur:Adware/MsLock
K7AntiVirus7.10.8032009.07.27-
Kaspersky7.0.0.1252009.07.28-
McAfee56902009.07.27-
McAfee+Artemis56902009.07.27-
McAfee-GW-Edition6.8.52009.07.28Heuristic.LooksLike.Trojan.Agent.J
Microsoft1.49032009.07.28Adware:Win32/Rugo
NOD3242842009.07.28-
Norman
2009.07.28-
nProtect2009.1.8.02009.07.28-
Panda10.0.0.142009.07.28-
PCTools4.4.2.02009.07.28-
Prevx3.02009.07.28-
Rising21.40.13.002009.07.28-
Sophos4.44.02009.07.28Rugo
Sunbelt3.2.1858.22009.07.28AdWare.Win32.WSearch
Symantec1.4.4.122009.07.28-
TheHacker6.3.4.3.3752009.07.28-
TrendMicro8.950.0.10942009.07.28-
VBA323.12.10.92009.07.28-
ViRobot2009.7.28.18572009.07.28-
VirusBuster4.6.5.02009.07.27-
附加信息
File size: 548864 bytes
MD5  : ce4fc2ef676974113422feb7ce7abbf2
SHA1  : d6bcd97e4dccd327e852fa6014132b422fcfb26e
SHA256: f4754159614ae61f4a64a2217a7d733020ac9d99dbc08260164981e5ec53a02e
PEInfo: PE Structure information
       
        ( base data )
        entrypointaddress.: 0x3DD33
        timedatestamp.....: 0x4A6E4EFE (Tue Jul 28 03:06:06 2009)
        machinetype.......: 0x14C (Intel I386)
       
        ( 5 sections )
        name viradd virsiz rawdsiz ntrpy md5
        .text 0x1000 0x63966 0x64000 6.69 01dfb99cc9916195644974e70eecae5e
.rdata 0x65000 0xD8EA 0xE000 4.86 16faf3b10eb25f5d4077a8b2ba35e746
.data 0x73000 0x531CC 0x5000 5.39 0fd0b48c28b6a079a85330da810e360b
.rsrc 0xC7000 0x1288 0x2000 3.03 6967db2044f6677da6611f3ec1f19b0b
.reloc 0xC9000 0xB152 0xC000 5.66 b85c193034ec9ee805a6d8f918114913
       
        ( 10 imports )
       
>advapi32.dll: RegQueryValueExA, InitializeSecurityDescriptor,RegOpenKeyA, RegSetValueExA, RegCreateKeyA, GetUserNameA,RegCreateKeyExA, RegQueryValueA, RegSetValueA, RegDeleteKeyA,RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA,SetSecurityDescriptorDacl, RegCloseKey
> gdi32.dll: DeleteObject,CreateRectRgn, GetPixel, GetTextExtentPoint32A, CreateSolidBrush,GetStockObject, GetObjectA, GetDeviceCaps, BitBlt,CreateCompatibleBitmap, DeleteDC, SelectObject, CreateCompatibleDC,SaveDC, RestoreDC, CombineRgn
> kernel32.dll:DeleteCriticalSection, GetLocalTime, CloseHandle, UnmapViewOfFile,MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ReleaseMutex,FlushViewOfFile, WaitForSingleObject, CreateMutexA, FindClose,FindFirstFileA, GetLastError, GetSystemTimeAsFileTime, SetErrorMode,MultiByteToWideChar, GetShortPathNameA, GetTempFileNameA, GetTempPathA,Sleep, CopyFileA, SetFileAttributesA, GetWindowsDirectoryA,DeleteFileA, GetVolumeInformationA, GetSystemDirectoryA, lstrcmpA,FindNextFileA, lstrcatA, lstrcpyA, CreateDirectoryA, GetVersionExA,SetProcessWorkingSetSize, GetCurrentProcess, GetTickCount,InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale,EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache,HeapFree, GetProcessHeap, HeapAlloc, WideCharToMultiByte,InterlockedDecrement, lstrlenA, GetCurrentThreadId, GlobalUnlock,GlobalLock, GlobalAlloc, lstrlenW, MulDiv, InterlockedIncrement,GetModuleFileNameA, GetModuleHandleA, FreeLibrary, SizeofResource,LoadResource, FindResourceA, InitializeCriticalSection, lstrcmpiA,lstrcpynA, IsDBCSLeadByte, GetProcAddress, LoadLibraryA, CreateThread,SetEvent, OpenEventA, CreateProcessA, WaitForMultipleObjects,CreateEventA, Module32Next, Module32First, CreateToolhelp32Snapshot,GetCurrentDirectoryA, Process32Next, Process32First, ReadFile,CreateFileA, TerminateProcess, DeviceIoControl, GetFileAttributesA,VirtualAlloc, VirtualFree, SetFilePointer, WriteFile, SetEndOfFile,GetStdHandle, QueryPerformanceCounter, SetUnhandledExceptionFilter,IsBadWritePtr, HeapCreate, HeapDestroy, TlsGetValue, RaiseException,TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetOEMCP, GetCPInfo,LCMapStringW, LCMapStringA, RemoveDirectoryA, GetCommandLineA,HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect,GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime,ExitProcess, RtlUnwind, HeapSize, GetFullPathNameA, FlushFileBuffers,SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA,GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW,UnhandledExceptionFilter, GetTimeZoneInformation, GetStringTypeA,GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale,IsValidCodePage, IsBadReadPtr, IsBadCodePtr, SetStdHandle,GetLocaleInfoW, CompareStringA, CompareStringW,SetEnvironmentVariableA, LocalFree, LoadLibraryExA, GetCurrentProcessId
>ole32.dll: CoTaskMemRealloc, CLSIDFromString, CLSIDFromProgID,CoGetClassObject, OleLockRunning, CoTaskMemAlloc, StringFromGUID2,OleUninitialize, OleInitialize, CreateStreamOnHGlobal,CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: SHGetFolderPathA
> urlmon.dll: URLDownloadToFileA
>user32.dll: GetForegroundWindow, SetForegroundWindow,SystemParametersInfoA, MapWindowPoints, ShowWindow, UpdateWindow,PeekMessageA, GetMessageA, TranslateMessage, EnumWindows,AdjustWindowRectEx, FindWindowExA, PostMessageA,CreateAcceleratorTableA, CharNextA, GetParent, GetClassNameA,RedrawWindow, GetDlgItem, IsWindow, DestroyAcceleratorTable, GetFocus,DispatchMessageA, IsChild, GetWindow, SetFocus, BeginPaint, EndPaint,GetDesktopWindow, InvalidateRgn, InvalidateRect, FillRect, SetCapture,ReleaseCapture, GetSysColor, CreateWindowExA, CallWindowProcA,RegisterWindowMessageA, RegisterClassExA, GetWindowTextLengthA,GetWindowTextA, DefWindowProcA, SetActiveWindow, LoadCursorA,GetClassInfoExA, KillTimer, SetTimer, SetWindowPos, MoveWindow,SetWindowTextA, SendMessageA, GetWindowLongA, SetWindowLongA,DestroyWindow, PostQuitMessage, wsprintfA, SetWindowRgn, ReleaseDC,GetWindowRect, GetClientRect, GetSystemMetrics, LoadImageA,UnregisterClassA, GetDC
> wininet.dll: InternetReadFile,HttpSendRequestA, FindFirstUrlCacheEntryA, FindNextUrlCacheEntryA,GetUrlCacheEntryInfoA, InternetCrackUrlA, InternetOpenA,InternetConnectA, InternetCloseHandle, HttpOpenRequestA,DeleteUrlCacheEntry
> ws2_32.dll: -, -, -
       
        ( 1 exports )
       
> Always, DSDD_YUNJ_DOSS, GetPlayerVersion, playAdk
TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 12288:ddfAJ5ChL/XI1W5WRU04L15D4Q/CYz4hBV7j9H6d1fzaXIRpZ9InBJaol1UNFRR2:d9KChLACK+PD9/Urj96XaXIRpZ9InBJf
PEiD  : -
RDS  : NSRL Reference Data Set
-
笑看山河 - 2009-7-29 13:26:00
c:\windows\downlo~1\885b.dll分析结果:
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.242009.07.28Virus.Win32.Agent.GRW!IK
AhnLab-V35.0.0.22009.07.28-
AntiVir7.9.0.2282009.07.28TR/Agent.49152
Antiy-AVL2.0.3.72009.07.28-
Authentium5.1.2.42009.07.27W32/Heuristic-KPP!Eldorado
Avast4.8.1335.02009.07.27Win32:Agent-GRW
AVG8.5.0.3872009.07.27Generic4.IEQ
BitDefender7.22009.07.28Adware.BDSearch.1
CAT-QuickHeal10.002009.07.28-
ClamAV0.94.12009.07.28-
Comodo17912009.07.28-
DrWeb5.0.0.121822009.07.28DLOADER.Trojan
eSafe7.0.17.02009.07.27-
eTrust-Vet31.6.66422009.07.27Win32/Jhee.H
F-Prot4.4.4.562009.07.27W32/Heuristic-KPP!Eldorado
F-Secure8.0.14470.02009.07.28-
Fortinet3.120.0.02009.07.28PossibleThreat
GData192009.07.28Adware.BDSearch.1
IkarusT3.1.1.64.02009.07.28Virus.Win32.Agent.GRW
Jiangmin11.0.8002009.07.28Heur:TrojanDownloader.Agent
K7AntiVirus7.10.8032009.07.27-
Kaspersky7.0.0.1252009.07.28Trojan-Downloader.Win32.Adik.y
McAfee56902009.07.27-
McAfee+Artemis56902009.07.27Artemis!421E5539D12E
McAfee-GW-Edition6.8.52009.07.28Heuristic.LooksLike.Trojan.Agent.L
Microsoft1.49032009.07.28Trojan:Win32/Jhee.G
NOD3242832009.07.28probably a variant of Win32/Adware.WSearch
Norman6.01.092009.07.27-
nProtect2009.1.8.02009.07.28-
Panda10.0.0.142009.07.27Trj/CI.A
PCTools4.4.2.02009.07.27-
Prevx3.02009.07.28-
Rising21.40.11.002009.07.28-
Sophos4.44.02009.07.28Sus/Behav-1012
Sunbelt3.2.1858.22009.07.28-
Symantec1.4.4.122009.07.28-
TheHacker6.3.4.3.3752009.07.28-
TrendMicro8.950.0.10942009.07.28-
VBA323.12.10.92009.07.28-
ViRobot2009.7.28.18572009.07.28-
VirusBuster4.6.5.02009.07.27-
附加信息
File size: 45056 bytes
MD5  : 421e5539d12ed32076af6e18c07e5a1e
SHA1  : 8d8f1988547c74bf9a95126eda16c07d236fbb12
SHA256: 1ad6e387be64f34737ca007508f7c4210c5ca181f7259be030f6f26c90348212
PEInfo: PE Structure information
       
        ( base data )
        entrypointaddress.: 0x470F
        timedatestamp.....: 0x4A6D0F73 (Mon Jul 27 04:22:43 2009)
        machinetype.......: 0x14C (Intel I386)
       
        ( 5 sections )
        name viradd virsiz rawdsiz ntrpy md5
        .text 0x1000 0x3AE3 0x4000 5.92 e5e5569384fc561058954793a6572bbd
.rdata 0x5000 0x1962 0x2000 4.42 e5a5efc06079f327bdb7ed98c4fea3cf
.data 0x7000 0x1510 0x2000 5.44 0aa1eb0568a2ef8e003b60ffe30eb8c0
.rsrc 0x9000 0x468 0x1000 1.18 45702b89006fe2629964f9d243ecc6a0
.reloc 0xA000 0x8A0 0x1000 3.11 fcf7e11c87a0a07b71ffdcc322bf4f13
       
        ( 8 imports )
       
>advapi32.dll: RegQueryInfoKeyA, RegSetValueA, RegSetKeySecurity,SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey,RegQueryValueExA, RegOpenKeyA, RegCreateKeyA, OpenProcessToken,GetUserNameA, CreateProcessAsUserA, RegCreateKeyExA, RegSetValueExA,RegEnumValueA, RegDeleteValueA, RegQueryValueA
> kernel32.dll:CreateEventA, DeleteFileA, CreateProcessA, OpenMutexA,GetVolumeInformationA, OpenEventA, GetLastError, OpenFileMappingA,MapViewOfFile, GetProcessHeap, CloseHandle, VirtualFreeEx,WaitForSingleObject, CreateRemoteThread, GetProcAddress,GetModuleHandleA, WriteProcessMemory, VirtualAllocEx, lstrlenW,OpenProcess, lstrlenA, CreateToolhelp32Snapshot, Process32Next,Process32First, Sleep, GetModuleFileNameA, GetCurrentDirectoryA,CopyFileA, GetWindowsDirectoryA
> mfc42.dll: -, -, -, -, -, -, -
>msvcp60.dll:__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z,___7_$basic_ifstream@DU_$char_traits@D@std@@@std@@6B@,_open@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z,_getline@std@@YAAAV_$basic_istream@DU_$char_traits@D@std@@@1@AAV21@AAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z,_close@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@XZ,___7_$basic_istream@DU_$char_traits@D@std@@@std@@6B@,__6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@@Z,__1_$basic_istream@DU_$char_traits@D@std@@@std@@UAE@XZ,___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ,___8_$basic_ofstream@DU_$char_traits@D@std@@@std@@7B@,__0ios_base@std@@IAE@XZ,___7_$basic_ios@DU_$char_traits@D@std@@@std@@6B@,__0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N1@Z,__0_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z,___7_$basic_ofstream@DU_$char_traits@D@std@@@std@@6B@,__Init@_$basic_filebuf@DU_$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z,_setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z,_endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z,_clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z,__1_$basic_filebuf@DU_$char_traits@D@std@@@std@@UAE@XZ,___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@,__1ios_base@std@@UAE@XZ,___8_$basic_ifstream@DU_$char_traits@D@std@@@std@@7B@,__0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ,__Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z,__Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z,__Xlen@std@@YAXXZ,__C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB,_erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z,_assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z,_npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB,__Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z,__1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ,__Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z,_c_str@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEPBDXZ,__0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z,_assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z,__1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ,___D_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ,__1_$basic_ostream@DU_$char_traits@D@std@@@std@@UAE@XZ,__0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z
>msvcrt.dll: _except_handler3, _stricmp, _access, _beginthreadex,strstr, sprintf, _strlwr, rand, time, srand, __CxxFrameHandler,_strupr, atol, _ltoa, fclose, __dllonexit, _onexit, free, _initterm,malloc, _adjust_fdiv
> urlmon.dll: URLDownloadToFileA
> user32.dll: wsprintfW
> wininet.dll: InternetGetConnectedState, DeleteUrlCacheEntry
       
        ( 1 exports )
       
> Run
TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:Xj+VNo1SOw1LwJXyrM0s3BXzXAQ3bgWdVDB6AkzTOdfcx18RzpYxK2ugq+EWw7EQ:aVqaeR3AKbdVEAkzTsfsoiGgql0
PEiD  : Armadillo v1.xx - v2.xx
RDS  : NSRL Reference Data Set
-
笑看山河 - 2009-7-29 16:08:00
VISTA不支持Icesword冰刃 中文版 1.22Windows清理助手vista支持但不顶用
SRENG2.7版也不顶用。
1
查看完整版本: adware.win32/rugo怎么杀?急!!!
© 2000 - 2025 Rising Corp. Ltd.