这是我的日志记录，请千寻旅等大虾们帮我看看，谢谢 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛这是我的日志记录，请千寻旅等大虾们帮我看看，谢谢

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

这是我的日志记录，请千寻旅等大虾们帮我看看，谢谢

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:19 \| 只看楼主短消息资料字号：小中大 1楼这是我的日志记录，请千寻旅等大虾们帮我看看，谢谢 [CODE] 2007-09-20,16:00:39 System Repair Engineer 2.5.16.900 Emergency Scan Mode Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) 以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <RealUpdate><C:\Program Files\Common Files\update\svchost.exe> [] <svc><C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\sysnan.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <w><%SystemRoot%\WinRaR.exe> [N/A] <wm><%SystemRoot%\winlogor.exe> [N/A] <wl><%SystemRoot%\intent.exe> [N/A] <mm><%SystemRoot%\sourro.exe> [N/A] <zx><%SystemRoot%\winadr.exe> [N/A] <rx><%SystemRoot%\winnt.exe> [N/A] <aa><%SystemRoot%\SVchont.exe> [N/A] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <igfxtray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Publisher] <WangWang><"C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司] <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.] <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A] <ravztmon><C:\Program Files\NetMeeting\ravztmon.exe> [] <ravgjmon><C:\Program Files\NetMeeting\ravgjmon.exe> [N/A] <avpms><C:\Program Files\NetMeeting\avpms.exe> [] <avpdj><C:\Program Files\NetMeeting\avpdj.exe> [] <AVPSrv><C:\WINDOWS\AVPSrv.exe> [] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Science and Technology Corporation Limited] [用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 2007-09-21 13:14:39.780000000
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	分享到：

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:20 \| 只看楼主短消息资料字号：小中大 2楼 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <MSDEG32><LYLoader.exe> [] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDMG32><LYLoadmr.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><raqjapi.dll> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD] <{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins> [] <{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> [] <{2859245F-345D-BC13-AC4F-145D47DA34F2}><C:\WINDOWS\system32\avzxbmn.dll> [] <{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINDOWS\system32\avwlamn.dll> [] <{2C87A354-ABC3-DEDE-FF33-3213FD7447C2}><C:\WINDOWS\system32\kvdxbma.dll> [] <{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> [] <{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\system32\raqjapi.dll> [] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] <WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:20 \| 只看楼主短消息资料字号：小中大 3楼 ================================== 启动文件夹 [CAJViewer Preload] <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\CAJViewer Preload.lnk --> C:\PROGRA~1\TTKN\CAJVIE~1.0\CAJVIE~1.EXE [Tsinghua Tongfang Knowledge Network Technology(Beijing) Co., Ltd.]><N> [Microsoft Office] <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [Microsoft Corporation]><N> [服务管理器] <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~2\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N> ================================== 服务 [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation> [MSSQLSERVER / MSSQLSERVER][Running/Auto Start] <C:\PROGRA~1\MICROS~2\80\Tools\binn\sqlservr.exe><Microsoft Corporation> [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] <C:\PROGRA~1\MICROS~2\80\Tools\binn\sqlagent.exe><Microsoft Corporation> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:20 \| 只看楼主短消息资料字号：小中大 4楼 ================================== 驱动程序 [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [Conexant AMC Audio / CAMCAUD][Running/Manual Start] <system32\drivers\camc6aud.sys><Conexant Systems Inc.> [CAMCHALA / CAMCHALA][Running/Manual Start] <system32\drivers\camc6hal.sys><Conexant Systems Inc.> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd> [ialm / ialm][Running/Manual Start] <system32\DRIVERS\ialmnt5.sys><Intel Corporation> [Netgroup Packet Filter / NPF][Running/Manual Start] <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] <system32\DRIVERS\SynTP.sys><Synaptics, Inc.> [Rising Rfwbase Driver / RfwBase][Running/System Start] <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> ================================== 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitCometBeta0318\tools\BitCometBHO_1.1.3.12.dll, BitComet> [] {989D2FEB-5411-4565-8988-1DD2C5263377} <C:\WINDOWS\system32\SysInfo.dll, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, > [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, > [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD> [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitCometBeta0318\tools\BitCometBHO_1.1.3.12.dll, BitComet> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [] {989D2FEB-5411-4565-8988-1DD2C5263377} <C:\WINDOWS\system32\SysInfo.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [&使用BitComet下载] <res://C:\Program Files\BitCometBeta0318\BitComet.exe/AddLink.htm, N/A> [&使用BitComet下载全部链接] <res://C:\Program Files\BitCometBeta0318\BitComet.exe/AddAllLink.htm, N/A> [&使用BitComet下载本页视频] <res://C:\Program Files\BitCometBeta0318\BitComet.exe/AddVideo.htm, N/A> [&使用迅雷下载] <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下载全部链接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [添加到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:22 \| 只看楼主短消息资料字号：小中大 5楼 ================================== 正在运行的进程 [PID: 464 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 536 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 560 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [PID: 612 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 624 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 780 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 844 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 916 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 936 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 976 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 1044 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 1276 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 1444 / SYSTEM][C:\PROGRA~1\MICROS~2\80\Tools\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\PROGRA~1\MICROS~2\80\Tools\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00] [C:\PROGRA~1\MICROS~2\80\Tools\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.0194.00] [PID: 1592 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 1700 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0] [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.5512.0] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.5512.0] [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.5512.0] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.5512.0] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.5512.0] [PID: 1964 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 732 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:22 \| 只看楼主短消息资料字号：小中大 6楼 [PID: 1412 / Administrator][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 456 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.19] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [PID: 1936 / Administrator][C:\Program Files\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.92] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 72] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [PID: 1556 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.53] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.25] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.32] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [PID: 2316 / Administrator][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.7] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [PID: 2344 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:23 \| 只看楼主短消息资料字号：小中大 7楼 [PID: 2468 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 3204 / Administrator][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4363] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4363] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4363] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4363] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 3248 / Administrator][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4363] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4363] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 3344 / Administrator][C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE] [淘宝（中国）软件有限公司, 1, 9, 6, 1221] [C:\Program Files\淘宝网\淘宝旺旺\AliViewCtrl.dll] [vline, 1, 0, 0, 1] [C:\Program Files\淘宝网\淘宝旺旺\VLNetwork.dll] [, 1, 0, 0, 6] [C:\Program Files\淘宝网\淘宝旺旺\AliViewMedia.dll] [vline, 1, 0, 0, 1] [C:\Program Files\淘宝网\淘宝旺旺\VideoCAP.dll] [, 1, 0, 0, 4] [C:\Program Files\淘宝网\淘宝旺旺\VLAudio.dll] [, 1, 0, 0, 4] [C:\Program Files\淘宝网\淘宝旺旺\JsmShow.dll] [, 1, 0, 0, 3] [C:\Program Files\淘宝网\淘宝旺旺\ww_network.dll] [, 1, 0, 1, 18] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\Program Files\淘宝网\淘宝旺旺\Ali_Res.DLL] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll] [阿里软件（中国）有限公司, 1, 0, 0, 1] [C:\Program Files\淘宝网\淘宝旺旺\RichOne.dll] [淘宝(中国)软件有限公司, 1.0.0.1] [C:\Program Files\淘宝网\淘宝旺旺\TBProgress.dll] [淘宝(中国)软件有限公司, 1.0.0.1] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 3388 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.3.8 16Jun06] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.3.8 16Jun06] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\system32\rsmyapm.dll] [N/A, ] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.3.8 16Jun06] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 3536 / Administrator][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [PID: 3912 / Administrator][C:\WINDOWS\AVPSrv.exe] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [PID: 4016 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 1600 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\system32\kvdxbma.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [PID: 3236 / Administrator][C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\sysnan.exe] [, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\packet.dll] [CACE Technologies, 3, 1, 0, 27] [C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\WanPacket.dll] [CACE Technologies, 3, 1, 0, 27] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [PID: 3600 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [PID: 3900 / Administrator][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.21] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 69] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:23 \| 只看楼主短消息资料字号：小中大 8楼 [PID: 2304 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.38] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.31] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [PID: 2520 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.8] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [PID: 1852 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.20] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [PID: 3716 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62] [C:\Program Files\BitCometBeta0318\tools\BitCometBHO_1.1.3.12.dll] [BitComet, 20070312] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 716 / Administrator][C:\WINDOWS\system32\raqjatl.exe] [N/A, ] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [PID: 3892 / Administrator][C:\WINDOWS\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [PID: 184 / Administrator][E:\11\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\avzxbmn.dll] [N/A, ] [C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys] [N/A, ] [C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5091] [C:\WINDOWS\system32\avwlamn.dll] [N/A, ] [C:\WINDOWS\system32\raqjapi.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:	发表于： 2007-09-20 16:23 \| 只看楼主短消息资料字号：小中大 9楼 ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 MSAFD Tcpip [TCP/IP] C:\WINDOWS\system32\TcpIpDog0.dll(, N/A) MSAFD Tcpip [UDP/IP] C:\WINDOWS\system32\TcpIpDog0.dll(, N/A) MSAFD Tcpip [RAW/IP] C:\WINDOWS\system32\TcpIpDog0.dll(, N/A) RSVP UDP Service Provider C:\WINDOWS\system32\TcpIpDogR0.dll(, N/A) RSVP TCP Service Provider C:\WINDOWS\system32\TcpIpDogR0.dll(, N/A) ================================== Autorun.inf [E:\] [AutoRun] open=AutoRun.exe shellexecute=AutoRun.exe shell\打开(&O)\command=AutoRun.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 3344, C:\PROGRAM FILES\淘宝网\淘宝旺旺\WANGWANG.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3912, C:\WINDOWS\AVPSRV.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3912, C:\WINDOWS\AVPSRV.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3236, C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\TEMP\SYSNAN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 716, C:\WINDOWS\SYSTEM32\RAQJATL.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A [/CODE]
teiner 初生襁褓狮帖子:27 注册: 2007-09-20 来自:

千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:	发表于： 2007-09-20 17:10 \| 短消息资料字号：小中大 10楼注意：删除病毒可能会具有一定的危险性所以强烈建议操作前要把重要资料转移至非系统分区！打开sreng 启动项目注册表删除如下项目 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <RealUpdate><C:\Program Files\Common Files\update\svchost.exe> [] <svc><C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\sysnan.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <w><%SystemRoot%\WinRaR.exe> [N/A] <wm><%SystemRoot%\winlogor.exe> [N/A] <wl><%SystemRoot%\intent.exe> [N/A] <mm><%SystemRoot%\sourro.exe> [N/A] <zx><%SystemRoot%\winadr.exe> [N/A] <rx><%SystemRoot%\winnt.exe> [N/A] <aa><%SystemRoot%\SVchont.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <ravztmon><C:\Program Files\NetMeeting\ravztmon.exe> [] <ravgjmon><C:\Program Files\NetMeeting\ravgjmon.exe> [N/A] <avpms><C:\Program Files\NetMeeting\avpms.exe> [] <avpdj><C:\Program Files\NetMeeting\avpdj.exe> [] <AVPSrv><C:\WINDOWS\AVPSrv.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <MSDEG32><LYLoader.exe> [] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDMG32><LYLoadmr.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><raqjapi.dll> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins> [] <{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> [] <{2859245F-345D-BC13-AC4F-145D47DA34F2}><C:\WINDOWS\system32\avzxbmn.dll> [] <{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINDOWS\system32\avwlamn.dll> [] <{2C87A354-ABC3-DEDE-FF33-3213FD7447C2}><C:\WINDOWS\system32\kvdxbma.dll> [] <{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> [] <{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\system32\raqjapi.dll> [] 重启计算机进入安全模式下删除 <C:\Program Files\Common Files\update\svchost.exe> [] <svc><C:\DOCUME~1\ADMINI~1.FDC\LOCALS~1\Temp\sysnan.exe> [] <w><%SystemRoot%\WinRaR.exe> [N/A] <wm><%SystemRoot%\winlogor.exe> [N/A] <wl><%SystemRoot%\intent.exe> [N/A] <mm><%SystemRoot%\sourro.exe> [N/A] <zx><%SystemRoot%\winadr.exe> [N/A] <rx><%SystemRoot%\winnt.exe> [N/A] <aa><%SystemRoot%\SVchont.exe> [N/A] <ravztmon><C:\Program Files\NetMeeting\ravztmon.exe> [] <ravgjmon><C:\Program Files\NetMeeting\ravgjmon.exe> [N/A] <avpms><C:\Program Files\NetMeeting\avpms.exe> [] <avpdj><C:\Program Files\NetMeeting\avpdj.exe> [] <AVPSrv><C:\WINDOWS\AVPSrv.exe> [] <MSDEG32><LYLoader.exe> [] <MSDWG32><LYLoadbr.exe> [N/A] <MSDCG32 ><LYLeador.exe> [N/A] <MSDOG32><LYLoador.exe> [N/A] <MSDSG32><LYLoadar.exe> [N/A] <MSDMG32><LYLoadmr.exe> [N/A] <MSDHG32><LYLoadhr.exe> [N/A] <MSDQG32><LYLoadqr.exe> [N/A] <AppInit_DLLs><raqjapi.dll> [] <{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins> [] <{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> [] <{2859245F-345D-BC13-AC4F-145D47DA34F2}><C:\WINDOWS\system32\avzxbmn.dll> [] <{1960356A-458E-DE24-BD50-268F589A56A1}><C:\WINDOWS\system32\avwlamn.dll> [] <{2C87A354-ABC3-DEDE-FF33-3213FD7447C2}><C:\WINDOWS\system32\kvdxbma.dll> [] <{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> [] <{14783410-4F90-34A0-7820-3230ACD05F41}><C:\WINDOWS\system32\raqjapi.dll> [] [C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, ] [C:\WINDOWS\ifc222.dll] [N/A, ] [C:\WINDOWS\intenat.dll] [N/A, ] [C:\WINDOWS\system32\AVPSrv.dll] [N/A, ] [C:\WINDOWS\rx.dll] [N/A, ] [C:\WINDOWS\loger.dll] [N/A, ] [PID: 716 / Administrator][C:\WINDOWS\system32\raqjatl.exe] [N/A, ] 修复winsock 安全模式下删除 E:/ AutoRun.exe Autorun.inf
千寻旅社区嘉宾帖子:2910 注册: 2007-08-17 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT