注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <361kary> [] [HB Software] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll> [] <{43ACDCC5-9009-4AF4-B80A-93BC656EF298}><43ACDCC5.dll> [] <{DE02F764-C51A-4788-9597-D78ECC2AC08F}> [] <{D7C79813-9233-4AE0-832C-99B2E8019673}> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll> [] <{82710040-F86E-42E0-B1F8-04EDF75856F8}><82710040.dll> [] <{C250CF20-5F89-4310-9854-4BC261FB14FB}> [] <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}> [] <{22D75360-199D-4F79-880D-82E766675F06}><22D75360.dll> [] <{3474A8C2-BEF9-46C8-983A-A26A0030EC30}><3474A8C2.dll> [] <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll> [] <{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}><4BF9CBA3.dll> [] <{DA63E650-537C-4042-87BB-9D19D844680B}> [] <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}> [] <{58FF3024-8A83-4B1A-88E9-302F47646EEE}><58FF3024.dll> [] <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll> [] <{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}><495271CA.dll> [] <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll> [] <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> [] <{F6A454AE-156A-415E-9F89-3795677A8A91}> [] <{581C5299-BEA6-4619-8218-BE539A98812A}> [] <{AD862DC6-37FA-4D56-B7EA-59C2522A5FC4}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe] [(Verified)Microsoft Windows Component Publisher] 驱动程序 [4901228 / 4901228][Stopped/Manual Start] <\??\C:\WINDOWS\system32\4901228.sys> [8882fa1 / 8882fa1][Stopped/Manual Start] <\??\C:\WINDOWS\system32\8882fa1.sys> [8b52f47 / 8b52f47][Running/Manual Start] <\??\C:\WINDOWS\system32\8b52f47.sys> [aecff9 / aecff9][Stopped/Manual Start] <\??\C:\WINDOWS\system32\aecff9.sys> [aliimz / aliimz][Stopped/Manual Start] [c551839 / c551839][Stopped/Manual Start] <\??\C:\WINDOWS\system32\c551839.sys> [HBKernel32 Driver / HBKernel32][Stopped/Boot Start] <\SystemRoot\system32\drivers\HBKernel32.sys> 浏览器加载项 [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [] {581C5299-BEA6-4619-8218-BE539A98812A} [] {AD862DC6-37FA-4D56-B7EA-59C2522A5FC4} [] {F6A454AE-156A-415E-9F89-3795677A8A91} [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [] {581C5299-BEA6-4619-8218-BE539A98812A} [] {AD862DC6-37FA-4D56-B7EA-59C2522A5FC4} [] {F6A454AE-156A-415E-9F89-3795677A8A91} 正在运行的进程 [PID: 492 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\gdipro.dll] [N/A, ] [C:\WINDOWS\system32\sys05017.dll] [N/A, ] [PID: 516 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 724 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [c:\windows\system32\rpcss.dll] [N/A, ] [PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [c:\windows\system32\rpcss.dll] [N/A, ] [PID: 1148 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.77] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 1396 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\Program Files\Internet Explorer\Explo2eMt.456] [N/A, ] [C:\WINDOWS\system32\alibin.dll] [N/A, ] [PID: 1420 / SYSTEM][C:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 1436 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 1592 / Administrator][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [PID: 1636 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 1360 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [PID: 1256 / Administrator][C:\WINDOWS\system32\System.exe] [HB Software, 1, 2, 1, 1007] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 1556 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 1744 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 1264 / Administrator][C:\Program Files\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 139] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 3296 / Administrator][C:\Program Files\Rising\Rav\RavXP.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 1588 / Administrator][D:\TT\bin\TTraveler.exe] [Tencent, 4, 8, 10, 17] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 1352 / Administrator][C:\WINDOWS\Explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\PROGRA~1\INTERN~1\PLUGINS\b54321.bho] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] [C:\Program Files\Internet Explorer\Explo2eMt.456] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [PID: 2496 / Administrator][C:\WINDOWS\123.com] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [PID: 2028 / Administrator][C:\WINDOWS\SRE90ad226b.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBSO2.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\Program Files\Internet Explorer\53u1ttMe.2ys] [N/A, ] [C:\WINDOWS\system32\3D144530.dll] [N/A, ] [C:\WINDOWS\system32\43ACDCC5.dll] [N/A, ] [C:\WINDOWS\system32\DE02F764.dll] [N/A, ] [C:\WINDOWS\system32\D7C79813.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\82710040.dll] [N/A, ] [C:\WINDOWS\system32\C250CF20.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\22D75360.dll] [N/A, ] [C:\WINDOWS\system32\3474A8C2.dll] [N/A, ] [C:\WINDOWS\system32\7ADC2AB1.dll] [N/A, ] [C:\WINDOWS\system32\4BF9CBA3.dll] [N/A, ] [C:\WINDOWS\system32\DA63E650.dll] [N/A, ] [C:\WINDOWS\system32\B3721C07.dll] [N/A, ] [C:\WINDOWS\system32\58FF3024.dll] [N/A, ] [C:\WINDOWS\system32\8566F82E.dll] [N/A, ] [C:\WINDOWS\system32\495271CA.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\9CA963CA.dll] [N/A, ] [C:\Program Files\Internet Explorer\7v54321t.321] [N/A, ] 综合分析： 1、中了蝗虫军团病毒； 2、病毒运行后，携带大量木马； 3、系统文件c:\windows\system32\rpcss.dll文件被替换，造成正常的系统服务出现异常； 4、初始化动态链接库被病毒劫持，病毒通过此方式实现开机运行，并将病毒dll文件插入系统所有核心进程； 5、释放大量病毒浏览器加载项； 6、修改注册表，用IFEO项劫持反病毒软件; 7、病毒伪造显卡控制台的自启动注册表值项[nwiz]实现开机运行（有新意，但注册表位置不对）。