瑞星卡卡安全论坛
laozhu88 - 2007-7-29 11:20:00
杀毒时提示
c:\windows\system32\tempa.exe>>upack0.39
c:\windows\system32\tempf.dat>>upack0.34
c:\windows\system32\tempg.exe>>upack0.39
等等
附上日志,帮忙看看
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<rundll32><C:\WINDOWS\System32\MSOSV.EXE> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<UnlockerAssistant><"D:\shadu gongju\unlocker1[1][1].8.5\Unlocker\UnlockerAssistant.exe"> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<asktaoUpdate><C:\WINDOWS\System32\wdsys.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"D:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
<uninsrest><C:\DOCUME~1\lenovo\LOCALS~1\Temp\uninrest.exe> []
<360safeuninst><C:\DOCUME~1\lenovo\LOCALS~1\Temp\REMOVE~1.BAT> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows XP Publisher]
<SysTray><C:\WINDOWS\System32\st
object.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
<N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Herosoft\HeroV8\豪杰多~1.SCR> [N/A]
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
laozhu88 - 2007-7-29 11:24:00
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Stopped/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mxdispdr / mxdispdr][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Lenovo L350 USB PC Camera / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
laozhu88 - 2007-7-29 11:24:00
==================================
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 220][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.1566 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\sxs.dll] [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 244][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpcli
laozhu88 - 2007-7-29 11:26:00
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1343 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.520.9030.0]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.1599 (xpsp2.040919-1003)]
[C:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 288][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SCESRV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1.2600.1734 (xpsp2.050822-1657)]
[C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\eventlog.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\netapi32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 300][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\LSASRV.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\SAMSRV.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\cryptdll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\msprivs.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\kerberos.dll] [Microsoft Corporation, 5.1.2600.1701 (xpsp2.050614-1532)]
[C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\netlogon.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\w32time.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\schannel.dll] [Microsoft Corporation, 5.1.2600.1347 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\wdigest.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\system32\setupapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\scecli.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\system32\OLE32.DLL] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\shell32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp2.0608
laozhu88 - 2007-7-29 11:28:00
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 456][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\userenv.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 480][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\cryptsvc.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\certcli.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[c:\windows\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[c:\windows\system32\ESENT.dll] [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)]
[c:\windows\system32\srsvc.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\POWRPROF.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[c:\windows\system32\wbem\wmisvc.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\wbem\wbemcomn.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\VSSAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\pchealth\helpctr\binaries\pchsvc.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[c:\windows\system32\dmserver.dll] [Microsoft Corp., 2600.0.503.0]
[c:\windows\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\es.dll] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\wbemcore.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\esscli.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\FastProx.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\wmiutils.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\repdrvfs.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\wmiprvsd.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\wbemess.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wbem\ncprov.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd.
laozhu88 - 2007-7-29 11:29:00
[PID: 712][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\System32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\System32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.1599 (xpsp2.040919-1003)]
[C:\WINDOWS\System32\themeui.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msutb.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\System32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ATL.DLL] [Microsoft Corporation, 3.00.9435]
[C:\WINDOWS\System32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\NETSHELL.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\credui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1479]
[C:\WINDOWS\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SXS.DLL] [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705)]
[C:\WINDOWS\System32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.1343 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\ODBC32.dll] [Microsoft Corporation, 3.520.9030.0]
[C:\WINDOWS\System32\odbcint.dll] [Microsoft Corporation, 3.520.7713.0]
[C:\WINDOWS\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\System32\shdoclc.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[D:\shadu gongju\unlocker1[1][1].8.5\Unlocker\UnlockerCOM.dll] [N/A, ]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\System32\zipfldr.dll] [Microsoft Corporation, 6.00.2800.1584 (xpsp2.040720-1705)]
[C:\WINDOWS\System32\actxprxy.dll] [Microsoft Corporation, 6.00.2600.0000 (XPClient.010817-1148)]
[C:\WINDOWS\System32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MLANG.DLL] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091]
[C:\WINDOWS\System32\mydocs.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[PID: 844][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\System32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\System32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\System32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
laozhu88 - 2007-7-29 11:36:00
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.1599 (xpsp2.040919-1003)]
[C:\WINDOWS\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1479]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\shdoclc.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\mlang.dll] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wsock32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\mshtml.dll] [Microsoft Corporation, 6.00.2800.1479]
[C:\WINDOWS\System32\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rasman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rtutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\SXS.DLL] [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705)]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\System32\jscript.dll] [Microsoft Corporation, 5.6.0.6626]
[C:\WINDOWS\System32\iepeers.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSLS31.DLL] [Microsoft Corporation, 3.10.349.0]
[C:\WINDOWS\System32\mshtmled.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\imgutil.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 856][C:\WINDOWS\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[PID: 904][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSUTB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\uxtheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
laozhu88 - 2007-7-29 11:36:00
[PID: 1096][D:\shadu gongju\orangeaug.com] [Beijing Rising Tech. Co., Ltd., 1, 7, 0, 2]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\system32\MSVCRT.DLL] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\System32\shdocvw.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\Psapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 656][RsHide] [N/A, ]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\System32\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\MSVCRT.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\System32\WSOCK32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MFC42LOC.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\perfproc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
laozhu88 - 2007-7-29 11:37:00
[PID: 600][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\IMM32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[PID: 932][D:\shadu gongju\MagistrKiller.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 2]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\System32\shdocvw.dll] [Microsoft Corporation, 6.00.2800.1892 (xpsp2.060829-0020)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\appHelp.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1720][RsHide] [N/A, ]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\System32\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\MSVCRT.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MFC42LOC.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\msagent\agentmpx.dll] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\System32\SXS.DLL] [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
Enao2005 - 2007-7-29 11:37:00
删除注册表项目
<rundll32><C:\WINDOWS\System32\MSOSV.EXE> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<asktaoUpdate><C:\WINDOWS\System32\wdsys.exe> []
uninsrest><C:\DOCUME~1\lenovo\LOCALS~1\Temp\uninrest.exe> []
<360safeuninst><C:\DOCUME~1\lenovo\LOCALS~1\Temp\REMOVE~1.BAT> []
安全模式下删除
C:\WINDOWS\System32\MSOSV.EXE
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\TIMHost.dll
C:\WINDOWS\System32\wdsys.exe
c:\windows\system32\tempa.exe
c:\windows\system32\tempf.dat
c:\windows\system32\tempg.exe
清空C:\DOCUME~1\lenovo\LOCALS~1\Temp下所有文件
laozhu88 - 2007-7-29 11:37:00
[PID: 1740][RsHide] [N/A, ]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp2.060825-0038)]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.62]
[C:\WINDOWS\System32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.42]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\msagent\agentdp2.dll] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\System32\SXS.DLL] [Microsoft Corporation, 5.1.2600.1579 (xpsp2.040720-1705)]
[C:\WINDOWS\System32\winmm.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\msacm32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2020][D:\shadu gongju\备份\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\System32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\oledlg.dll] [Microsoft Corporation, 1.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 3.50.5016.0]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.1123 (xpsp2.020921-0842)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.1362 (xpsp2.040109-1800)]
[C:\WINDOWS\System32\WINMM.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1468]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\WINDOWS\System32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1211]
[C:\WINDOWS\System32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Secur32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\sfc.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[D:\shadu gongju\备份\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\System32\wsock32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\RASAPI32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rasman.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.1562 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\rtutils.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1479]
[C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.1886 (xpsp2.060816-0106)]
[C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.1863 (xpsp2.060626-0027)]
[C:\WINDOWS\System32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.1029 (xpsp1.020426-1800)]
[C:\WINDOWS\System32\Winsta.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\utildll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
laozhu88 - 2007-7-29 11:37:00
[PID: 304][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\ntdll.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.1869 (xpsp2.060704-0019)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1740 (xpsp2.050831-1533)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.1361 (xpsp2.040109-1800)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.1561 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.1634 (xpsp2.050301-1526)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2800.1873 (xpsp2.060713-0016)]
[C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0409.2600.1106 (xpsp1.020828-1920)]
[C:\DOCUME~1\lenovo\LOCALS~1\Temp\rsv6.tmp] [Beijing Rising Tech. Co., Ltd., 1, 2, 0, 5]
[C:\WINDOWS\System32\MSCTF.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\System32\msctfime.ime] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\ole32.dll] [Microsoft Corporation, 5.1.2600.1720 (xpsp2.050722-1526)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\Msimtf.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1096, D:\SHADU GONGJU\ORANGEAUG.COM]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1096, D:\SHADU GONGJU\ORANGEAUG.COM]
特殊特权被允许: SeDebugPrivilege [PID = 656, C:\WINDOWS\RSHIDE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 656, C:\WINDOWS\RSHIDE]
特殊特权被允许: SeDebugPrivilege [PID = 932, D:\SHADU GONGJU\MAGISTRKILLER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 932, D:\SHADU GONGJU\MAGISTRKILLER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1720, C:\WINDOWS\RSHIDE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1740, C:\WINDOWS\RSHIDE]
==================================
API HOOK
入口点错误:RegCreateKeyExA (危险等级: 高, 被下面模块所HOOK: 0x00DC1FE5)
入口点错误:RegCreateKeyExW (危险等级: 高, 被下面模块所HOOK: 0x00DC20B5)
入口点错误:Process32NextW (危险等级: 高, 被下面模块所HOOK: 0x00DC3835)
入口点错误:Module32FirstW (危险等级: 高, 被下面模块所HOOK: 0x00DC3905)
入口点错误:TerminateProcess (危险等级: 高, 被下面模块所HOOK: 0x00DC4055)
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00DC2185)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00DC2255)
入口点错误:FindWindowA (危险等级: 高, 被下面模块所HOOK: 0x00DC39D5)
入口点错误:FindWindowExA (危险等级: 高, 被下面模块所HOOK: 0x00DC3B75)
入口点错误:FindWindowExW (危险等级: 高, 被下面模块所HOOK: 0x00DC3C45)
入口点错误:FindWindowW (危险等级: 高, 被下面模块所HOOK: 0x00DC3AA5)
入口点错误:SendMessageA (危险等级: 高, 被下面模块所HOOK: 0x00DC3D15)
入口点错误:SendMessageW (危险等级: 高, 被下面模块所HOOK: 0x00DC3DE5)
==================================
隐藏进程
N/A
==================================
[/CODE]
Enao2005 - 2007-7-29 11:42:00
删除注册表项目
<rundll32><C:\WINDOWS\System32\MSOSV.EXE> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<asktaoUpdate><C:\WINDOWS\System32\wdsys.exe> []
uninsrest><C:\DOCUME~1\lenovo\LOCALS~1\Temp\uninrest.exe> []
<360safeuninst><C:\DOCUME~1\lenovo\LOCALS~1\Temp\REMOVE~1.BAT> []
安全模式下删除
C:\WINDOWS\System32\MSOSV.EXE
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\TIMHost.dll
c:\windows\system32\tempa.exe
c:\windows\system32\tempf.dat
c:\windows\system32\tempg.exe
清空><C:\DOCUME~1\lenovo\LOCALS~1\Temp\下所有文件
日志不全
Enao2005 - 2007-7-29 11:46:00
删除注册表项目
<rundll32><C:\WINDOWS\System32\MSOSV.EXE> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<asktaoUpdate><C:\WINDOWS\System32\wdsys.exe> []
uninsrest><C:\DOCUME~1\lenovo\LOCALS~1\Temp\uninrest.exe> []
<360safeuninst><C:\DOCUME~1\lenovo\LOCALS~1\Temp\REMOVE~1.BAT> []
安全模式下删除
C:\WINDOWS\System32\MSOSV.EXE
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\TIMHost.dll
c:\windows\system32\tempa.exe
c:\windows\system32\tempf.dat
c:\windows\system32\tempg.exe
清空><C:\DOCUME~1\lenovo\LOCALS~1\Temp\下所有文件
日志不全
1
© 2000 - 2026 Rising Corp. Ltd.