为什么已升级到最新版瑞星,全盘杀毒提示无毒还会经常重启电脑【求助】

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:38 \| 只看楼主短消息资料字号：小中大 21楼浏览器加载项 [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank> [NavigatMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, > [] {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} <C:\Program Files\Common Files\goskdl.dll, N/A> [启动WEB迅雷] {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A> [金山快译(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, > [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINDOWS\system32\QQLiveInstaller.dll, > [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, > [HdwCode Control] {52A05F4B-9F0C-4752-BB78-9B6DFD2DE9D5} <C:\WINDOWS\DOWNLO~1\HdwCode.ocx, home> [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, > [Image Uploader Control] {6E5E167B-1566-4316-B27F-0DDAB3484CF7} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, Aurigma, Inc.> [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation> [WebThunder Browser Helper] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD> [WebThunder Class] {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, > [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [ctl4RA Class] {27984DB8-C851-439E-B625-81740482BE7C} <C:\WINDOWS\system32\PRINTC~1.DLL, INFOSEC Tech. corp> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [InfoSecNetSign Class] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [金山快译(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司> [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, > [Image Uploader Control] {6E5E167B-1566-4316-B27F-0DDAB3484CF7} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, Aurigma, Inc.> [Print Control] {86B838A2-E650-46BA-BB23-C5C113AE81D0} <C:\WINDOWS\system32\ZFMPrint06.dll, 尊网商通资讯科技有限公司> [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NavigatMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, > [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation> [] {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} <C:\Program Files\Common Files\goskdl.dll, N/A> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.> [ARMP Control] {D5CD69C4-F983-46E2-AF79-455E892729FA} <C:\PROGRA~1\uusee\ARMP.ocx, UUSEE> [UpdateC2 Control] {DC7094C6-8F61-42ED-AECE-63F5EEF647C5} <C:\PROGRA~1\uusee\updateC2.ocx, uusee.com> [PBActiveX40 Control] {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\PersonalBankMain.ocx, China Merchants Bank> [使用Web迅雷下载] <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A> [使用Web迅雷下载全部链接] <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A> [添加到QQ表情] <D:\qq\AddEmotion.htm, N/A> ==================================
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:40 \| 只看楼主短消息资料字号：小中大 22楼正在运行的进程 [PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 740 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 864 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 27] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 880 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1032 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1108 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1148 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.55] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.27] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.32] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [PID: 1336 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.8]
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:55 \| 只看楼主短消息资料字号：小中大 23楼 [PID: 1336 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.8] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1368 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.21] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1684 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1864 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1932 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 176 / Administrator][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.27] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 212 / Administrator][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1146] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 240 / Administrator][C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE] [Samsung Electronics Co., Ltd., Samsung Software Center., 3.01.359] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 248 / Administrator][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 3, 6, 227, 13] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 3, 6, 411, 13] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 256 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3275] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 264 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3]
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:56 \| 只看楼主短消息资料字号：小中大 24楼 [PID: 336 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.98] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 392 / Administrator][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 6, 1, 1001] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 1, 1001] [C:\Program Files\360safe\live.dll] [360safe.com, 1, 0, 1, 1020] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 552 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 2428 / SYSTEM][C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe] [, 1, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 2464 / Administrator][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe] [CIDC, 1, 0, 0, 12] [C:\WINDOWS\system32\HDIFD20B.dll] [CIDC., 1, 0, 17, 29] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 2484 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 3132 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1784 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\WINDOWS\system32\FREEIME.IME] [Delphi Fan Studio, 4.00.950] [PID: 3592 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.38] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.31] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 3196 / Administrator][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.7] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 3228 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3812 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 3296 / Administrator][E:\sreng\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 6, 1, 1001] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [E:\sreng\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ==================================
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:56 \| 只看楼主短消息资料字号：小中大 25楼文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 212, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 240, C:\PROGRAM FILES\SAMSUNG\SMARTHRU\PORTCTRL.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 248, C:\WINDOWS\VM303_STI.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 248, C:\WINDOWS\VM303_STI.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 256, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 256, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 392, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2464, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2464, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE] ================================== API HOOK 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x012D212D) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x012D2215) ================================== 隐藏进程 N/A ================================== [/CODE]
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:	发表于： 2007-10-23 14:57 \| 只看楼主短消息资料字号：小中大 26楼重发的过程中又重启了两次,终于发全了,真晕啊!
群英会斗病毒初生襁褓狮帖子:64 注册: 2007-09-02 来自:

tianxunmycool 叱咤花甲狮帖子:6674 注册: 2005-06-06 来自:博爱数字旗舰店	发表于： 2007-10-23 15:03 \| 短消息资料字号：小中大 27楼此病毒最近十分流行，究其原因就是大家不注意类似通过U盘传播的病毒的防护，拿来U盘（移动存储）设备就双击，导致病毒十分容易的通过U盘传播。关于此类U盘病毒的防范方法见第4楼此病毒的元凶为auto.exe 他是一个木马下载器。通过U盘等移动存储传播到你的电脑中以后，在%system32%下面生成一个随机8个字母和数字组合成的exe文件并同时生成随机8个字母和数字组合的dll,由winlogon控制插入几乎所有进程以上文件注册成一个服务，服务名为随机8位字母和数字组合的名称欲知详情请点击:http://forum.ikaka.com/topic.asp?board=28&artid=8362073
tianxunmycool 叱咤花甲狮帖子:6674 注册: 2005-06-06 来自:博爱数字旗舰店

初生襁褓狮

帖子:64
注册: 2007-09-02
来自:

发表于： 2007-10-23 15:14 | 只看楼主 短消息资料

字号：小中大 28楼

引用:

【tianxunmycool的贴子】此病毒最近十分流行，究其原因就是大家不注意类似通过U盘传播的病毒的防护，拿来U盘（移动存储）设备就双击，导致病毒十分容易的通过U盘传播。
关于此类U盘病毒的防范方法见第4楼

此病毒的元凶为auto.exe 他是一个木马下载器。通过U盘等移动存储传播到你的电脑中以后，在%system32%下面生成一个随机8个字母和数字组合成的exe文件
并同时生成随机8个字母和数字组合的dll,由winlogon控制插入几乎所有进程

以上文件注册成一个服务，服务名为随机8位字母和数字组合的名称
欲知详情请点击:
………………

大哥,你有没有帮我看日志啊,我中的不是这种病毒哦,根本就没有一个服务名为随机8位字母和数字组合,你所说的这种毒我以前是中过,我已知道怎么清除这种AOTO.EXE.

天月来了版主帖子:76904 注册: 2007-02-06 来自:	发表于： 2007-10-23 15:21 \| 短消息资料字号：小中大 29楼楼主电脑如果是带保的，就保修去吧。如果没保的，就找修理的弄吧。估计硬件异常了。你自己想折腾的话，可以GHOST备份一下你这个系统。然后重装系统看看，还老重启，就硬件问题了。一般来说，还是电源问题是主要的。去看看你那主板、内存条、处理器上灰尘多不多，清理清理吧。内存条也去插拔一下，擦擦金手指。
天月来了版主帖子:76904 注册: 2007-02-06 来自:

初生襁褓狮

帖子:64
注册: 2007-09-02
来自:

发表于： 2007-10-23 15:27 | 只看楼主 短消息资料

字号：小中大 30楼

引用:

【天月来了的贴子】楼主电脑如果是带保的，就保修去吧。

如果没保的，就找修理的弄吧。

估计硬件异常了。

你自己想折腾的话，可以GHOST备份一下你这个系统。

然后重装系统看看，还老重启，就硬件问题了。

一般来说，还是电源问题是主要的。

去看看你那主板、内存条、处理器上灰尘多不多，清理清理吧。

内存条也去插拔一下，擦擦金手指。

………………

你能确定日志没有问题的吗,如软件真没问题再去找人修理电脑硬件,因为电源换过一个新的还不到一年时间.

间的.

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 为什么已升级到最新版瑞星,全盘杀毒提示无毒还会经常重启电脑【求助】

为什么已升级到最新版瑞星,全盘杀毒提示无毒还会经常重启电脑【求助】

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛为什么已升级到最新版瑞星,全盘杀毒提示无毒还会经常重启电脑【求助】