瑞星卡卡安全论坛
冰磊磊 - 2010-9-10 20:53:00
qq文件下会自己出来4个.EXE文件。
所有所有的运行程序都会弹出个方框 遇到问题关闭。或者是 应用程序错误。
以下是扫描报告
2010-09-10,20:41:10
System Repair Engineer 2.8.2.1321
Smallfrogs (
http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<miniqqlive><; "e:\Program Files\Tencent\QQLive\MiniQQLive.exe"> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CnsM.dll><; Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rundll32> [File is missing]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Windows Publisher]
<CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<FixCamera><; C:\WINDOWS\FixCamera.exe> []
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [File is missing]
<RfwMain><; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<runeip><; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<snp2std><; C:\WINDOWS\vsnp2std.exe> [Sonix]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<switch><; c:\windows\system32\壁纸自动换.exe> []
<tsnp2std><; C:\WINDOWS\tsnp2std.exe> []
<VModes><; VModes AttachToDesktop> [N/A]
<VTTimer><; VTTimer.exe> [S3 Graphics, Inc.]
<VTTrayp><; VTtrayp.exe> [S3 Graphics Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; TencentTraveler 4.0)
冰磊磊 - 2010-9-10 20:54:00
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<d:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Tencent Software Update Service / TSUSVC][Stopped/Auto Start]
<"C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe" -run><Tencent>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
<\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ocqhodk / ocqhodk][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ocqhodk.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[USB2.0 PC Camera (SNP2STD) / SNP2STD][Running/Manual Start]
<system32\DRIVERS\snp2sxp.sys><>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[kajkdwzfjown / kajkdwzfjown][Running/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq><N/A>
冰磊磊 - 2010-9-10 20:54:00
==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <E:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, 酷狗>
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <
http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <
http://www.ikaka.com/?u=RSTB, N/A>
[Submit Class]
{A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <E:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, N/A>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[QQPYChecker Class]
{5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <E:\Program Files\Tencent\QQPinyin\3.3.881.400\QQImeChecker.dll, (Signed) Tencent>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, N/A>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, 酷狗>
[]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.>
[]
{F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[VnetClinfo Control]
{FB303E8E-BCBC-4E76-BC72-8D3C16D2FF08} <C:\PROGRA~1\ChinaNet\VNETCL~1.OCX, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <, >
[]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <, >
[&使用超级旋风下载]
<E:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<E:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用KuGoo3下载(&K)]
<E:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
冰磊磊 - 2010-9-10 20:55:00
==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 604 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 800 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 876 / SYSTEM][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[d:\Program Files\Rising\Rav\LPK.DLL] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 932 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1068 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1116 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.60]
[D:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\PROGRAM FILES\RISING\RAV\USP10.dll] [N/A, ]
[D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[D:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.27]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24]
[D:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
[D:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[D:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[D:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[D:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[d:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
冰磊磊 - 2010-9-10 20:56:00
[D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[D:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[D:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
[D:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[D:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
[D:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
[D:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1172 / SYSTEM][d:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.65]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\Program Files\Rising\Rfw\USP10.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[d:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12]
[d:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41]
[d:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1352 / SYSTEM][d:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.29]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Rising\Rfw\USP10.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\Program Files\Rising\Rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1704 / SYSTEM][d:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Rising\Rfw\USP10.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1856 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9]
[D:\PROGRAM FILES\RISING\RAV\LPK.DLL] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1984 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 856 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 1036 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2632 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 3036 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 3424 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5348 / Administrator][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\LPK.DLL] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2600.0000]
[E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] [酷狗, 5.2.4.4]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 5588 / Administrator][d:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.48]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[d:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
[d:\Program Files\Rising\Rfw\USP10.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
冰磊磊 - 2010-9-10 20:56:00
[d:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[d:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[d:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[d:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[d:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7]
[d:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[d:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[d:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5732 / Administrator][D:\Program Files\幻灵游侠2.5\WG\newsys\zd\自动登陆.exe] [N/A, ]
[D:\Program Files\幻灵游侠2.5\WG\newsys\zd\LPK.DLL] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr] [, 1, 0, 0, 1]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\shell.fne] [N/A, ]
[D:\Program Files\幻灵游侠2.5\WG\newsys\zd\AES.DLL] [N/A, ]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[D:\新建文件夹\变速齿轮\GearNtKe.dll] [N/A, ]
[PID: 5288 / Administrator][C:\WINDOWS\system32\dwwin.exe] [(Verified) Microsoft Corporation, 10.0.5815]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2716 / Administrator][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5012 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe] [N/A, ]
[C:\PROGRA~1\WinRAR\USP10.dll] [N/A, ]
[PID: 6932 / Administrator][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 8024 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe] [N/A, ]
[C:\PROGRA~1\WinRAR\USP10.dll] [N/A, ]
[PID: 4188 / Administrator][D:\Program Files\Tencent\TT\bin\TTraveler.exe] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTUtilWidget.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\LPK.DLL] [N/A, ]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[D:\Program Files\Tencent\TT\bin\PlatformWidget.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTMainFrame.dll] [Tencent, 4, 8, 0, 733]
[C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[D:\Program Files\Tencent\TT\bin\TTMBrowser.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTabMgr.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTStore.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTSkin.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTFilter.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\TTNetwork.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\bin\sqlite3.dll] [N/A, ]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[D:\Program Files\Tencent\TT\bin\TTPluginMng.dll] [Tencent, 4, 8, 0, 733]
[D:\Program Files\Tencent\TT\Plugins\3TTWeather\TTWeather.dll] [Tencent, 1.0.0.1]
[D:\Program Files\Tencent\TT\bin\FavoriteLogical.dll] [Tencent, 4, 8, 0, 733]
[C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll] [Beijing eChannels Century Technology Co.,Ltd, 3, 0, 0, 0]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOAxCtrlForPTLogin.dll] [, 1, 0, 1, 4]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.2.1.6]
[C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL] [Tencent, 1.2.1.5]
[C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx] [Adobe Systems, Inc., 10,1,82,76]
[E:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll] [Tencent, 3, 2, 165, 710]
[E:\PROGRA~1\Tencent\QQ\Bin\CPHelper.dll] [Tencent, 1, 48, 1700, 0]
[E:\PROGRA~1\Tencent\QQ\Bin\Common.dll] [Tencent, 1, 48, 1690, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[E:\PROGRA~1\Tencent\QQ\Bin\GF.dll] [Tencent, 1, 48, 1690, 0]
[E:\PROGRA~1\Tencent\QQ\Bin\xGraphic32.dll] [Tencent, 1, 48, 1690, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\WINDOWS\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[D:\Program Files\Tencent\TT\bin\TSupport.dll] [TENCENT Inc., 1, 2, 11, 201]
[PID: 7888 / Administrator][C:\WINDOWS\system32\dwwin.exe] [(Verified) Microsoft Corporation, 10.0.5815]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\新建文件夹\变速齿轮\GearNtKe.dll] [N/A, ]
[PID: 2140 / Administrator][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\新建文件夹\变速齿轮\GearNtKe.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5400 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe] [N/A, ]
[C:\PROGRA~1\WinRAR\LPK.DLL] [N/A, ]
[D:\新建文件夹\变速齿轮\GearNtKe.dll] [N/A, ]
[PID: 7004 / Administrator][C:\WINDOWS\system32\dwwin.exe] [(Verified) Microsoft Corporation, 10.0.5815]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\新建文件夹\变速齿轮\GearNtKe.dll] [N/A, ]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
冰磊磊 - 2010-9-10 20:56:00
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2620 / Administrator][D:\TDDownload\新建文件夹\SReng2.8.2.1321版\运行助手.exe] [, 1, 0, 0, 1]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 6352 / Administrator][D:\TDDownload\新建文件夹\SReng2.8.2.1321版\sr-engldr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\TDDownload\新建文件夹\SReng2.8.2.1321版\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 7236 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 10188 / Administrator][C:\WINDOWS\system32\cmd.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10]
[d:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 10224 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe] [N/A, ]
[C:\PROGRA~1\WinRAR\LPK.DLL] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 5732, D:\PROGRAM FILES\幻灵游侠2.5\WG\NEWSYS\ZD\自动登陆.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5732, D:\PROGRAM FILES\幻灵游侠2.5\WG\NEWSYS\ZD\自动登陆.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 5012, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5012, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 8024, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 8024, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 5400, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5400, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2620, D:\TDDOWNLOAD\新建文件夹\SRENG2.8.2.1321版\运行助手.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2620, D:\TDDOWNLOAD\新建文件夹\SRENG2.8.2.1321版\运行助手.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 10224, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 10224, C:\PROGRA~1\WINRAR\RAR.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1,简体中文版
KB920342, Windows XP 更新程序 (KB920342)
KB941569, 用于附带 Windows Media Format Runtime 9.5 和 11 的 Windows XP 的安全更新程序 (KB941569) MS07-068
KB950760, 用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB950760) MS08-032
KB950762, Windows XP 安全更新程序 (KB950762) MS08-036
KB951376, Microsoft XP 安全更新程序 (KB951376) MS08-030
KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB951748, Windows XP 安全更新程序 (KB951748) MS08-037
KB944338, Windows XP 安全更新程序 (KB944338) MS08-022
KB939683, 用于 Windows XP 的 Windows Media Player 11 更新程序 (KB939683)
KB952954, Windows XP 安全更新程序 (KB952954) MS08-046
KB950974, Microsoft XP 安全更新程序 (KB950974) MS08-049
KB952287, Windows XP 更新程序 (KB952287)
KB954154, Microsoft XP 安全更新程序 (KB954154) MS08-054
KB958644, Windows XP 安全更新程序 (KB958644) MS08-067
KB955069, Windows XP 安全更新程序 (KB955069) MS08-069
KB956802, Windows XP 安全更新程序 (KB956802) MS08-071
KB956803, Windows XP 安全更新程序 (KB956803) MS08-066
KB960225, Windows XP 安全更新程序 (KB960225) MS09-007
KB967715, Windows XP 更新程序 (KB967715)
KB909520, Microsoft 基本智能卡加密服务提供程序包: x86 (KB909520)
KB923561, Windows XP 安全更新程序 (KB923561) MS09-010
KB956572, Windows XP 安全更新程序 (KB956572) MS09-012
KB952004, Windows XP 安全更新程序 (KB952004) MS09-012
KB960803, Windows XP 安全更新程序 (KB960803) MS09-013
KB959426, Windows XP 安全更新程序 (KB959426) MS09-015
KB936929, Windows XP Service Pack 3 (KB936929)
KB961501, Windows XP 安全更新程序 (KB961501) MS09-022
KB970238, Windows XP 安全更新程序 (KB970238) MS09-026
KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB971032, Windows XP 安全更新程序 (KB971032) MS09-040
KB973540, Windows XP Service Pack 2 安全更新程序 (KB973540) MS09-037
KB973869, Windows XP 安全更新程序 (KB973869) MS09-037
KB958470, Windows XP 安全更新程序 (KB958470) MS09-044
KB973507, Windows XP 安全更新程序 (KB973507) MS09-037
KB960859, Windows XP 安全更新程序 (KB960859) MS09-042
KB973815, Windows XP 安全更新程序 (KB973815) MS09-037
KB971657, Windows XP 安全更新程序 (KB971657) MS09-041
KB944036, 用于 Windows XP 的 Internet Explorer 8
KB956844, Windows XP 安全更新程序 (KB956844) MS09-046
KB971961, 用于 Windows XP 的 Jscript 5.6 的安全更新程序 (KB971961) MS09-045
KB954155, 用于 Windows XP SP 2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB954155) MS09-051
KB975025, Windows XP 安全更新程序 (KB975025) MS09-051
KB974571, Windows XP 安全更新程序 (KB974571) MS09-056
KB974112, Windows XP 安全更新程序 (KB974112) MS09-052
KB958869, Windows XP 安全更新程序 (KB958869) MS09-062
KB969059, Windows XP 安全更新程序 (KB969059) MS09-057
KB968389, Windows XP 更新程序 (KB968389)
KB973687, Windows XP 更新程序 (KB973687)
KB952069, Windows XP Service Pack 2 安全更新程序 (KB952069) MS08-076
KB974318, Windows XP 安全更新程序 (KB974318) MS09-071
KB974392, Windows XP 安全更新程序 (KB974392) MS09-069
KB955759, Windows XP 更新程序 (KB955759)
KB973904, Windows XP 安全更新程序 (KB973904) MS09-073
KB972270, Windows XP 安全更新程序 (KB972270) MS10-001
KB975713, Windows XP 安全更新程序 (KB975713) MS10-007
KB978037, Windows XP 安全更新程序 (KB978037) MS10-011
KB975560, Windows XP 安全更新程序 (KB975560) MS10-013
KB977914, Windows XP 安全更新程序 (KB977914) MS10-013
KB971468, Windows XP 安全更新程序 (KB971468) MS10-012
KB978706, Windows XP 安全更新程序 (KB978706) MS10-005
KB980232, Windows XP 安全更新程序 (KB980232) MS10-020
KB977816, Windows XP 安全更新程序 (KB977816) MS10-026
KB981350, Windows XP 安全更新程序 (KB981350) MS10-022
KB979309, Windows XP 安全更新程序 (KB979309) MS10-019
KB978338, Windows XP 安全更新程序 (KB978338) MS10-029
KB979683, Windows XP 安全更新程序 (KB979683) MS10-021
KB978601, Windows XP 安全更新程序 (KB978601) MS10-019
KB978542, Windows XP 安全更新程序 (KB978542) MS10-030
KB981793, Windows XP 更新程序 (KB981793)
KB931125, 根证书更新程序 [2010 年 5 月] (KB931125)
KB980218, Windows XP 安全更新程序 (KB980218) MS10-037
KB978695, 用于 Windows XP SP2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB978695) MS10-033
KB980195, 用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB980195) MS10-034
KB979482, Windows XP 安全更新程序 (KB979482) MS10-033
KB975562, Windows XP 安全更新程序 (KB975562) MS10-033
KB979559, Windows XP 安全更新程序 (KB979559) MS10-032
KB982381, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB982381) MS10-035
KB2229593, Windows XP 安全更新程序 (KB2229593) MS10-042
KB890830, Windows 恶意软件删除工具 - 2010 年 8 月 (KB890830)
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00E4212D)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00E42215)
==================================
隐藏进程
N/A
==================================
快乐未来雨 - 2010-9-10 21:09:00
~用附件工具搞下~
附注:用暴力删除器把C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq干掉
~处理后,再重新扫份日志上来~
附件:
lpkKiller.rar
冰磊磊 - 2010-9-10 21:26:00
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq
找不到啊
快乐未来雨 - 2010-9-10 21:28:00
~那个附件工具给你电脑处理的怎么样了?如果处理了,就扫份新日志上来~
冰磊磊 - 2010-9-10 21:41:00
我正在用你说的那个东西全盘扫描。一点开那个玩意就说 系统中毒。
快乐未来雨 - 2010-9-10 21:47:00
~用我附件工具清理usp10.dll和lpk.dll,直到不出现他们为好~
~然后,用《windows清理助手》清理恶意软件~
~最后,用 辅助软件 清理垃圾文件和修复漏洞就行,你上网的习惯真不打好,电脑都成啥了~
~附注:你人品不行,用完人,问题处理了就不答话了~
~希望是第一次帮你,也是最后一次~
~好意:如果,usp10.dll和lpk.dll还处理不好,就用<dll免疫工具>免疫一哈他们就行了,再的步骤还和上面一样~
冰磊磊 - 2010-9-10 22:16:00
我刚 在扫描 压根就不能动了。什么东西开一下就被强制关闭。我是用了一个 游戏守望者 就看着问题出来了。
你给我说的扫描。现在只扫到D盘。还有 4个盘
冰磊磊 - 2010-9-10 22:18:00
到现在 还是这样。。。。还没弄好。我准备挂一个通宵扫描。
1
© 2000 - 2025 Rising Corp. Ltd.