【求助】电脑中毒了!!!救命呀 bbs.ikaka.com

xiaomi312 - 2007-8-23 22:00:00

Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

xiaomi312 - 2007-8-23 22:02:00

进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1840, G:\瑞星\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1840, G:\瑞星\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1840, G:\瑞星\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1196, D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1196, D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1196, D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3432, G:\瑞星\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3432, G:\瑞星\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3432, G:\瑞星\RISING\RAV\RSAGENT.EXE]

xiaomi312 - 2007-8-23 22:03:00

API HOOK
入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F000031)
隐藏进程
N/A

==================================
/CODE]
终于完了！请高手帮忙看看~救救我的电脑！也救救我吧``

xiaomi312 - 2007-8-23 23:19:00

斑竹大哥帮帮忙~~~`

54CN - 2007-8-24 11:50:00

同是天涯伦落人!估计跟我电脑上中的东西一样,什么杀木马(杀客,清道夫,AVGAnti-Spyware等)的都度试过,都还在!病毒名跟楼主的一样,用瑞星查杀完,可以看已清除病毒,但是会提示关机,重新开机会这鬼东西还在,现在不知道怎么办呢?
希望斑斑帮忙!!!
还有就是楼主加一下我的QQ314008035,谁先有解决的方法就告诉对方!

Enao2005 - 2007-8-24 12:11:00

将下面的文件重命名,然后进入安全模式
D:\WINDOWS\System32\qjfpri.dll
D:\WINDOWS\System32\qhepri.dll
D:\WINDOWS\System32\wlfpri.dll
D:\WINDOWS\System32\tlupri.dll
D:\WINDOWS\System32\msyasd.dll

安全模式下操作如下:
删除下面文件
D:\WINDOWS\System32\qjfpri.dll
D:\WINDOWS\System32\qhepri.dll
D:\WINDOWS\System32\wlfpri.dll
D:\WINDOWS\System32\tlupri.dll
D:\WINDOWS\System32\msyasd.dll
D:\WINDOWS\System32\LYMANGR.DLL
D:\WINDOWS\System32\TIMHost.dll
D:\WINDOWS\System32\msyasd.exe

编辑<AppInit_DLLs>内容为空即删除<qjfpri.dll>

删除注册表项目
<TIMHost><D:\WINDOWS\TIMHost.exe> []
<MSDEG32><LYLoader.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<{3182C1EB-375C-573D-1F5E-234552345213}><D:\WINDOWS\System32\wlfpri.dll> []
<{A12BC423-3713-224D-3F55-32B35C62B11A}><D:\WINDOWS\System32\tlupri.dll> []
<{56368135-64FA-BC34-DA32-DCF4FD431C95}><D:\WINDOWS\System32\qhepri.dll> []
<{64123FF1-8371-9834-9021-184518451FA6}><D:\WINDOWS\System32\qjfpri.dll> []

删除服务
[IE Security Service / msyasd][Stopped/Auto Start]
<D:\WINDOWS\System32\msyasd.exe><N/A>

xiaomi312 - 2007-8-24 13:28:00

重命名成什么呢？

xiaomi312 - 2007-8-24 14:03:00

找不出
D:\WINDOWS\System32\tlupri.dll
D:\WINDOWS\System32\msyasd.dll

xiaomi312 - 2007-8-24 14:29:00

系统无法进入安全模式啊！哭。。。

wshchchmmm - 2007-8-24 14:33:00

到http://www.kztechs.com/sreng/download.html下载sreng，
用sreng-点启动项目－点服务－点win32服务应用程序-勾选隐藏已认证的微软项目-选中下列服务:将以下项删除：(如果删不掉，就设置类型为disabled!)
O23 - 未知 - Service: flxl [Vsn flxl Service] - C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\lrar\syhy.dll,Service - (not running)
O23 - 未知 - Service: ykaije [ykaije] - C:\PROGRA~1\lkaije\lkaije.dll - (not running)

删除相应的文件
杀软扫毒，杀不掉的跟贴重新扫描360报告
　或看此帖　找老苏的那个解决办法　在３楼
http://bbs.360safe.com/viewthread.php?tid=175761&extra=page%3D2

xiaomi312 - 2007-8-24 15:29:00

刚才照35楼的意见~删掉几个文件~一些还是删不掉~
Q可以上了~~但之前的登陆地点是在别的城市~
D:\WINDOWS\System32\tlupri.dll
D:\WINDOWS\System32\msyasd.exe
这两个找不到
这个删不了
D:\WINDOWS\System32\TIMHost.dll

还有这个也删不了
<{A12BC423-3713-224D-3F55-32B35C62B11A}><D:\WINDOWS\System32\tlupri.dll> []
<{56368135-64FA-BC34-DA32-DCF4FD431C95}><D:\WINDOWS\System32\qhepri.dll> []
编辑<AppInit_DLLs>内容为空即删除<qjfpri.dll>
这个也根本删不了！哎！这个大毒包！！
我在试试
第39楼
wshchchmmm 的方法！
谢谢大家帮忙~一定要把他铲除！

erdfg - 2009-7-18 8:19:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<RavTray><"E:\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<runeip><"D:\Rising\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<nwiz><nwiz.exe /install> [(Verified)NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{9A21033C-BAD4-46D4-9A3D-45B62DBC66A3}]
<浏览器自定义设置><RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

erdfg - 2009-7-18 8:23:00

==================================
正在运行的进程
[PID: 656 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1016 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1040 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WgaLogon.dll] [, ]
[PID: 1084 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
[PID: 1096 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1284 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.8608]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.8608]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1384 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1524 / SYSTEM][E:\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[E:\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[E:\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[E:\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1556 / SYSTEM][D:\Rising\Rfw\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\Rising\Rfw\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[D:\Rising\Rfw\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1564 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1640 / SYSTEM][E:\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[E:\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[E:\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[E:\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[E:\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[E:\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
[E:\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1664 / SYSTEM][D:\Rising\Rfw\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[D:\Rising\Rfw\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\Rising\Rfw\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[D:\Rising\Rfw\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
[D:\Rising\Rfw\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1936 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1960 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 188 / SYSTEM][D:\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\Rising\Rfw\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Rising\Rfw\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[D:\Rising\Rfw\MonComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[D:\Rising\Rfw\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[D:\Rising\Rfw\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.89]
[D:\Rising\Rfw\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
[D:\Rising\Rfw\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
[D:\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
[D:\Rising\Rfw\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[D:\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
[D:\Rising\Rfw\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Rising\Rfw\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\Rising\Rfw\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\Rising\Rfw\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[D:\Rising\Rfw\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[D:\Rising\Rfw\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[D:\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[D:\Rising\Rfw\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Rising\Rfw\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 244 / SYSTEM][E:\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[E:\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[E:\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[E:\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[E:\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[E:\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
[E:\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[E:\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[E:\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[E:\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[E:\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[E:\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[E:\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[E:\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[E:\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[E:\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[E:\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
[E:\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[E:\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[E:\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
[E:\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[E:\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[E:\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[E:\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[E:\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[E:\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[E:\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
[E:\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[E:\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[E:\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[E:\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[E:\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[E:\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[E:\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[E:\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 51]
[E:\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[E:\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[E:\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[E:\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[E:\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[E:\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[E:\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[E:\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[E:\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[E:\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
[PID: 528 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

瑞星卡卡安全论坛