IE被劫持了,,,高手帮忙 bbs.ikaka.com

美女哦 - 2009-5-20 10:57:00

[
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTray><"d:\Program Files\Rising\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727; MAXTHON 2.0)

附件: SREngLOG.rar

美女哦 - 2009-5-20 10:57:00

==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<d:\Program Files\Rising\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]

美女哦 - 2009-5-20 10:58:00

<"d:\Program Files\Rising\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<d:\Program Files\Rising\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<d:\Program Files\Rising\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
==================================
驱动程序
[AMD Processor Driver / AmdK8][Stopped/System Start]
<system32\DRIVERS\AmdK8.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BC / BC][Running/Boot Start]
<\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[bootsafe / bootsafe][Running/Boot Start]
<\SystemRoot\system32\Drivers\bootsafe.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nvata / nvata][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RsProtect / RsProtect][Running/System Start]
<system32\drivers\RsPtect.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[STEC3 / STEC3][Running/Auto Start]
<\??\C:\WINDOWS\system32\STEC3.sys><AntiCracking>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
==================================
浏览器加载项
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
==================================
正在运行的进程
[PID: 608 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4213]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513]
[C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2543]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1008 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1164 / SYSTEM][d:\Program Files\Rising\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[d:\Program Files\Rising\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[d:\Program Files\Rising\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[d:\Program Files\Rising\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[C:\WINDOWS\system32\msxml3.dll] [Microsoft Corporation, 8.70.1104.0]
[PID: 1224 / SYSTEM][d:\Program Files\Rising\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[d:\Program Files\Rising\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\Program Files\Rising\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[d:\Program Files\Rising\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[d:\Program Files\Rising\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[PID: 1292 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1384 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1444 / SYSTEM][d:\Program Files\Rising\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[d:\Program Files\Rising\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Rising\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[d:\Program Files\Rising\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[d:\Program Files\Rising\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[d:\Program Files\Rising\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
[d:\Program Files\Rising\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[d:\Program Files\Rising\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[d:\Program Files\Rising\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[d:\Program Files\Rising\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[d:\Program Files\Rising\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[d:\Program Files\Rising\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[d:\Program Files\Rising\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[d:\Program Files\Rising\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[d:\Program Files\Rising\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[d:\Program Files\Rising\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[d:\Program Files\Rising\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
[d:\Program Files\Rising\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[d:\Program Files\Rising\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[d:\Program Files\Rising\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
[d:\Program Files\Rising\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[d:\Program Files\Rising\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[d:\Program Files\Rising\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[d:\Program Files\Rising\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[d:\Program Files\Rising\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
[d:\Program Files\Rising\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[d:\Program Files\Rising\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[d:\Program Files\Rising\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
[d:\Program Files\Rising\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[d:\Program Files\Rising\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[d:\Program Files\Rising\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1688 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll] [Advanced Micro Devices, Inc., 6.14.10.2001]
[C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamchs.dll] [Advanced Micro Devices, Inc., 6.14.10.2001]
[d:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\WINDOWS\system32\msxml3.dll] [Microsoft Corporation, 8.70.1104.0]
[C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)][C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 1744 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 1968 / SYSTEM][d:\Program Files\Rising\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[d:\Program Files\Rising\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
[d:\Program Files\Rising\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[d:\Program Files\Rising\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[d:\Program Files\Rising\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[C:\WINDOWS\system32\msxml3.dll] [Microsoft Corporation, 8.70.1104.0]
[PID: 136 / Administrator][D:\Program Files\Rising\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[D:\Program Files\Rising\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Rising\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[D:\Program Files\Rising\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[D:\Program Files\Rising\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[D:\Program Files\Rising\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[D:\Program Files\Rising\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[D:\Program Files\Rising\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[D:\Program Files\Rising\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]

美女哦 - 2009-5-20 10:58:00

[D:\Program Files\Rising\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Rising\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\Program Files\Rising\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[D:\Program Files\Rising\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[D:\Program Files\Rising\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
[D:\Program Files\Rising\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
[D:\Program Files\Rising\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
[D:\Program Files\Rising\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.1.2]
[D:\Program Files\Rising\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[D:\Program Files\Rising\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
[D:\Program Files\Rising\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[D:\Program Files\Rising\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 172 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 528 / SYSTEM][d:\Program Files\Rising\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Rising\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[d:\Program Files\Rising\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
[d:\Program Files\Rising\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[d:\Program Files\Rising\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
[d:\Program Files\Rising\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[d:\Program Files\Rising\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[d:\Program Files\Rising\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[d:\Program Files\Rising\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.46]
[d:\Program Files\Rising\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
[d:\Program Files\Rising\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[d:\Program Files\Rising\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[d:\Program Files\Rising\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[d:\Program Files\Rising\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[d:\Program Files\Rising\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38]
[d:\Program Files\Rising\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[d:\Program Files\Rising\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[d:\Program Files\Rising\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[d:\Program Files\Rising\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
[d:\Program Files\Rising\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[d:\Program Files\Rising\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[d:\Program Files\Rising\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[PID: 280 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 3412 / Administrator][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 3708 / Administrator][D:\Program Files\QQMusic2008\QQMusic.exe] [Tencent, 7, 19, 170, 202]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[D:\Program Files\QQMusic2008\QQMusicUI.dll] [Tencent, 7, 19, 170, 202]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[D:\Program Files\QQMusic2008\QQMusicSkin.dll] [, 3, 1, 103, 70]
[D:\Program Files\QQMusic2008\VBScript.dll] [Microsoft Corporation, 5.6.0.7426]
[D:\Program Files\QQMusic2008\QQMusicPlayer.dll] [Tencent, 1, 6, 55, 207]
[D:\Program Files\QQMusic2008\QQMediaPlayer.dll] [Tencent, 1, 6, 55, 207]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\QQMusic2008\CMInternet.dll] [TENCENT, 1, 4, 53, 205]
[C:\WINDOWS\system32\msxml3.dll] [Microsoft Corporation, 8.70.1104.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87]
[D:\Program Files\QQMusic2008\vqqsdl.dll] [Tencent Technology (Shenzhen) Company Limited, 3, 15, 160, 216]
[PID: 1928 / Administrator][D:\TDDOWNLOAD\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261]
[PID: 1536 / Administrator][D:\TDDOWNLOAD\SRE67e86b4.EXE] [Smallfrogs Studio, 2.7.1.1261]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================

瑞星卡卡安全论坛