瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 这个病毒很牛逼瑞星杀不掉会重生

1   1  /  1  页   跳转

这个病毒很牛逼瑞星杀不掉会重生

收藏
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:08 | 只看楼主 短消息 资料
字号: 1楼

这个病毒很牛逼瑞星杀不掉会重生

[CODE]

2008-03-31,18:44:13

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <ISUSPM Startup><c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <Rfw><"D:\Rising\Rfw\Update\Setup.exe" /UPDATE /ONCE>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <360safeuninst><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\REMOVE~1.BAT>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <E:\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\gdrv.sys><Windows (R) 2000 DDK provider>
[ATI Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\AtiHdAud.sys><ATI Research Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[2335546 / 2335546][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2008-03-31 22:11:56
分享到:
gototop
 
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:09 | 只看楼主 短消息 资料
字号: 2楼

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\BitComet\tools\BitCometBHO_1.2.1.2.dll, BitComet>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\BitComet\tools\BitCometBHO_1.2.1.2.dll, BitComet>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <E:\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\迅雷5\Components\DownAndPlay\DapPlayer3.0.44.68.939.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用BitComet下载]
  <res://E:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://E:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://E:\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用迅雷下载]
  <E:\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷5\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
gototop
 
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:12 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 624 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4173]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2521]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 952 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1148 / SYSTEM][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1168 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1236 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4173]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2521]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1284 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1436 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1524 / SYSTEM][D:\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.75]
    [D:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [D:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [D:\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [D:\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
    [D:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [D:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [D:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 55]
    [D:\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [D:\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\RISING\RAV\urutils.dll]  [, 20, 0, 0, 4]
    [D:\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1628 / SYSTEM][d:\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.29]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [d:\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 168 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [E:\迅雷5\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [E:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
[PID: 412 / SYSTEM][D:\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 464 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
gototop
 
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:13 | 只看楼主 短消息 资料
字号: 4楼

[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 564 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.3.2]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 616 / Administrator][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 4, 10, 100, 25539]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 652 / Administrator][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 672 / Administrator][D:\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.14]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
    [D:\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [D:\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 684 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 1704 / SYSTEM][E:\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 1, 13]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 2008 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 2172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2620 / NETWORK SERVICE][C:\Program Files\Windows Media Player\WMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 3260 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 3660 / Administrator][E:\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 876 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 664 / Administrator][D:\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 68]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\ravpagem.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 1, 1]
    [D:\Rising\Rav\htmllib.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\Rising\Rav\ravpagew.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 86]
    [D:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [D:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [D:\Rising\Rav\SysMail.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[PID: 1624 / Administrator][D:\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.7]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[PID: 2488 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 1756 / Administrator][E:\BitComet\BitComet.exe]  [www.BitComet.com, 0.99]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 2756 / Administrator][E:\迅雷5\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.7.441]
gototop
 
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:13 | 只看楼主 短消息 资料
字号: 5楼

[E:\迅雷5\Program\BugReport.dll]  [迅雷网络, 1, 0, 1, 4]
    [E:\迅雷5\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 1, 56]
    [E:\迅雷5\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
    [E:\迅雷5\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\迅雷5\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
    [E:\迅雷5\Program\streammedialib.dll]  [, 1, 3, 2, 124]
    [E:\迅雷5\Program\al.dll]  [, 1, 0, 1, 3]
    [E:\迅雷5\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [E:\迅雷5\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 6]
    [E:\迅雷5\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 3, 4, 18]
    [E:\迅雷5\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [E:\迅雷5\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [E:\迅雷5\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [E:\迅雷5\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 34]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [E:\迅雷5\Components\InMedia\iEmbedShell.dll]  [ , 1, 0, 2, 24]
    [E:\迅雷5\Components\InMedia\iEmbed15.dll]  [Thunder Networking Technologies,LTD, 3, 4, 6, 99]
    [E:\迅雷5\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 1, 4, 37]
    [E:\迅雷5\Components\InMedia\XLNet.dll]  [Thunder Networking Technologies,LTD, 1, 3, 4, 18]
    [E:\迅雷5\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷5\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [E:\迅雷5\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 5, 0, 16]
    [E:\迅雷5\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 16, 5, 63]
    [E:\迅雷5\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\迅雷5\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 71]
    [E:\迅雷5\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\迅雷5\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 71]
    [E:\迅雷5\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 20]
    [E:\迅雷5\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 2, 22]
    [E:\迅雷5\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 57]
    [E:\迅雷5\Plugins\KanKanTop\KanKanTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [E:\迅雷5\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 16]
    [E:\迅雷5\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 11, 106]
    [E:\迅雷5\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [E:\迅雷5\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\迅雷5\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 29]
    [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [E:\迅雷5\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [E:\迅雷5\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷5\Components\DownloadStat\DownloadStat.dll]  [深圳市迅雷网络技术有限公司, 1, 3, 1, 4]
[PID: 3120 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [E:\BitComet\tools\BitCometBHO_1.2.1.2.dll]  [BitComet, 20080116]
    [E:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [E:\迅雷5\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [E:\迅雷5\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[PID: 900 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
[PID: 1836 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Tencent\QQ\DShared.dll]  [Tencent, 1, 6, 0, 4]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
救命内存中毒啊
头像
初生襁褓狮
  • 帖子:32
  • 注册: 2007-04-06
  • 来自:
发表于: 2008-03-31 19:14 | 只看楼主 短消息 资料
字号: 6楼

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  gxgxy.net

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 616, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 684, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 684, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2756, E:\迅雷5\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2756, E:\迅雷5\PROGRAM\THUNDER5.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 900, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 900, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00EC1FFD)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00EC20E5)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
宝宝金水
头像
初生襁褓狮
  • 帖子:79
  • 注册: 2007-11-24
  • 来自:
发表于: 2008-03-31 20:29 | 短消息 资料
字号: 7楼

楼主可以咨询一下瑞星在线专家门诊:http://help.rising.com.cn/help/RSZX.html 
瑞星在线专家门诊很方便
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT